Does my simple for-pay website need a privacy policy and terms of service?
January 7, 2009 10:00 AM   Subscribe

I'm building a simple web app/service, but storing very little sensitive user information. Do I need a Terms of Service document and a Privacy Policy?

The only information I'll be storing about users is name and email address, neither of which will be shared with any other organization for any reason. The service will offer both free and premium plans, and the latter will be billed using a third party payment provider, so I'm not storing any credit card information or anything like that.

As far as payment, it will be a small amount (say, $20) billed annually and I don't plan on offering any type of refunds for partial years used in the event of an account downgrade/cancellation.

I'm trying to keep things as simple as possible both for the user as well as myself, but I don't want to get into some muddy legal waters by omitting these documents if they are, in fact, required.

Thanks!
posted by inkedmn to Technology (6 answers total) 3 users marked this as a favorite
 
I don't know if they're legally required, but I tend to stay away from sites that don't have a privacy policy.
posted by theichibun at 10:04 AM on January 7, 2009


I'm not a lawyer and I don't know much about the legal liability aspects of not having one, but in my opinion if you're collecting any kind of information from your visitors you should publish a privacy policy and follow the terms described in it.

There is a good privacy overview/template from the Better Business Bureau that can help get you started.
posted by burnmp3s at 10:23 AM on January 7, 2009


Yes.

Even if your app was collecting/storing zero user information, you should state so.
posted by Thorzdad at 10:34 AM on January 7, 2009


Yes, you should have one, but all you need to do is copy and paste what you wrote in your AskMe question, that should be sufficient unless anyone asks for more details.
posted by blue_beetle at 10:56 AM on January 7, 2009


Best answer: "The only information I'll be storing about users is name and email address, neither of which will be shared with any other organization for any reason."

I would imagine that this is not true. Take a classic case that very few stop to consider before writing their policies:

What if your site gets bought? Presumably, then, you'd want to transfer all of this info to a "different organization" (the company that buys you). There are a number of other situations that could arise where it would be good for both you AND YOUR USERS that the information be transferred.

This is why it's best to use a high-quality template or a lawyer experienced with these things. At the very least, you should read a bunch of privacy policies from organizations that you believe should have very good attorneys writing them, and think very hard to yourself about each clause -- is it addressing something that your little website could ever possibly encounter? If so, consider what you'd want to do about those scenarios.

I do not advocate just copying these things verbatim, but reading other sites' privacy policies is a good way to make use of a lot of thinking that someone else has already done to prompt you to think about things that might not spring immediately to mind.
posted by toomuchpete at 11:27 AM on January 7, 2009 [1 favorite]


WordPress' TOS is CC licensed; go steal it: http://wordpress.com/tos/
posted by sachinag at 6:59 PM on January 8, 2009 [1 favorite]


« Older Do debt collectors take payment through eBay?   |   A gun by any other name Newer »
This thread is closed to new comments.