Home   Resources   Financial Guidelines   Clickwrap Agreements
Financial Affairs

Clickwrap Agreements

Purpose/Scope

Clickwrap agreements are specific to the use of One Cards. The clickwrap agreement requirements below are in addition to and not separate from the One Card Program financial guideline and do not replace or supersede existing One Card guidelines, rules and requirements or any other applicable UTSA policies.

Authority

University Guidelines

Table of Contents
  1. Overview
  2. Use of Clickwrap for Low Risk Services
  3. Higher Risk Services Prohibited

A. Overview

Definition: UTSA understands the prevalent use by contractors and vendors of clickwrap agreements, which are standard online terms and conditions that require a purchaser to click “accept” before the user can secure the contractor’s goods or services.

Delegated Authority: Only individuals with a written delegation of authority from the UTSA president may execute and deliver legally valid contracts on behalf of UTSA. However, this guideline permits certain limited use of clickwrap agreements for Low Risk Services.

Contract Validity: Although departments may use the One Card to secure and pay for Low Risk Services under this guideline, the clickwrap agreement itself may be invalid and unenforceable. If the requesting department desires to ensure validity of an applicable Low Risk Service clickwrap agreement secured via the One Card, the clickwrap agreement cannot be used. The department will need an agreement in negotiated form that includes required state and UT System provisions acceptable to UTSA. A purchase order will generally satisfy this requirement, as will a negotiated agreement that has been approved by the Business Contracts Office.

Risks: As a rule, the terms of clickwrap agreements are not advantageous to UTSA and will typically not address terms required due to UTSA’s status as a government agency and an institution of UT System. Clickwrap agreements are designed to be beneficial to the contractor and to cover a broad range of situations. Contractors are generally not open or even available to negotiate clickwrap agreements. Most clickwrap agreements involve a low dollar threshold, and the contractor is unwilling or unable to justify the transaction costs necessary to negotiate terms and conditions. Departments purchasing Low Risk Services involving a clickwrap agreement in accordance with this guideline must understand the scope of the purchase and must accept the possible business risks, including paying for any damages and legal costs that may occur because of the purchase.

Risk versus Efficiency: Although clickwrap agreements pose business risks, UTSA understands that efficiency needs may sometimes require purchasing goods or services involving a clickwrap agreement. Balancing various risk versus efficiency factors, UTSA permits certain limited use of clickwrap agreements for Low Risk Services, as described below.

Top

B. Use of Clickwrap for Low Risk Services

One Card purchases to secure goods or services through use of a clickwrap agreement are acceptable only for very low risk purchases with a contract term not to exceed one (1) year and with a total value at or below $5,000 (i.e., Low Risk Services). Use of clickwrap agreements for Higher Risk Services, as defined below, is prohibited.

Note: As with all purchases, do not purchase from a prohibited vendor or country (see Restrictions in the One Card Program financial guideline). Departments must secure approval from the Office of Research Integrity prior to any purchases from a foreign entity.

Software

Purchases of software or information technologies or associated licenses or subscriptions are considered low risk if they meet all of the following criteria:

  1. Compliance: The software or information technology must comply with all applicable UTSA policies including OIS 49 – Standard for Cloud Computing (login required) and critical accessibility requirements under Texas Government Code Chapter 2054, Subchapter M.
  2. Data: The software or information technology must access/process/store only Category III – Published data (non-sensitive, non-confidential data that is generally of public record). The software or IT service must not access/process/store any Category I or Category II data. Category I and II data include any personally identifying information of students, employees and others. For information on data classification categories, refer to UTSA Handbook of Operating Procedures (HOP) 11.02 Data Owner or the Data Categorization Examples (login required). The software or information technology must not access/process/store any data that is subject to UTSA confidentiality obligations, or regulations or laws such as FERPA (the Family Educational Rights and Privacy Act) or ITAR (the International Traffic in Arms Regulations). The software or information technology must not facilitate the collection or distribution of money on behalf of the university.
  3. Impact: The software or information technology must not have data integration with Banner, Blackboard, Canvas or other university enterprise software system; must not have data integration with a system that accesses/processes/stores any Category I or II data and must not be essential to a university-wide service or function. 

Low Risk Service examples

  • A Facebook account for UTSA marketing purposes that only includes Category III data
  • Advertising, publishing, writing/translating/indexing or printing that only involves Category III data
  • Subscriptions and allowable memberships
  • Training workshops
Top

C. Higher Risk Services Prohibited

Higher Risk Services are purchases that involve any of the following aspects. These purchases are prohibited from being secured through a clickwrap agreement:

  1. Any access to or storage/management/processing of Category I or Category II data (for information on data classification categories, refer to the UTSA Handbook of Operating Procedures (HOP) 11.02 Data Owner or the Data Categorization Examples);
  2. Unsupervised interaction with students or any reasonable risks to students;
  3. Interaction with minors;
  4. Safety, health or medical matters;
  5. Risk to UTSA property;
  6. Modifications to UTSA property;
  7. Access to UTSA’s network;
  8. Solicitation on campus;
  9. Providing any UTSA intellectual property or any other aspects related to copyright or publication rights;
  10. Required use of the service by students;
  11. Processing, collection or storage of UTSA funds (for example, a payment processor or reseller);
  12. Providing the contracted entity with use of any UTSA trademarks, logos or related marks; or
  13. Any other aspect or service that could reasonably be determined to pose a significant risk to UTSA or the UTSA community.

Higher Risk Services must not be secured through clickwrap agreement(s) and must be secured through either a purchase order or a negotiated agreement approved by the Business Contracts Office.

 

Related Forms

None at this time.


Top

Revision History

Date Description
08/02/24 Substantive edits throughout to clarify requirements, refer to other UTSA policies and provide examples. Incorporated sections D and E into section A.