What are website policies?

Companies provide policies on their website to limit their liability, comply with applicable laws, and help their prospects and customers understand the rules for using their website.

A Privacy Policy provides specific disclosures required under privacy laws that apply to a business collecting personal information (e.g. names, email addresses, etc.). A Privacy Policy helps explain to website visitors the information you collect, why you collect it, and who you share it with (e.g. third-party email marketing tools, CRMs, etc.), and more. 

A Terms of Service, otherwise known as a Terms and Conditions or a Terms of Use statement, sets the rules to using websites. This statement provides information about shipping, cancelations, refunds, warranties, and more. A Terms of Service agreement is required for eCommerce websites to work with third-party credit card transaction companies. 

A website Disclaimer exists for website owners to openly disavow any statements on their website that could potentially be misinterpreted. Disclaimers are valuable if you sell health products on your website, provide health advice, participate in affiliate programs or provide information that could be interpreted as legal advice. Do you remember commercials for medical prescriptions (i.e. ‘Ask your doctor about ______’) where at the end they talk really fast and make a bunch of statements (e.g. ‘some patients experienced nausea, etc.’)? That is an example of a Disclaimer, which can be valuable (or even required) depending on what you offer online.

What website policies do I need for my digital goods store?

Now that we know the difference between a Privacy Policy, Terms of Use statement, and Disclaimer, we will now explain what policies are needed for websites selling digital goods.

General requirements

In general, every digital goods eCommerce website needs at minimum a Privacy Policy to comply with international privacy laws and a Terms of Service agreement to set the rules to use the website. 

Compliance with international privacy laws

The beauty of offering digital goods and services is the ability to provide them to anyone, regardless of location. The consequence of selling digital goods and services is that you may need to comply with privacy laws that protect your customers’ data. For example, suppose you offer goods or services to residents of the European Union. In that case, you have to comply with the General Data Protection Regulation (GDPR) and provide specific disclosures within your Privacy Policy. If you have customers throughout the United States, you may have to comply with privacy laws in California (CalOPPA, CCPA), Nevada (Nevada Revised Statutes Chapter 603A), and Delaware (DOPPA).

It is critical that website owners understand this: privacy laws are created by legislators wanting to protect their residents’ data and do not care about where your business is located. If you collect personal information from residents of specific states or countries, you may need to comply with their privacy laws, regardless of where you are located. Since eCommerce stores selling digital goods collect personal information, you must identify first which privacy law(s) they need to comply with and add the required disclosures within their website Privacy Policy.

Keep Privacy Policies up to date with new privacy laws

On top of needing to provide a Privacy Policy that includes disclosures required by multiple existing privacy laws, eCommerce website owners also need a strategy to keep their Privacy Policy up to date as laws get amended and new privacy laws go into effect. In the United States, for example, there are currently over two dozen privacy bills that have been proposed. If and when each of these bills passes, you may need to update your Privacy Policy with new disclosures required by these new privacy laws. At the end of this article, we share ways to develop a strategy to keep your Privacy Policy up to date.

Terms of Service agreements are required for eCommerce websites

To work with a PCI compliant credit card processing company, website owners need to usually first list a Terms of Service on their website that helps explain cancellations, refunds, and more. You can find this requirement listed within the Terms of Service of the credit card processing company that you plan on using for your store. 

What you sell matters, even if it is digital.

Additional disclosures may be required (or recommended) if you sell certain digital products or services. Below, you will find common digital products for sale and things you should take into consideration with regard to your website policies.

Selling Audio Clips

If you sell audio clips, you will want to display a Privacy Policy and Terms of Service providing the general requirements listed above. You will also want to ensure that you display a DMCA notice within your Terms of Service agreement, which helps users know how to contact you if they find people infringing on your intellectual property (or vice versa). Your audio clips are valuable, and it is important that people do not use them without paying you. Offer a Terms of Service letting users know how they can (and can NOT) use your audio clips when purchasing from your website.

Selling Courses

If you sell courses, you will want to display a Privacy Policy and Terms of Service providing the general requirements listed above. 

Wouldn’t it be unfortunate to find a customer that purchases a course and then shares your hard work for free online for anyone to take? This could have severe negative financial impacts on your business if your would-have-been customers access your courses for free. You will want to ensure that you display a DMCA notice within your Terms of Service agreement, which helps users know how to contact you if they find people infringing on your intellectual property (or vice versa). Your courses are valuable, and it is important that people do not us ethem without paying you. Offer a Terms of Service letting users know how they can (and can NOT) use your courses when purchasing from your website.

Also, depending on the type of course you are selling, you may want to add a Disclaimer to your website, further limiting your liability as a business owner. Courses that could be seen as providing health advice, fitness tips or legal advice, for example, should have a Disclaimer disavowing anything that could be potentially misinterpreted by the customer.

Selling Desktop Software

If you sell desktop software, you will want to display a Privacy Policy and Terms of Service providing the general requirements listed above. 

Oftentimes, desktop software will send data to its creator to help them understand how the software is used. This allows the creator to develop additional features and functionalities that its customers may want. This type of data can be defined as personal information and you will want to make sure to disclose this within your Privacy Policy.

Concerned about people purchasing your software and then offering it for free to other parties?  Be sure to add a DMCA notice to your website Terms of Service. A DMCA notice will help users understand how to contact you if they find someone infringing on your intellectual property.

Lastly, you may want to consider offering an End User License Agreement which explains to users the rules of using the software and includes essential information about licensing, such as whether a user can make a copy of the software and give that copy to someone else. This is different from a website Terms of Service, which explains the rules to use the website.

Selling Documents

If you are selling documents, you will want to display a Privacy Policy and Terms of Service providing the general requirements listed above. 

Depending on the documents you provide, you may want to provide a DMCA notice, letting users know how to contact you if they find someone infringing on your intellectual property (i.e. sharing your documents publicly for free without having to pay you). 

If documents are purchased, filled out and then submitted back to you for any reason, you may be required to make additional disclosures within your Privacy Policy with regard to any additional personal information your website is collecting. 

Lastly, a Disclaimer may be required if you provide documents that could be interpreted as providing legal advice, health advice, or fitness tips.  

Selling Ebooks

If you are selling eBooks, you will want to display a Privacy Policy and Terms of Service providing the general requirements listed above. 

Selling eBooks keeps costs down for customers and provides instant access to your work. Writing a book takes a lot of time and energy, and it would not be good to find out a customer is offering your eBook for free to anyone interested. This can have a negative impact on your business financials. That is why having a DMCA notice within your Terms of Service can be beneficial for your business. A DMCA notice states to users how to contact you if they found someone that is stealing your intellectual property. 

Depending on the type of eBook you offer, you may want to consider adding a Disclaimer to your website. A Disclaimer is valuable if you offer anything within your eBook that could be seen as providing health advice, fitness tips or legal advice. By providing a proper Disclaimer, you can help further limit your liability with disclosures that help alleviate you from being responsible for people misinterpreting your work.

Selling Photographs or Videos

If you are selling photographs or videos, you will want to display a Privacy Policy and Terms of Service providing the general requirements listed above. 

Photography and videography can capture moments in time that can be cherished by a huge audience.  With that being said, photography and videography is often subject to copyright infringements as consumers can think that any image available online is fair game to use and share as they wish. If you sell photographs online, be sure to provide a DMCA notice within your Terms of Service, helping explain to users how they can contact you if they have found someone stealing your photos and using it as their own.

In addition, your Terms of Service should provide a copyright notice, ranging from the year you initially launched your website to this current year. This can help relay the message to your prospects and customers that everything within your website is copyrighted from the date it was posted, further protecting your photographs and videos.

Selling Plugins and WordPress Themes

Suppose you are selling plugins and/or themes. In that case, you will want to display a Privacy Policy and Terms of Service providing the general requirements listed above. 

When installed and activated, plugins and themes will often send data to its developer with regard to how users are utilizing its tools and features. This type of data may be defined as personal information under numerous privacy laws and may require additional disclosures to be made within the website Privacy Policy. 

You will also want to display a DMCA notice that allows users to contact you if they believe someone is infringing on your intellectual property. For example, offering your paid plugin for free or misusing your plugin or theme.

An End User License Agreement should also be provided to explain to users their rights when using your plugin/theme software as well as helping remove your liability when customers use your plugin. There are many widely recognized license agreements (GPL, MIT, PLR, creative commons, etc) that you can also use to protect your business. WordPress, for example, uses the GPL license, which is also common for WordPress plugin and theme authors. Regardless of which type of agreement you choose, failing to include a EULA in your software could cause people to misuse your product, improperly share it with others without you being compensated or possibly even being sued by a user for something outside of your control.

Selling Services (including web-based services)

If you are selling services digitally, you will want to display a Privacy Policy and Terms of Service providing the general requirements listed above. 

Depending on the type of services you provide, you may need to provide additional disclosures within your Privacy Policy with regard to any additional pieces of personal information your website collects after a customer makes a purchase. Your Privacy Policy can also disclose other types of personal information you collect while performing the actual services, such as login credentials, customer or subscriber information, and more. 

If you are selling a subscription based service, you will want to make certain disclosures within your Terms of Service that helps explain to users when they will be charged, if you offer free trial(s), and any other additional details that help prospective buyers understand how your subscription works.

Potential consequences of having non-compliant website policies

It’s important to step back and ask yourself, “Why even bother with all this policy stuff?  We discussed an ever growing number of privacy laws being introduced on a per country, state or continent level.  This is due to more and more people demanding their governments to provide them with privacy rights. Some of these newly created privacy laws have stiff fines, while proposed privacy bills want to provide consumers with the ability to sue businesses for privacy non-compliance. 

Below, we will talk about the three major reasons why you should take website policies seriously.

Fines, lawsuits

We all hear about big companies getting fined by governing bodies or class action lawsuits for privacy non-compliance.  “Facebook sued $650 million for privacy non-compliance”. “Google sued $2.5 billion for violated children’s privacy rights”. 

When the news covers these big stories, it almost feels like small businesses can’t get in any real trouble for privacy violations. This is, however, an incorrect assumption. When looking at GDPR Enforcement Tracker, for example, you will see countless small businesses that have been fined for GDPR non-compliance. And the number has been steadily increasing over time. 

Fines for failure to comply with privacy laws range from $2,500 per violation to €20,000,000 or more in total. In this case, “per violation” means per website visitor whose privacy rights you infringed upon. For example, if you have 100 website visitors from California per month and do not have a compliant Privacy Policy, the fine would be calculated as $2,500 multiplied by 100, which can easily add up to a large fine. 

On top of that, Canada has proposed an update to its privacy law, PIPEDA, that will enable its citizens to sue businesses for non-compliance. We also see multiple privacy bills in the United States that, if passed, will allow its citizens to sue businesses, regardless of the business’s size or location, for collecting as little as an email address on a contact form without a Privacy Policy providing disclosures required by that respective privacy law. 

In other words: the number of privacy non-compliance fines and lawsuits are increasing and may even start accelerating if more privacy bills continue to be proposed and passed. Privacy compliance is becoming a big deal.

Customer confusion 

There is not a single salesperson in this world that thinks that slowing down a sales process is a good idea.  Not a single one.  In the sales process, you want to keep moving the conversation along to get a customer to make a decision on if they want to make a purchase.  

And if a customer doesn’t understand your cancelation or refund policy, your warranties, or what you do with information after you collect it, then they will go to your website policies for answers.  And if that customer can’t find the information they are seeking, they may go to the search engines to find an alternative company. 

Website policies give your prospective customers the ability to identify exactly what to expect when making a purchase (or when submitting their personal data) through your website. This keeps the process moving, allowing these prospects to get to their purchasing decision faster (something we can all appreciate).

Lost business

According to this study performed by Axios, 93% of Americans said they would switch to a company that prioritizes data privacy. In addition, 91% of Americans said they would prefer to buy from companies that always guarantee them access to their data.

Losing business simply because customers may be uncomfortable with your privacy practices is an emerging trend we are seeing and is demonstrated by this recent study statistic listed above. Displaying comprehensive policies is your chance to show to your customers that you care about their privacy and you want them to have a transparent experience whenever making a purchase on your website. Simply put, providing website policies is the right thing to do. 

How can I get comprehensive website policies?

Setting up comprehensive policies for your prospects and customers can help you comply with applicable laws as well as limit your liability as a business owner. But it is important to understand that not all policies are created equal. Below, we will discuss ways to obtain comprehensive website policies while avoiding riskier (non-compliant) methods.

Can I copy/paste policies from a competitor?

No. Copying and pasting policies from another website is copyright infringement. On top of that, when you copy a policy from your competitor, you have no idea if they are complying with all applicable privacy laws and have provided all disclosures to help limit your liability. In addition, your competitors may not need to comply with all of the privacy laws that you need to comply with, meaning that you could still end up being fined or sued. 

Last, but not least, when you copy website policies from a competitor, you still haven’t answered the question of how you will stay up to date when new privacy laws pass that require new disclosures within your Privacy Policy.  

Can I use a free template online? 

We are unaware of a single website policies template that is compliant with all privacy laws.  Remember, to generate a comprehensive Privacy Policy for your business, you first need to identify what privacy laws actually apply to you. Only after you define the privacy laws that apply to you can you identify the required disclosures. Searching for a free template online answers the question ‘how do I get website policies?’, but does not answer the question ‘how to I avoid privacy non-compliance and its associated penalties?’.

Even if you were to find templates for your website policies that were comprehensive and somehow aligned with all privacy laws you needed to comply with, it still does not answer the question of how you will keep your policies up to date when privacy laws change or when new ones go into effect.  

Option #1: Privacy and International Contracts Attorneys

The best option to get comprehensive website policies is to work with a privacy attorney for your Privacy Policy, and an international contracts attorney for your Terms of Service.  

For privacy attorneys, try visiting the IAPP.org website and contacting some of their attorney members to find one that is a good fit for you. Make sure they discuss pricing not only for drafting your Privacy Policy but ask them to explain their processes and associated fees for monitoring privacy laws and keeping your website Privacy Policy up to date.

For international contracts attorneys, be sure to ask how they manage consumer privacy rights not only in their state or country but also internationally.  Consumers have different levels of protections, so you’ll want to make sure you are abiding to those respective laws as you sell your digital goods or services online.

With all this being said, there are many small businesses that do not have the funds to pay for privacy attorneys and international contracts attorneys to keep their website policies up to date.  As an alternative, many small businesses are looking towards online tools that can assist in the website policy generation process. We talk about this in the next section.

Option #2: Website Policies Generators

If hiring an attorney to draft your policies and keep them up to date is out of your budget, you may want to consider selecting a trusted website policy generator tool to assist you in this. 

The best website policy generators are ones that help you identify what privacy and consumer right laws may apply to your business first. Only then should the tool help you generate your policies through a questionnaire that is specific to those applicable laws. When looking for a privacy policy generator, you should consider who co-founded the companies as well. Is there a privacy and international contracts attorney that helped create the generator and keep it up to date over time? Also, be sure to select a generator that discusses how they monitor existing and proposed privacy laws and if they offer an automatic updates type feature. Questions like this will help you determine a trusted website policy generator for your business.

The con to using a website policies generator is that it is simply a tool, not a legal service provider. Many small business owners still choose to go the generator route, and simply ensure that the generator itself is built with comprehensiveness in mind and is run by people with legal backgrounds.

The pro to a website policies generator is the cost savings, which are a fraction of the cost of retaining a privacy and contracts attorney to constantly keep your policies up to date.  Termageddon, for example, is a website policies generator that costs $99/year with no hidden fees and was co-founded by a privacy and contracts attorney who’s even helped legislators write privacy laws on behalf of the American Bar Association. 

Conclusion

When selling digital goods or services, you need to provide website policies to comply with respective international privacy laws, set the rules to using your website, and limit your liability as a business owner. You also need to make sure to have a strategy to keep your policies up to date when the laws change (or new ones get introduced) and when your business practices change.  

Website policies may not be the most exciting part when launching and managing an eCommerce store, but they demonstrate to your prospects and customers that you care about their data and want to ensure they have as smooth of a purchasing process as possible. Contact an attorney or use a privacy policy generator like Termageddon to create comprehensive policies for your website; your prospective clients will appreciate it!