1. Limitation of liability
   Avoid unlimited or tiny caps. Target 12 to 24 months of fees. Carve-outs only for IP infringement, data breach, willful misconduct.

2. Indemnification
   Make it mutual. Define scopes clearly: IP, data breach caused by a party, bodily injury.

3. Warranties and remedies
   Do not accept “as is” only. Add uptime or performance promises and meaningful credits or fix or refund.

4. Confidentiality and data use
   Limit use to providing the service. No sale or profiling. Add deletion on request and breach notice timelines.

5. IP ownership
   You own bespoke deliverables. Vendor keeps background IP. Grant only narrow licenses.

6. Service levels
   Specify uptime, response, and restore times. Credits should not waive other remedies.

7. Payment and increases
   Aim for Net 30 to 45. Cap annual increases. Require 60 to 90 days notice.

8. Auto-renewal and termination
   Shorten notice windows. Allow termination for convenience with fair refunds on prepaid fees.

9. Security and audits
   Name standards like ISO 27001 or SOC 2. List subprocessors. Allow reasonable audit or report access.

10. Governing law and venue
    Choose home or neutral venue. Prefer mediation or arbitration before litigation.

11. Assignment and change of control
    Permit assignment for mergers or sale of business. Add consent not unreasonably withheld.

12. Unilateral changes
    Reject “we may update terms online.” Require notice and a right to reject or terminate.

Pro tip: Replace “industry standard” with specific reports or controls.