Website Terms of Use and Privacy Policies: Your Questions Answered!

Website Terms of Use and Privacy Policies: Your Questions Answered!

Our clients have lots of questions about two related issues involving their business websites: Terms of Use and privacy policies. Here’s our breakdown of these common questions and what you need to know as the operator of a business website.

What’s the difference between a website’s Terms of Use and a Privacy Policy?

They serve two different purposes, and they’re usually two different documents on a website. A Privacy Policy is required by law for most websites, and also important to have so website operators don’t violate their agreements with third-party software tools. Here’s our much deeper dive into why a Privacy Policy is important for (almost all) websites.

A Terms of Use (“ToU”) is not legally required at all, but often makes sense. It’s a contract between a website’s operator and its visitors. You use it to secure your visitors’ agreement to the ways that you want them to use your site, manage expectations about how the site works, and more.

If a Terms of Use isn’t legally required, how do I know if I need one?

It depends what your website does. A lot of websites are really just a simple online marketing asset, a digital sales brochure, that does nothing more than list your services, provide biographical information about the company’s employees or founders, and provide contact info. For that type of website, there’s no need to have a ToU because there’s no relationship that you need to manage between you and your visitors. You’re just pushing out information.

A ToU becomes essential if you’re doing any of the following:

  • selling anything (goods or services) through the site. Now you’ll want a ToU to confirm the terms of your sale transactions, how refunds work, the quality standard that you pledge to meet, and much more.
  • allowing visitors to upload photos, videos or artwork. You’ll want to protect yourself from liability for infringement of copyright; otherwise, if your site is hosting user-uploaded content that violates other people’s intellectual property rights, you could be at risk for huge copyright fines. There’s an easy way to avoid this: follow the Digital Millennium Copyright Act (DMCA), which lets you avoid liability if you promptly remove infringing content after complaints from owners of copyrighted materials. This only works if you have a ToU that contains quite specific DMCA language.
  • hosting a forum where users communicate with each other. You’ll want your ToU to contain a code of conduct barring users from doing various bad things that people tend to do online – spamming, harassing each other, and so on.
  • publishing anything written by users. Some companies (e.g. Quora, Reddit, Stackoverflow) derive value from crowdsourcing user-written content. Under the U.S. copyright laws, companies can’t monetize that content without having users “assign” (give) various rights to the companies, so the ToU will contain language that does so.
  • finally, if your website does anything else that could create liability for you as the operator, you’ll want a ToU in which visitors agree to limit your liability in the event of a lawsuit.

How can the Terms of Use be a “contract” with my visitors if they don’t actually read it or “click to accept” it?

Under well-settled contract law rules, a ToU becomes a binding agreement between you and your website’s visitors if it is written clearly and if you make its existence clear to all visitors at the time they visit the site. Visitors do not need to actually read the ToU, and usually they don’t. But it’s not your job to force visitors to read anything — your job is to make sure visitors are aware that there is a ToU and make it easy for them to read if they choose to. If you do that, you’ve done all that the law asks, and the ToU between you and your visitors will be enforceable.

The easiest way to make the ToU enforceable is just to post it to a dedicated page and then make sure that the home page of the website has a clear link to that ToU page (for good measure, we recommend putting that link on every page of the site, not just the home page). In WordPress, Squarespace and most other platforms, it’s simple to make that a persistent link embedded in every footer. Just make sure it’s at least 12-point font and in a color that contrasts with the background. Consumers today are accustomed to scanning the tops and bottoms of web pages for the “Terms of Use” link, so make it easy for them to find and your job is done.

So why do some companies go further and ask visitors to check a digital box? It’s just an extra measure of caution, and it becomes more important with larger businesses. Imagine you’re a company that has just been sued by website visitors claiming that they weren’t aware of your ToU. In that case, it’s great to be able to say “Your Honor, not only was our Terms of Use prominently displayed at all times, but in fact here we have a digital record of the plaintiff’s checked box, saying she read our Terms of Use.” While the check box is extra protection, it’s also more friction and frustration for your users, so you’ll want to balance the benefit against the damage it does to your User Experience and online conversions. For most companies, especially smaller ones, it’s usually fine to skip the check box.

Does my business need to be incorporated as a company in order to have a Terms of Use or Privacy Policy?

No. Whether the business is a sole proprietorship (unincorporated) or a legally organized company makes no difference. If you’re a sole proprietorship, then the ToU and Privacy Policy refer to you individually, rather than your company.

Do a Terms of Use and a Privacy Policy have to be two different documents? Can I combine them?

There’s no law saying these have to be separate documents. Legally, you could have the Privacy Policy be part of your ToU if you like. If you do that, just be sure that it is clearly identified under a separate heading in your Terms of Use, and that the home page of your website has a clear and conspicuous “Privacy Policy” link that leads directly to that part of your Terms.

But we recommend keeping the two documents separate anyway. This makes it easier for visitors to find and understand them, and that’s really the key to these documents – make it easy for people to understand how your website works. There’s an additional consideration, too: a Privacy Policy needs to apply to everybody who visits the website, but the ToU might (depending on the website) apply not to all website visitors but only that subset of visitors who become customers of the company operating the website.

What’s the difference between a Terms of Use, Terms of Service, User Agreement, etc?

No difference. The contract between you and your website visitors can be called any of these. If you don’t have a stylistic preference, we recommend “Terms of Use” for a simple reason: it’s shorter, and all else equal, keep legal documents shorter rather than longer.

How do I write my Terms of Use and Privacy Policy? Can I copy and paste from another website?

Please don’t. Doing that with a Privacy Policy is far worse than having no Privacy Policy at all — it can amount to deceptive advertising, because you can end up claiming to comply with privacy practices that you don’t actually follow. The U.S. Federal Trade Commission routinely sues companies for doing that. And Terms of Use can vary enormously, so copying them may leave you with the wrong type of intellectual property clauses, liability provisions or more. Talk to a lawyer in your home state — these documents are critical business assets, and they’re really affordable.

Do these documents need to be written in boring legalese? What if I want to make them informal or even funny?

No! These don’t have to be boring. In fact, a lot of our clients prefer these to be written in an informal or “plain English” style. We encourage that! These documents serve legal purposes, but they’re also marketing assets — it’s okay to have them support your brand and customer experience. We feel so strongly about this that we wrote this longer article about our love for plain-English legal documents.


Adam Nyhan

Adam Nyhan represents clients in Maine, Silicon Valley and globally in software, privacy, trademark and business law matters. He is also the co-founder of a Software-as-a-Service startup and a former in-house attorney at a software firm in New York City.