Differences Between Main Legal Policies

Written by John Lister (FreePrivacyPolicy Legal writer) and last updated on 18 June 2024.

Differences Between Main Legal Policies

Whether you are doing business, handling data or producing content, you may need to write a range of legal documents. It can be confusing to know which are necessary for your situation, which are simply beneficial to have, and what to put in the documents.

Here's what you need to know about all the main legal policies, what they aim to do, who needs them, why you should have them, and what content each will typically contain.

Use FreePrivacyPolicy.com to generate the necessary legal agreements for your website/app:

You check our Free Cookie Consent to start making your business legally compliant with the Cookies Directive in the EU.



Terms and Conditions Agreements

This section will look at what a Terms and Conditions agreement is, whether you legally need one, why you should have one, and what information one contains.

What is a Terms and Conditions Agreement?

A Terms and Conditions agreement is a set of legally binding rules that will apply to all interactions between you and your end users. It's a key part of your contract with your customer, alongside any specific details of the order such as what they are buying and the price.

Is a Terms and Conditions Agreement Legally Required?

No, you don't legally need a Terms and Conditions Agreement to do business, but having one is always a smart idea. It will do the following:

  • Let you decide the key terms for how you do business
  • Make it much easier to enforce any of the terms, for example if you have a dispute with customers
  • Give you and customers a single place to check the terms, avoiding confusion
  • Create credibility and authority by showing you have thought about how you will do business

Key Components of a Terms and Conditions Agreement

Because Terms and Conditions agreements aren't required by law, you have a lot of freedom about what to include. The following are some of the most commonly used sections and clauses.

Rules and Restrictions

This section is normally about restricting or banning actions. Common examples include:

  • Using your site or service to do something illegal
  • Harassing or harming other users
  • Doing something harmful to your website such as sharing malware
  • Breaching intellectual property rights
  • Giving access to unauthorized users

What to include can vary depending on the nature of your website. For example, CRISIL concentrates on some specific technical restrictions:

CRISIL Terms of Use: Restrictions clause

Payment Terms

This covers how payments work (regardless of the specific price or product). It can include: what payment methods you allow; when payment is due, what happens with late payments, what currencies you accept, how exchange rates are calculated and what fees apply.

Here's an example of a Terms and Conditions clause that sets out information on pricing including taxes, fees and duties:

Generic Terms and Conditions agreement Pricing clause

Refunds and Returns

This covers when you do (and don't) issue refunds and could include how to request a refund, how to return goods, what fees may apply, who pays for return delivery costs, processing timelines, return timeframes and exceptions (for example, no refunds for underwear or custom-made products).

Here's an example of a Returns clause that gives both general and specific refund rules:

Screenshot of generic return and refund clause

Disclaimers

This usually involves two main disclaimers. A limitation of liability is when you say you are not legally responsible for something, or limit your responsibility (for example to a fixed amount). A warranty disclaimer is when you make it clear you are not promising something, for example that a product will let a customer achieve a particular task.

Check the laws in your jurisdiction as you may not be allowed to limit some liabilities (eg for negligence) or disclaim some warranties (eg that a product works as advertised).

Here's how T-Mobile disclaims all warranties and reinforces this with specific examples:

T-Mobile Terms and Conditions: Warranties clause

Governing Law

This clause will set out key points that apply to legal disputes. Governing law is which state or country's law applies to your contract with the customer and any dispute. Jurisdiction (also called "venue") is which court system must hear any dispute. Dispute resolution says whether the customer must go through any alternative resolution process (such as arbitration) before bringing legal action and whether the outcome of this process is binding.

Here's an example of a clause that sets out the governing law and venue:

Generic Governing Laws and Venue clause

How to Display a Terms and Conditions Agreement

Always link to your Terms and Conditions agreement from your website's footer. You should also link it to order forms, order confirmation pages, checkouts and similar pages. Also link to the agreement whenever somebody is about to sign up for a user account on your website.

To make sure you can enforce a Terms and Conditions agreement, you'll need to get confirmation the user has read, understood and agreed to it. This is because it's a legal agreement between two parties.

The only way to be certain of this is to require them to give a positive signal before they can continue with the process. Use a clearly marked checkbox, toggle or other setting. Do not pre-tick the checkbox or set the toggle to "on" by default.

Sign In App requires the user to actively confirm they agree to its legal documents before they can start a free trial:

Sign in app with agree checkbox highlighted

Privacy Policies

This section will look at what a Privacy Policy is, whether you legally need one, why you should have one, and what information one contains.

What is a Privacy Policy?

A Privacy Policy sets out how you handle personal data, usually defined as any information about an identifiable individual.

Is a Privacy Policy Legally Required?

Many regions around the world have laws that require a disclosure of information about how personal data is used. These laws include but are in no way limited to:

  • The European Union's General Data Protection Regulation (GDPR)
  • Brazil's LGPD
  • Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
  • California's CCPA/CPRA

Almost all of these laws say you must provide information about your data handling. Some laws specifically require a dedicated Privacy Policy, and for some others, a Privacy Policy is the easiest way to make sure the legally required information is easy to access.

Key Components of a Privacy Policy

The specific legal requirements for a Privacy Policy vary between laws, but the following sections are commonly seen across all laws and Privacy Policies.

What Personal Data is Collected and How

Detail what types of personal information you collect and how you collect it. Be as specific as possible without being so detailed that it becomes unwieldy and difficult to follow.

Here's how Google gives specific examples of different activity it collects from users, including things like purchase activity, videos a user watches, and voice and audio information:

Google Privacy and Terms: Information collected excerpt

How the Collected Data is Used

Detail how you use the data you collect. Again, it's fine to give broad categories as long as you aren't misleading the reader.

Facebook uses links and dropdowns to find a balance between a concise overview of its data use and more detail for those who want to read it:

Facebook Privacy Policy: How we use information excerpt

When and Why You Share Data with Third Parties

This should cover when and why you share data with a third party. This includes selling it and sharing it without charge.

EBSCO outlines the recipients and reasons for sharing data:

EBSCO Privacy Policy: Third party sharing clause

How Long You Keep Personal Data

Detail how long you keep personal information before deleting it. If you don't have a fixed timescale, outline how you decide when to delete data.

Here's how AT&T explains its rationale:

ATT Privacy Notice: Data retention clause

What Rights Users Have

Detail the legal rights of the data subject (the person the data is about). These may vary depending on what laws apply, but common rights include to find out what data you store, to correct any errors and to ask you to delete their data.

Also set out how the data subject can exercise their rights.

Respondus sets out key rights:

Respondus Privacy Policy: User rights clause

How You Secure Data

Detail how you secure the data. You don't have to give specific detail (which could be counterproductive) but instead outline the types of measures you take.

Remember that securing means protecting the data not just against unauthorized access but also unauthorized modification or deletion.

The Department of the State uses a good mix of its broad approach and specific examples:

Dept of State Privacy Policy: Security clause

Your Contact Details

Give your identity and contact details, including the details for whoever is responsible for data protection in your business or organization if it's someone separate.

HubSpot gives a variety of contact methods:

HubSpot Privacy Policy: Data Protection Officer clause

How to Display a Privacy Policy

Make sure your Privacy Policy is always easy to find and read on your website. Many privacy laws require this. Even when this isn't the case, it's a good idea as it makes it easier to show you've acted in good faith.

Sears includes a link to its Privacy Policy in its footer menu:

Sears website footer with Privacy Policy link highlighted

Always make sure you link to the Privacy Policy at the point when somebody is about to submit personal data. For added protection you can require the user to give a positive indication that they've read the Privacy Policy and are thus making an informed choice to provide the data.

The Miami Herald links to its Privacy Policy when a user is about to submit an email address:

Miami Herald newsletter sign up form with Privacy Policy link highlighted

End User License Agreement (EULA)

This section will look at what an EULA is, whether you legally need one, why you should have one, and what information one contains.

What is an End User License Agreement?

An End User License Agreement (EULA) restricts how a customer can use software. A EULA's contents and format reflect the fact that software buyers aren't paying for a tangible product that they can "own" and instead are licensing the right to use it.

Is an End User License Agreement Legally Required?

Although there's no specific law requiring a EULA, you will need one if you want to sell software and have any control over how it's used. Without a EULA it will be difficult if not impossible to claim and enforce any rights or restrictions.

Key Components of an End User License Agreement

A EULA will normally cover the following key points:

License Details

This section should cover the fact you are licensing rather than selling the software outright. It should also cover the key terms of the license such as time limits, whether the customer can use it for commercial purposes and how many devices they can install and use it on.

Psyonix sets out what its license does and does not cover:

Psyonix EULA: Limited Use License clause

Restrictions on Use

This section should cover any key restrictions or banned actions you have that the customer or end user cannot engage in when using your site or service. This could include a ban on reverse engineering (accessing the software's source code) or using the software for illegal activities, just to name a few common ones.

Ubisoft gives a detailed list here of what the user shall not do:

Ubisoft EULA: Shall not clause

Warranty Disclaimers and Limits on Liability

This section will usually include a limitation of liability and warranty disclaimer, similar to that we described earlier for Terms and Conditions agreements.

Here's how Rockstar Games puts specific limits on its potential liability:

Rockstar Games Legal: Liability clause

Termination

Set out if and how you or the customer can terminate the license and the consequences for both sides.

Here's how TeamViewer sets out how termination works with its subscription license:

TeamViewer EULA: Termination clause

How to Display an End User License Agreement

Make certain the user can read the EULA before they start using the software. You can display or link to the EULA during the setup process.

Make sure the EULA is still accessible after installation, for example on your website.

Link11 includes a link to its EULA in its website footer:

Link11 website footer with EULA link highlighted

Cookies Policy

This section will look at what a Cookies Policy is, whether you legally need one, why you should have one, and what information one contains.

What is a Cookies Policy?

A Cookies Policy sets out what cookies you use, how and why you use them, and what happens with data you collect. Often the policy sets out categories of cookies used rather than listing every specific cookie.

Is a Cookies Policy Legally Required?

A Cookies Policy is not legally required.

In some cases, specifically in European Union countries, users have the right to give, refuse or withdraw consent for particular types of cookies. This consent should be meaningful and informed, so it's a very good idea to make sure people understand how you use cookies. A dedicated policy is the easiest way to give this information.

Key Components of a Cookies Policy

A Cookies Policy will cover three key areas.

Categories of Cookies Used

Define the different categories of cookies you use. This is important if you are giving users the choice to accept some cookies and reject overs. Common categories include essential/strictly necessary, functional, performance and marketing.

Accenture's Cookies Policy explains the different categories of cookie it issues:

Accenture Cookies Policy: Category clause

Data Collection

Tell users about the data you collect, why and how you use it, and whether you share it with third parties. Usually, you can do this on a category by category basis, though you may need to give specific details of any cookies that are an exception.

Automattic gives clear details of what data cookies collect and how it uses the data:

Automattic Cookie Policy excerpt

How Users Can Adjust Permissions

Let users know that they can adjust cookie preferences, and inform them about how to do so.

Qualcomm outlines how its policy on consent operates and how it may vary:

Qualcomm Cookies Policy: Choices clause

How to Display a Cookies Policy

Include a link to your Cookies Policy both within a cookie banner or cookie consent notice, and also in your website's footer.

Here's a cookies banner including a link to a Cookies Policy:

Generic cookie banner with cookie policy link highlighted

Disclaimer

This section will look at what a Disclaimer is, whether you legally need one, why you should have one, and what information one contains.

What is a Disclaimer?

A disclaimer is a statement that informs users of something important. It's commonly used in cases where people might make assumptions if you didn't use the disclaimer, and where these assumptions could change the choices they make.

Common disclaimer topics include financial information, commercial partnerships and advertising, medical or legal advice, and fair use. Depending on how extensive the disclaimer is, you could include it in a wider document (such as a Terms and Conditions agreement) or publish it as a standalone document.

Is a Disclaimer Legally Required?

This varies depending on the type of disclaimer. The main specific legal requirement is the Federal Trade Commission rule that you must have disclaimers for commercial partnerships. For most other types, you aren't legally required to have a disclaimer but having one will significantly reduce the risk of somebody taking legal action against you and of them winning a case.

In some cases, you may need a disclaimer to meet the terms of use of a service provider. For example, a third party platform could require its users to have a disclaimer for paid product placement, endorsement or sponsorships.

Key Types of Disclaimers

Disclaimers should cover the following key points.

Financial Information Disclaimer

This should make clear that you are not offering financial advice, and that investing carries financial risk. Note that the former point is suitable only for situations such as news reporting or blogging. It will be invalid (and misleading) if you are legally classed as offering financial advice.

Team Financial Group is clear that it is not providing financial advice:

Team Financial Group disclaimer

Commercial Partnership and Advertising Disclaimer

This should make it clear if you are receiving anything in return for mentioning a product or service. This could include:

  • A paid advertisement, product placement or endorsement
  • Cases where you have received a free product, including a review copy, even if you aren't actually paid any money
  • Affiliate links where you receive money if somebody clicks on the link or if they go on to make a purchase

You need this disclaimer even if you comment neutrally or negatively about the product. You should use this disclaimer even if you weren't required to mention the product as a condition of getting it free of charge.

OMG! Nails and Spa helps users identify affiliate links and explains the financial arrangement:

OMG Nails and Spa Affiliate disclaimer

You should make clear that your material (such as a web page or app content) is for informational purposes only and does not constitute medical or legal advice. It should also make clear you do not have a professional relationship with the reader.

Axia Women's Health uses a clear disclaimer:

Axia Womens Health: Medical Advice Disclaimer

Fair Use Disclaimer

This explains that you have used copyrighted material without permission and are relying on a fair use exemption (such as Section 107 of US copyright law.) It should justify why your use qualifies for the exemption, acknowledge the copyright holder, and warn readers not to breach copyright themselves.

WSIPC's disclaimer covers all the key points:

WSIPC Fair Use disclaimer

How to Display Disclaimers

The best way to display a disclaimer depends on the type of disclaimer and the context. If you have a Terms and Conditions agreement, you can include the disclaimer as a clause in the agreement. Make sure it's clearly labelled so readers can easily find it.

In other cases, the disclaimer should be as close as possible to the information to which it relates. This could be:

  • A post about a financial topic (financial disclaimer)
  • An article that uses copyrighted material (fair use disclaimer)
  • A review of a product you received free of charge (commercial partnership and advertising disclaimer)

If you have a lot of different web pages that come under the same disclaimer, you can either make a dedicated web page for the disclaimer or build it into your "legal" or "about" sections. Make sure every page on your site includes a clear link to the disclaimer.

Fort Worth Garden Club links to its Fair Use disclaimer from every page via its site footer:

Fort Worth Garden Club Fair Use Act disclaimer

She Knows SEO includes a brief affiliate disclaimer at the start of a relevant article:

She Knows SEO Affiliate disclaimer

Summary

A Terms and Conditions agreement sets out rights and responsibilities for you and your customers. It's not legally required but usually makes sense to have one.

A Privacy Policy details what data you collect and how you use it. Many parts of the world have privacy laws that directly or indirectly require a Privacy Policy.

An End User License Agreement sets out rights and restrictions for a software customer based on them licensing software rather than taking ownership of something. It's not legally required but not having one is a bad idea.

A Cookies Policy details the types of cookie you issue and the data you collect, and what rights users have regarding any of this.

A disclaimer limits your responsibility in a specific context. Different disclaimers could make clear you aren't offering financial, legal or medical advice, warn people that investing is risky, reveal any real or perceived conflicts of interests when you mention a product or service, or explain you are using copyrighted material under a fair use rule.