You Knew This Vendor Would Hold Your Data Hostage. You Signed Anyway.
The vendor data hostage pattern is documented, predictable, and entirely preventable. Five contract clauses. Write them before you sign.
TL;DR
The vendor data hostage situation is not a surprise. It is a documented pattern, a known risk, and the subject of roughly seventeen articles before this one. It keeps happening because the contract that would prevent it does not get written at signing time, when everyone is optimistic and the account manager is still returning calls. Write the exit clause now. Five specific things, named, in the body of the agreement. If you are already in the situation, stop talking and start writing, get legal counsel early, and build your replacement in parallel.
The industry’s worst-kept secret
This is, by my count, at least the eighteenth piece written on vendor data hostage situations in the South African IT space in the past five years. I know this because I have read most of them. Possibly you have too. And yet here we are.
The pattern is not obscure. Vendors who do this are not operating in secret. The mechanic – sign-up, integration, dependency, exit, suddenly-discovered transfer fee – has been documented in conference talks, in contracts lawyers have been annotating for a decade, and in the kind of LinkedIn posts that get three hundred sad-face reactions and zero apparent effect on anyone’s signing behaviour.
Something about a new vendor relationship produces a specific optimism that survives all available evidence. This one will be different. The account manager is so responsive. The product genuinely solves the problem. The contract is “pretty standard.” And anyway, you will deal with the exit when you get there.
You are now there.
The shape it takes
It always rhymes. You signed up years ago because the vendor sat between you and something you needed: a CRM, a billing platform, a vertical SaaS, a managed service that processed your data on the way through. You stopped thinking about it because it worked. This is the correct response to software that works.
Then something changes. The vendor gets bought. Or finds itself short of cash. Or decides your market segment is not the future and begins managing you out through a series of small frictions: the renewal price doubles, the support queue stretches to two weeks, the export tool stops receiving maintenance around the same quarter the new enterprise tier launches.
Or you announce you are leaving. At this point the relationship, which has been warm and professional for years, transforms with remarkable speed. There is now a “transfer fee” that did not appear in the contract you signed. The T&Cs page has been updated – they notified you via clause 14.2, which permits amendments on thirty days’ notice posted to a portal you have not logged into since 2019. The account manager, who previously replied within the hour, is on leave for what turns out to be the exact duration of your notice period.
You ask for a clean export. They quote a five-figure “data services” engagement. You ask for the original contract. They send you the new one. You point out that you signed the old one. They point at clause 14.2.
Nothing here required a villain. It required a contract that permitted it.
Why it keeps happening to people who know better
This is the part I find genuinely baffling.
The businesses I see caught in these situations are not naive. The decision-makers involved have usually been in the industry long enough to have heard the stories. Some of them have been in this exact situation before, with a different vendor. And yet the exit clause was not in the agreement.
Four dynamics drive vendors toward the data-hostage position, and they are all entirely predictable.
Cashflow trouble is the most common. A vendor running tight quarters discovers that exit fees are effectively the most accessible revenue on the sheet. Customers who are already leaving have demonstrated their willingness to write cheques to make problems go away. That lever exists. It gets pulled.
Acquisition repricing is the tidy version. Private equity buys the vendor, models the install base, finds that some percentage of the customer base is price-insensitive at exit, and rewrites the T&Cs accordingly. Your account manager is as surprised as you are and about as useful.
Segment abandonment is the slow one. The vendor pivots upmarket. They are not kicking you out directly, but the renewal tripled, support slowed to a crawl, and the export tool has not been touched since the product manager who built it left eighteen months ago. You are being managed toward the door. Nobody will say this out loud.
And then there is plain hostility, which is the least common and the most unpleasant. You told them you were leaving. They decided the investment in keeping you happy was no longer justified. Tickets go unanswered. The export is “in the queue.” The queue does not appear to have a front.
The defence against all four situations is the same. It is just a contract.
What it costs
Real numbers, because the abstract version is easy to discount.
A services business with sixty staff and ten years of records typically loses two to three weeks of senior operator time reconstructing data from a broken export. The bookkeeper, the ops manager, and whoever knows the system best are all blocked on the same problem. That is R150,000 to R300,000 in staff time before anyone external has been called.
Add legal review: R20,000 to R40,000 if your attorney is reasonable. Add the “data services” fee the vendor is quoting: anywhere from R50,000 to several hundred thousand, depending on how well they have read you. Add business disruption: invoicing slips, new client onboarding stalls, two people quietly update their CVs.
The subscription that looked like R3,000 a month has become a seven-figure problem. The vendor did not do anything the contract prohibited.
The contract you should have written at the start
Five clauses. Named. In the body of the agreement, not a schedule.
The first names the export right plainly. The customer may, at any time and for any reason, request a complete export of all customer data in a documented, machine-readable format. Not “may request, subject to our reasonable judgement.” May. Full stop.
The second addresses exit fees. Exit at end of term costs nothing beyond fees already due. Exit mid-term costs the remainder of the term, capped. No data egress charge, no transfer service fee, no line items invented after notice is served.
The third sets a transfer SLA with an actual number in it. Fourteen days is generous. Thirty is the outside limit. If the deadline is missed, fees stop accruing and the vendor pays a daily penalty. “We will deliver it promptly” is not a clause. A number is a clause.
The fourth names the export format: “CSV with header rows matching the schema in Annex A” or “JSON conforming to the documented API shape.” Not “a format reasonably acceptable to the vendor.” What the vendor considers reasonable at exit will not match what you had in mind at signing.
The fifth requires mutual consent for T&Cs amendments. Strike the “we may amend at any time on thirty days’ notice” language. They will push back. Push harder.
If a vendor refuses all five, read that refusal carefully. It is a fairly accurate preview of how your exit will go.
When you are already in it
Prevention is no longer on the table. Five moves, in this order.
- Stop talking to the account manager. Start writing. Every request, every refusal, every quoted fee, by email, with timestamps. Verbal reassurances produce nothing in a dispute.
- Escalate formally. Ask, in writing, for the named director or compliance officer responsible for data handling. Most vendors have one. Most front-line staff will not volunteer the name. Ask formally and document the response.
- Get legal counsel involved early. A letter on attorney’s letterhead, citing the original contract and specific clauses, regularly produces an export that several months of polite emails could not. This is not adversarial posturing. It is how commercial disputes actually resolve.
- Consider the regulators. If you are being denied access to personal data of your staff or clients, POPIA engages in South Africa, GDPR in the EU and UK. A formal complaint to the Information Regulator costs nothing to file and tends to produce an interesting change in the vendor’s attitude to your ticket queue.
- Build in parallel. Assume the export will arrive late, broken, or not at all. Stand up the replacement from whatever sources you have: fresh data entry, screenshots, accountants’ records, customer-side copies. The vendor export is a bonus. It is not a plan.
What the other side looks like
OSH operates the opposite model, not as a policy statement but because we have cleaned up enough of these situations that the alternative struck us as professionally embarrassing.
Your Microsoft 365 tenant, your Google Workspace, your Bitdefender console: billed through us, registered to you. We are not the tenant owner. You can end the engagement in the morning and the tenant is still yours by lunch. Contracts are short, plain, and exit-friendly. Notice period is one month. Documented exit procedures live in the engagement document, not a schedule nobody reads until it is too late. The full argument is in Succession Planning for SMBs.
This is not generosity. It is what working with professionals looks like, once you have worked with someone who was not.
30-minute vendor exit readiness review
If you have a vendor relationship that has been sitting quietly at the back of your mind, book thirty minutes. We go through the current contract, identify the lock-in vectors, and write a one-page contingency plan. No upsell. No pressure. Either you have cover, or you do not, and you should know which before the relationship changes.
Talk to OSH professional services, or browse the full services list if you want to see what an exit-friendly engagement looks like before anything goes wrong.
The cautionary tale is very well documented by now. There is no reason to add your name to it.
