What Legal Documents Do I Need For My Website?

Starting a website and contemplating what legal documents you need? The law is catching up to this newfangled thing known as the web, and legal documentation on your site is used to mitigate the risk of doing business online. Let’s take a look at the documentation you must have on the site as well as additional options that may come into play.

Jurisdictionlegal documents for website

Any discussion of the law must first start by defining the jurisdiction controlling the dispute in question. Jurisdiction refers to the set of laws used to decide a matter with said laws typically being defined by a geographic area such as a state or country. The United States would have jurisdiction over a copyright dispute between Google and Microsoft concerning a product sold in the country with federal law applying.

Privacy Policy

Privacy law at the federal level of government in the United States is laughable. One has to remember the right of privacy is not mentioned in the Constitution, but is instead believed to be derived from it by the Supreme Court in the famous Roe v. Wade abortion ruling. Opponents hotly contest this “judicially created right”, which is why privacy law never seems to develop at the federal level.

The story with the states is entirely different. California and many other states have developed specific legislation on privacy. California has eleven laws addressing the issue as I write this and is in the process of enacting more. The laws are tailored to apply to any site with just one member or visitors from California, which converts the state legislation into a national standard for all intent. Duties placed on websites under these laws include:

  • Disclosing what personal information is obtained from members,
  • Disclosing how said personal information is used and disclosed to third parties,
  • Providing a specific notice provision on the website for a privacy policy,
  • Disclosing how the site handles “do not track” signals from visitors and browsers, and
  • Providing a mechanism for minors to request the removal of posts they’ve made to the website in question.

Creating a privacy policy for a website is no longer a small task. Just disclosing you track visitors for Adsense purposes is not enough. You must undertake a close examination of your data collection procedures and then reveal those practices in a detailed privacy policy statement written in plain English. Failure to take these steps can lead to prosecutions by government authorities as well as civil lawsuits.

Terms of Use

Your website will need a terms of use statement. “Terms of service” and “terms and conditions” are two other names given to the document. Regardless of the name, the important thing to understand is this document acts as a contract of sorts between you and the person using your site. As a result, the terms need to be created carefully and instituted in a particular manner. Your terms can be invalidated if these two steps are not taken or, worse, contain clauses that come back to haunt you in a lawsuit.

Typical topics covered in terms of use include:

  • Age restrictions,
  • Applicable law restrictions,
  • Selection of the court system jurisdiction,
  • Copyright infringement warnings,
  • Disclaimers of warranties and guarantees,
  • Licensing defining the use of content provided by visitors,
  • Copyright notices for the website if applicable,
  • Trademark notices for the website if applicable, and
  • Privacy Policy inclusion provisions.

The positive news in this area is the terms are written without any negotiation with the visitors to the website. This unilateral approach provides you with an opportunity to craft the language in a manner that is as beneficial to your business as possible. Taking the time to carefully craft your terms is not only a smart move, but it is also critical to limit the potential of being dragged into lawsuits by users of the website.

Potential Legal Documents

The terms of use and privacy policy form the legal foundation of any website. Nearly every site, however, will require additional documentation. Let’s take a look at the potential issues you may need to cover on a website.


If there is a more misunderstood legal concept than the disclaimer, I can’t imagine what it is. The FTC has even had to issue disclaimer guidelines to clarify things. Let’s try to sort this out right now. A disclaimer is used to qualify a statement, not excuse it. A disclaimer cannot be used to escape liability for making false statements to consumers in an effort to generate sales. It can only be used to avoid liability for true statements that are not typical or do not apply to a particular situation. An example can show how this might work.

I create a weight loss pill. I try it on a number of people. Two percent of the test subjects who take it lose a staggering 25 pounds in three weeks. The rest lose seven pounds in three weeks. I naturally want to emphasize the people who lost 25 pounds in my web content and marketing pieces. However, there is a small problem. These people only make up two percent of my sample group. I will need a disclaimer noting the results are not typical and that a more realistic pace of weight loss is seven pounds in three weeks.

Now note something. I have not suggested anything false. There is no “false advertising” here. I can objectively substantiate my claims by showing the FTC or any complaining party that two percent of my sample group lost 25 pounds in three weeks. Given this, adding a disclaimer to my website is an acceptable tactic.

Now let’s consider a second scenario. I create a pill I believe will cure breast cancer. I market it as such. I have no proof anyone has been cured by taking it. I put a disclaimer on my site in small print at the bottom of the template indicating the pill might not cure cancer. Is this going to keep me out of legal trouble? Not a chance. You cannot use a disclaimer to avoid liability for patently false claims.

What does all this mean for a new website? Well, you need to consider the content on the site. If there are services, information or products being offered for which you make specific claims, then one needs to determine if a disclaimer is required. If it is, then the disclaimer must be written and implemented carefully to meet the necessary state, federal and FTC guidelines on false advertising.


If your business plan involves allowing visitors to your site to upload anything, you need to become DMCA compliant. “DMCA” refers to the Digital Millennium Copyright Act of 1998. In passing this law, Congress sought to create an informal method for dealing with copyright infringement claims online. Previously, the copyright holder was required to file a lawsuit to protect their rights. With Google receiving nearly 10,000 DMCA complaints a day, you can imagine how clogged up the court system would be without the DMCA.

Copyright infringement is a huge problem online. The cause is rarely malicious. Many people will simply copy and post pictures, music, text and videos without even considering whether doing so violates the copyright of the person or business that created the work.

The last thing you want is to be sued for copyright infringement when launching your new website. The DMCA was created to protect you from this problem. Section 512(c) of the law is the pertinent section at issue here and reads as follows:

(c) Information Residing on Systems or Networks At Direction of Users.—

(1) In general.— A service provider shall not be liable for monetary relief, or, except as provided in subsection (j), for injunctive or other equitable relief, for infringement of copyright by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider, if the service provider—
(i) does not have actual knowledge that the material or an activity using the material on the system or network is infringing;
(ii) in the absence of such actual knowledge, is not aware of facts or circumstances from which infringing activity is apparent; or
(iii) upon obtaining such knowledge or awareness, acts expeditiously to remove, or disable access to, the material;

[17 USC § 512 – http://www.law.cornell.edu/uscode/text/17/512]

In practical terms, this means websites are given immunity from copyright infringement lawsuits. This is not the full story. To gain and maintain this valuable immunity, a website operator must follow a notice and counter-notice process detailed in the law. The process is beyond the scope of this article, but includes:

  • Publishing a DMCA policy on the website,
  • Designating a DMCA agent to receive copyright takedown notices [Try DMCAAgentService.com],
  • Responding to takedown notices by promptly removing the contested content from the website,
  • Following a strict timeline detailed in the DMCA regarding notice and counter-notice procedures to facilitate communication between the copyright holder and person who posted the contested material, and
  • Establish a repeat infringer policy to prevent abuse of the website by parties posting to the website.

Websites typically get into trouble in this area. The owners mistakenly believe they are protected so long as they publish a DMCA policy on their site and designate an agent. Nothing is further from the truth. Most website operators are dragged into DMCA copyright litigation because they fail to follow through on their DMCA obligations.

If you run a user generated content website, I cannot emphasize enough how important it is to know the DMCA inside out. This typically means using an attorney to handle claims or work with one of your employees on claims that come in. Whether you use me or another attorney, make sure to use someone familiar with the DMCA process.

Affiliate Disclosures

The monetization of a website is often one of the trickier issues you will run into online. Website operators have come up with a myriad of ways to make a buck. In fact, people have been so creative that the FTC has finally stepped in to establish disclosure requirements website operators must follow. The short and sweet of it is any affiliate relationship a website has with an advertiser must be disclosed when content appears on the site that promotes the products or services of the advertising partner.

Let’s consider an example. I create a blog advising people how to build up an email list to support their website. I then mention certain services such as AWeber and I include links to the AWeber site. If I am receiving compensation from AWeber for any leads I send it, I must disclose this relationship. Should I fail to do so, I face a potential $16,000 penalty per violation.

In the past, website operators created an earning disclosure page and linked to it in the footer of their website. This approach no longer is acceptable to the FTC. A careful plan of disclosure within the site content must be created that meets the FTC disclosure requirements while not hurting your click through rates.

COPPA legal documentsCOPPA

Does your website target kids under the age of 13? If so, welcome to the legal hell known as the Children’s Online Privacy Protection Act of 1998 – one of Dante’s new circles of hell for website operators.

COPPA is one of those laws created with the best of intentions – protect the privacy of kids online. Between a poorly written law and horrifically poor regulations issued by the FTC regarding the implementation of the law, the cost of compliance with COPPA is in the $18,000 range. This is not a problem for a large site, but it is a huge burden for smaller sites.

From a documentation point of view, COPPA compliance requires the terms of use and privacy policy of the site to be expanded dramatically with significant customization. The language on the site pages also needs to be closely monitored and edited to avoid making any statements that would violate COPPA. You can expect to incur $5,000 to $10,000 in legal fees in just this area before spending money on technical changes to the site required by COPPA.

COPPA is so complex that moving forward with a compliance effort requires retaining an attorney. If COPPA is an issue for your site, find an attorney in your area who is familiar with the law and can guide you through this minefield of red tape. I handle California clients if you are located in the state.

Product Sales

The sale of products off your site needs to be addressed in your terms. The exact language to be included depends on what exactly is being sold. For example, the sale of digital products such as apps requires an end user license agreement while the sale of custom made products require specific language defining when the sale is considered final.

Returns and refunds are subjects most websites handle incorrectly when selling products online. There seems to be a belief website operators can set whatever return and refund terms they wish. This is incorrect. There are state and federal laws on these subjects. From the FTC 30 day merchandise shipment rules to state laws covering consumer rights, a website needs to define its jurisdiction and create clear, conspicuous legal language that complies with the applicable laws. This is an area where litigation arises often, particularly after the winter holidays if a website fails to deliver gifts on time.

As a general notion, it is important to understand the direct sale of products off a website necessarily requires legal language of one sort or another. Again, this is an area where spending a bit of money on a lawyer can keep you out of serious trouble.

Copyright and Trademark Notices

Do you need to publish the magic “C” and “R” notices on your website? Yes, you do. Make sure you are using the symbols correctly.

The Good News

There is good news? Yes. The legal documents discussed above all have one thing in common. They are designed to protect your rights online. While there are certain requirements you must comply with, doing so is often the difference between being dragged into a lawsuit or not. Given this, I suggest you view the cost of preparing legal documentation for your website as an investment in your business, something akin to buying insurance.

In Closing

To sum up, websites need legal documentation in the modern online legal environment. The documents every site must have are:

  • Terms of use and a
  • Privacy policy.

Depending on the specifics of the website, additional documentation needed may include:

  • DMCA compliance documents,
  • Disclaimers,
  • Affiliate earning disclaimers,
  • Children’s Online Privacy Protection Act language,
  • Refund and return policies,
  • End user license agreements, and
  • Copyright and trademark notices.

Contact me today for a free consultation on your website.

Richard A. Chapo, Esq.