Whether you are doing business, handling data or producing content, you may need to write a range of legal documents. It can be confusing to know which are necessary for your situation, which are simply beneficial to have, and what to put in the documents.
Here's what you need to know about all the main legal policies, what they aim to do, who needs them, why you should have them, and what content each will typically contain.
Use FreePrivacyPolicy.com to generate the necessary legal agreements for your website/app:
- Free Privacy Policy Generator
- Free Terms and Conditions Generator
- Free Cookies Policy Generator
- Free Disclaimer Generator
- Free EULA Generator
- Free Return & Refund Policy Generator
You check our Free Cookie Consent to start making your business legally compliant with the Cookies Directive in the EU.
- 1. Terms and Conditions Agreements
- 1.1. What is a Terms and Conditions Agreement?
- 1.2. Is a Terms and Conditions Agreement Legally Required?
- 1.3. Key Components of a Terms and Conditions Agreement
- 1.3.1. Rules and Restrictions
- 1.3.2. Payment Terms
- 1.3.3. Refunds and Returns
- 1.3.4. Disclaimers
- 1.3.5. Governing Law
- 1.4. How to Display a Terms and Conditions Agreement
- 2. Privacy Policies
- 2.1. What is a Privacy Policy?
- 2.2. Is a Privacy Policy Legally Required?
- 2.3. Key Components of a Privacy Policy
- 2.3.1. What Personal Data is Collected and How
- 2.3.2. How the Collected Data is Used
- 2.3.3. When and Why You Share Data with Third Parties
- 2.3.4. How Long You Keep Personal Data
- 2.3.5. What Rights Users Have
- 2.3.6. How You Secure Data
- 2.3.7. Your Contact Details
- 2.4. How to Display a Privacy Policy
- 3. End User License Agreement (EULA)
- 3.1. What is an End User License Agreement?
- 3.2. Is an End User License Agreement Legally Required?
- 3.3. Key Components of an End User License Agreement
- 3.3.1. License Details
- 3.3.2. Restrictions on Use
- 3.3.3. Warranty Disclaimers and Limits on Liability
- 3.3.4. Termination
- 3.4. How to Display an End User License Agreement
- 4. Cookies Policy
- 4.1. What is a Cookies Policy?
- 4.2. Is a Cookies Policy Legally Required?
- 4.3. Key Components of a Cookies Policy
- 4.3.1. Categories of Cookies Used
- 4.3.2. Data Collection
- 4.3.3. How Users Can Adjust Permissions
- 4.4. How to Display a Cookies Policy
- 5. Disclaimer
- 5.1. What is a Disclaimer?
- 5.2. Is a Disclaimer Legally Required?
- 5.3. Key Types of Disclaimers
- 5.3.1. Financial Information Disclaimer
- 5.3.2. Commercial Partnership and Advertising Disclaimer
- 5.3.3. Medical or Legal Advice Disclaimer
- 5.3.4. Fair Use Disclaimer
- 5.4. How to Display Disclaimers
- 6. Summary
Terms and Conditions Agreements
This section will look at what a Terms and Conditions agreement is, whether you legally need one, why you should have one, and what information one contains.
What is a Terms and Conditions Agreement?
A Terms and Conditions agreement is a set of legally binding rules that will apply to all interactions between you and your end users. It's a key part of your contract with your customer, alongside any specific details of the order such as what they are buying and the price.
Is a Terms and Conditions Agreement Legally Required?
No, you don't legally need a Terms and Conditions Agreement to do business, but having one is always a smart idea. It will do the following:
- Let you decide the key terms for how you do business
- Make it much easier to enforce any of the terms, for example if you have a dispute with customers
- Give you and customers a single place to check the terms, avoiding confusion
- Create credibility and authority by showing you have thought about how you will do business
Key Components of a Terms and Conditions Agreement
Because Terms and Conditions agreements aren't required by law, you have a lot of freedom about what to include. The following are some of the most commonly used sections and clauses.
Rules and Restrictions
This section is normally about restricting or banning actions. Common examples include:
- Using your site or service to do something illegal
- Harassing or harming other users
- Doing something harmful to your website such as sharing malware
- Breaching intellectual property rights
- Giving access to unauthorized users
What to include can vary depending on the nature of your website. For example, CRISIL concentrates on some specific technical restrictions:
Payment Terms
This covers how payments work (regardless of the specific price or product). It can include: what payment methods you allow; when payment is due, what happens with late payments, what currencies you accept, how exchange rates are calculated and what fees apply.
Here's an example of a Terms and Conditions clause that sets out information on pricing including taxes, fees and duties:
Refunds and Returns
This covers when you do (and don't) issue refunds and could include how to request a refund, how to return goods, what fees may apply, who pays for return delivery costs, processing timelines, return timeframes and exceptions (for example, no refunds for underwear or custom-made products).
Here's an example of a Returns clause that gives both general and specific refund rules:
Disclaimers
This usually involves two main disclaimers. A limitation of liability is when you say you are not legally responsible for something, or limit your responsibility (for example to a fixed amount). A warranty disclaimer is when you make it clear you are not promising something, for example that a product will let a customer achieve a particular task.
Check the laws in your jurisdiction as you may not be allowed to limit some liabilities (eg for negligence) or disclaim some warranties (eg that a product works as advertised).
Here's how T-Mobile disclaims all warranties and reinforces this with specific examples:
Governing Law
This clause will set out key points that apply to legal disputes. Governing law is which state or country's law applies to your contract with the customer and any dispute. Jurisdiction (also called "venue") is which court system must hear any dispute. Dispute resolution says whether the customer must go through any alternative resolution process (such as arbitration) before bringing legal action and whether the outcome of this process is binding.
Here's an example of a clause that sets out the governing law and venue:
How to Display a Terms and Conditions Agreement
Always link to your Terms and Conditions agreement from your website's footer. You should also link it to order forms, order confirmation pages, checkouts and similar pages. Also link to the agreement whenever somebody is about to sign up for a user account on your website.
To make sure you can enforce a Terms and Conditions agreement, you'll need to get confirmation the user has read, understood and agreed to it. This is because it's a legal agreement between two parties.
The only way to be certain of this is to require them to give a positive signal before they can continue with the process. Use a clearly marked checkbox, toggle or other setting. Do not pre-tick the checkbox or set the toggle to "on" by default.
Sign In App requires the user to actively confirm they agree to its legal documents before they can start a free trial:
Privacy Policies
This section will look at what a Privacy Policy is, whether you legally need one, why you should have one, and what information one contains.
What is a Privacy Policy?
A Privacy Policy sets out how you handle personal data, usually defined as any information about an identifiable individual.
Is a Privacy Policy Legally Required?
Many regions around the world have laws that require a disclosure of information about how personal data is used. These laws include but are in no way limited to:
- The European Union's General Data Protection Regulation (GDPR)
- Brazil's LGPD
- Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
- California's CCPA/CPRA
Almost all of these laws say you must provide information about your data handling. Some laws specifically require a dedicated Privacy Policy, and for some others, a Privacy Policy is the easiest way to make sure the legally required information is easy to access.
Key Components of a Privacy Policy
The specific legal requirements for a Privacy Policy vary between laws, but the following sections are commonly seen across all laws and Privacy Policies.
What Personal Data is Collected and How
Detail what types of personal information you collect and how you collect it. Be as specific as possible without being so detailed that it becomes unwieldy and difficult to follow.
Here's how Google gives specific examples of different activity it collects from users, including things like purchase activity, videos a user watches, and voice and audio information:
How the Collected Data is Used
Detail how you use the data you collect. Again, it's fine to give broad categories as long as you aren't misleading the reader.
Facebook uses links and dropdowns to find a balance between a concise overview of its data use and more detail for those who want to read it:
When and Why You Share Data with Third Parties
This should cover when and why you share data with a third party. This includes selling it and sharing it without charge.
EBSCO outlines the recipients and reasons for sharing data:
How Long You Keep Personal Data
Detail how long you keep personal information before deleting it. If you don't have a fixed timescale, outline how you decide when to delete data.
Here's how AT&T explains its rationale:
What Rights Users Have
Detail the legal rights of the data subject (the person the data is about). These may vary depending on what laws apply, but common rights include to find out what data you store, to correct any errors and to ask you to delete their data.
Also set out how the data subject can exercise their rights.
Respondus sets out key rights:
How You Secure Data
Detail how you secure the data. You don't have to give specific detail (which could be counterproductive) but instead outline the types of measures you take.
Remember that securing means protecting the data not just against unauthorized access but also unauthorized modification or deletion.
The Department of the State uses a good mix of its broad approach and specific examples:
Your Contact Details
Give your identity and contact details, including the details for whoever is responsible for data protection in your business or organization if it's someone separate.
HubSpot gives a variety of contact methods:
How to Display a Privacy Policy
Make sure your Privacy Policy is always easy to find and read on your website. Many privacy laws require this. Even when this isn't the case, it's a good idea as it makes it easier to show you've acted in good faith.
Sears includes a link to its Privacy Policy in its footer menu:
Always make sure you link to the Privacy Policy at the point when somebody is about to submit personal data. For added protection you can require the user to give a positive indication that they've read the Privacy Policy and are thus making an informed choice to provide the data.
The Miami Herald links to its Privacy Policy when a user is about to submit an email address:
End User License Agreement (EULA)
This section will look at what an EULA is, whether you legally need one, why you should have one, and what information one contains.
What is an End User License Agreement?
An End User License Agreement (EULA) restricts how a customer can use software. A EULA's contents and format reflect the fact that software buyers aren't paying for a tangible product that they can "own" and instead are licensing the right to use it.
Is an End User License Agreement Legally Required?
Although there's no specific law requiring a EULA, you will need one if you want to sell software and have any control over how it's used. Without a EULA it will be difficult if not impossible to claim and enforce any rights or restrictions.
Key Components of an End User License Agreement
A EULA will normally cover the following key points:
License Details
This section should cover the fact you are licensing rather than selling the software outright. It should also cover the key terms of the license such as time limits, whether the customer can use it for commercial purposes and how many devices they can install and use it on.
Psyonix sets out what its license does and does not cover:
Restrictions on Use
This section should cover any key restrictions or banned actions you have that the customer or end user cannot engage in when using your site or service. This could include a ban on reverse engineering (accessing the software's source code) or using the software for illegal activities, just to name a few common ones.
Ubisoft gives a detailed list here of what the user shall not do:
Warranty Disclaimers and Limits on Liability
This section will usually include a limitation of liability and warranty disclaimer, similar to that we described earlier for Terms and Conditions agreements.
Here's how Rockstar Games puts specific limits on its potential liability:
Termination
Set out if and how you or the customer can terminate the license and the consequences for both sides.
Here's how TeamViewer sets out how termination works with its subscription license:
How to Display an End User License Agreement
Make certain the user can read the EULA before they start using the software. You can display or link to the EULA during the setup process.
Make sure the EULA is still accessible after installation, for example on your website.
Link11 includes a link to its EULA in its website footer:
Cookies Policy
This section will look at what a Cookies Policy is, whether you legally need one, why you should have one, and what information one contains.
What is a Cookies Policy?
A Cookies Policy sets out what cookies you use, how and why you use them, and what happens with data you collect. Often the policy sets out categories of cookies used rather than listing every specific cookie.
Is a Cookies Policy Legally Required?
A Cookies Policy is not legally required.
In some cases, specifically in European Union countries, users have the right to give, refuse or withdraw consent for particular types of cookies. This consent should be meaningful and informed, so it's a very good idea to make sure people understand how you use cookies. A dedicated policy is the easiest way to give this information.
Key Components of a Cookies Policy
A Cookies Policy will cover three key areas.
Categories of Cookies Used
Define the different categories of cookies you use. This is important if you are giving users the choice to accept some cookies and reject overs. Common categories include essential/strictly necessary, functional, performance and marketing.
Accenture's Cookies Policy explains the different categories of cookie it issues:
Data Collection
Tell users about the data you collect, why and how you use it, and whether you share it with third parties. Usually, you can do this on a category by category basis, though you may need to give specific details of any cookies that are an exception.
Automattic gives clear details of what data cookies collect and how it uses the data:
How Users Can Adjust Permissions
Let users know that they can adjust cookie preferences, and inform them about how to do so.
Qualcomm outlines how its policy on consent operates and how it may vary:
How to Display a Cookies Policy
Include a link to your Cookies Policy both within a cookie banner or cookie consent notice, and also in your website's footer.
Here's a cookies banner including a link to a Cookies Policy:
Disclaimer
This section will look at what a Disclaimer is, whether you legally need one, why you should have one, and what information one contains.
What is a Disclaimer?
A disclaimer is a statement that informs users of something important. It's commonly used in cases where people might make assumptions if you didn't use the disclaimer, and where these assumptions could change the choices they make.
Common disclaimer topics include financial information, commercial partnerships and advertising, medical or legal advice, and fair use. Depending on how extensive the disclaimer is, you could include it in a wider document (such as a Terms and Conditions agreement) or publish it as a standalone document.
Is a Disclaimer Legally Required?
This varies depending on the type of disclaimer. The main specific legal requirement is the Federal Trade Commission rule that you must have disclaimers for commercial partnerships. For most other types, you aren't legally required to have a disclaimer but having one will significantly reduce the risk of somebody taking legal action against you and of them winning a case.
In some cases, you may need a disclaimer to meet the terms of use of a service provider. For example, a third party platform could require its users to have a disclaimer for paid product placement, endorsement or sponsorships.
Key Types of Disclaimers
Disclaimers should cover the following key points.
Financial Information Disclaimer
This should make clear that you are not offering financial advice, and that investing carries financial risk. Note that the former point is suitable only for situations such as news reporting or blogging. It will be invalid (and misleading) if you are legally classed as offering financial advice.
Team Financial Group is clear that it is not providing financial advice:
Commercial Partnership and Advertising Disclaimer
This should make it clear if you are receiving anything in return for mentioning a product or service. This could include:
- A paid advertisement, product placement or endorsement
- Cases where you have received a free product, including a review copy, even if you aren't actually paid any money
- Affiliate links where you receive money if somebody clicks on the link or if they go on to make a purchase
You need this disclaimer even if you comment neutrally or negatively about the product. You should use this disclaimer even if you weren't required to mention the product as a condition of getting it free of charge.
OMG! Nails and Spa helps users identify affiliate links and explains the financial arrangement:
Medical or Legal Advice Disclaimer
You should make clear that your material (such as a web page or app content) is for informational purposes only and does not constitute medical or legal advice. It should also make clear you do not have a professional relationship with the reader.
Axia Women's Health uses a clear disclaimer:
Fair Use Disclaimer
This explains that you have used copyrighted material without permission and are relying on a fair use exemption (such as Section 107 of US copyright law.) It should justify why your use qualifies for the exemption, acknowledge the copyright holder, and warn readers not to breach copyright themselves.
WSIPC's disclaimer covers all the key points:
How to Display Disclaimers
The best way to display a disclaimer depends on the type of disclaimer and the context. If you have a Terms and Conditions agreement, you can include the disclaimer as a clause in the agreement. Make sure it's clearly labelled so readers can easily find it.
In other cases, the disclaimer should be as close as possible to the information to which it relates. This could be:
- A post about a financial topic (financial disclaimer)
- An article that uses copyrighted material (fair use disclaimer)
- A review of a product you received free of charge (commercial partnership and advertising disclaimer)
If you have a lot of different web pages that come under the same disclaimer, you can either make a dedicated web page for the disclaimer or build it into your "legal" or "about" sections. Make sure every page on your site includes a clear link to the disclaimer.
Fort Worth Garden Club links to its Fair Use disclaimer from every page via its site footer:
She Knows SEO includes a brief affiliate disclaimer at the start of a relevant article:
Summary
A Terms and Conditions agreement sets out rights and responsibilities for you and your customers. It's not legally required but usually makes sense to have one.
A Privacy Policy details what data you collect and how you use it. Many parts of the world have privacy laws that directly or indirectly require a Privacy Policy.
An End User License Agreement sets out rights and restrictions for a software customer based on them licensing software rather than taking ownership of something. It's not legally required but not having one is a bad idea.
A Cookies Policy details the types of cookie you issue and the data you collect, and what rights users have regarding any of this.
A disclaimer limits your responsibility in a specific context. Different disclaimers could make clear you aren't offering financial, legal or medical advice, warn people that investing is risky, reveal any real or perceived conflicts of interests when you mention a product or service, or explain you are using copyrighted material under a fair use rule.