Building trust with website visitors is very important for any site, but for an e-commerce store, it's even more crucial.
First, we'll go through the law that you need to comply with, then look at how you can comply.
This legal agreement must detail:
If you are based in the US, it's highly likely that you have Californian customers, so it's important to comply with the Californian state law.
This far-reaching law has a global reach. What matters isn't where your business is located, but rather where your users are located.
Canadian law is also similar, with their laws contained in the Personal Information Protection and Electronic Documents Act 2000> (PIPEDA). PIPEDA requires organizations to:
Now let's look at what types of information you may be collecting, and how you can comply with the above laws.
It's certain that your e-commerce store will collect information from your customer as soon as they browse your store, such as their IP address, what time they opened your store page, how long they stayed on a specific page (aggregated data or not).
As an example, if you use Google Analytics: this tool from Google collects, even more, information, such as what pages they browsed through, their location, and even their gender.
Here are some examples of some of the things Google Analytics collects for an e-commerce store: pages/session, avg. session duration, language, country/territory, and so on.
If you use the Shopping Behavior Dashboard, it can tell you more data: sessions with views on your product pages, sessions with "Add to Cart" actions, the session with transactions recorded, devices used by your customers, and so on.
But then, when your customer created an account or fills in their billing or shipping details to purchase an item, you'll be collecting their name, physical address, email address, phone number, and credit card details, as well as anything else that you require them to provide before you can ship their item.
First, this is because having separate documents makes it easier for your customers to find your legal agreements.
Remember to display it prominently and frequently so that your customers can find it and read it:
You may be tempted to display it in small writing down the bottom of your page like you have probably seen in many other e-commerce stores.
Here's an example from Amazon on what a browsewrap is:
A better way (from a legal perspective) is to have your users actually click to show their agreement (or consent) in some way.
This is called a clickwrap method. You can do this with a tick box or pop up, but for an e-commerce store an unobtrusive but clear tick box is likely the better option.
Here's an example of that kind of check box from The Weather Channel, where users must check the box before creating an account:
Another example is from YouTube, when creating a new account:
Since your online store is likely collecting some information from your customers before they even decide to purchase an item, it's a good idea to also display this agreement on your store pages in a prominent and frequent way.