I am running a typical web startup. A website about my favorite topic. Running on a LAMP stack. Using Analytics, Adsense and affiliate links from Amazon and other retailers.<p>Users love it. I get over a million monthly pageviews now. I am very happy that people like what I build. Life is good.<p>I do it all completely based on what people want me to do. I run user surveys all the time and talk to users directly.<p>One of the things nobody ever asked for - and therefore is absent on my site - is legal mumbo jumbo.<p>Somehow I feel that might cause problems at some point. So what should I put up?<p>Lately I got an email from Google saying that users of their services shall put up that annoying "This site uses cookies. Click here to get rid of this popup." message to european visitors. I don't know any local european sites that do that. But when God^Hogle says so, you better comply, right? So looks like it's time to implement geotargeting.<p>That probably also implies putting up a privacy policy, as the full message in that popup shall be "This site uses cookies. OK|MORE" and MORE linking to the privacy policy. If I understand it correctly.<p>Similar with Amazon who wants publishers to put up an "Ad Disclosure" statement on their site. It's unclear where that has to go and if you have to link it from every page and if that can go on the "About" page or on a separate "Ad Disclosure" page or whatever Amazon wants. They don't give any more info about this requirement.<p>And then there is the local law. Sites in my country have to carry the information who runs them, the owners address and an "easy way to contact the owner". So either email or telephone I guess.<p>Can these 3 things (Address, Privacy Policy, Ad Disclosure) be put on one page? Is it enough to link to that page from an "About" link on every page of the site?<p>Anything else that I have to put up? How do you guys handle this?
Of course, the best course of action is to have a lawyer draw up the "Terms", etc.<p>That said.<p>I think you can get "Terms" from Google and several other companies like WordPress/Automattic under a Creative Commons License. I'm sure you can find boiler plate terms of service all over the internet. Just do a search.<p>The Europeans can hit you with a stiff penalty for not having a cookie/privacy policy. (But probably won't.)<p>"The ICO (the body responsible) has the power to serve penalties of up to £500,000 (about $800,000) to organisations that seriously breach the law."<p>In Spain::
"Two companies were investigated and fined. The decision concludes that the two companies had failed to comply with the obligation to provide clear and comprehensive information about the cookies they used.<p>"The total amount of the fines, 3,500 EUR, is very modest, especially if one considers the great enforcement powers of the Spanish DPA who could have potentially issued a fine up to 30,000 EUR per infringement in this case."
Usually, 2 things at a high level:<p><pre><code> - Privacy Policy
- Terms and Conditions
</code></pre>
For address and contact, just create a "About us" or "Contact" page and add those information there. Have these in your top level menu on every page.<p>Privacy policy is where you talk about what you do with user data, cookies blah blah. What information do you collect and what you do with it. Check out any well known SAAS and get inspired :).<p>Terms and conditions is where you define the rules of your system. Remember this is your system and you want to set the rules even if you have paying clients. What users can do, what they cannot and should not do. For example, if you offer ecommerce platform, then users cannot sell drugs etc. If users want to cancel their account, what needs to be done and what you offer. Things like that.<p>Oh, and always put a "Last updated" date on top of the Privacy Policy and Terms and Conditions page. This helps reassure that you are constantly looking at this. Don't fool the users though by using dynamic system date:)<p>Finally, whenever you update these, send an automated email to let your users know. Not sure if this required by law in some countries.