Legal Pages for Your Website

Most software developers when developing an MVP for their startups think that the legal stuff is something that can just be done later.

But they don't realize that it's important to establish this legal stuff before they release the product, particularly given the product development role of the MVP during the initial phases of the startup: to collect information from customers.

For this reason, a Privacy Policy page is absolutely vital. A legal page for the Terms of Service agreement is also important, as even though your startup's service or product is still in development, you need to ensure that you have the legal agreements to govern the relationship between you and the users using your service or product.

Finally, disclaimers and warranties (as well as a refund policy) are important to reassure your customers about what exactly the service or product is, what it isn't, and what they can do if they are unhappy with it.

The Privacy Policy page

The Privacy Policy agreement is one of the most crucial documents for a startup, due to the unique role of the MVP in product development.

So what's the law?

The US does not have an overarching privacy law, but CalOPPA law has a number of requirements for a Privacy Policy agreement.

It requires that your legal agreement must be displayed as a standalone document and must detail what kind of personal information you collect from users, what you'll do with that collected personal information and who it will be shared with (if anyone).

If you have any users of your service or product in the US, it's likely that some of them will be from California and you should ensure that you comply.

Likewise with the UK and Europe: if there's a possibility that some of your users are from UK or Europe, ensure that you follow the laws.

UK is party to what's called the EU Data Protection Directive 1995. This directive sets out data collection principles that describe how you should collect data, what you can do with it, and what you need to tell your users.

This directive is covered by UK's privacy law, the Data Protection Act 1998. The principles covered by both of these pieces of legislation are:

  • Users must be notified when you're collecting their data
  • Personal data should only be collected for specific (and lawful) purposes
  • That data collected should be adequate and relevant for the purpose
  • Personal data should be accurate and kept up to date
  • Personal data should not be kept for longer than necessary
  • Appropriate security measures should be put in place
  • Personal data must not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory also ensures an adequate level of protection for that data collected

Here's an example of a short from the Privacy Policy from Art's International Bakery that covers a few of the main points (what type of data is collected, what will be done with it, and when it will be released):

Screenshot of Art's International Bakery Privacy Policy

Other legal pages

If your startup is still developing an MVP, users might purchase a service or product they may not be satisfied with the lack of features. Particularly if you're testing the willingness of users to pay or examining different pricing schedules, some users may find that your current service/product is overpriced and may want to obtain a refund.

It's important to include a Refund Policy as part of your business that outlines clearly in what circumstances you'll provide a refund. Local laws may also apply to you, and some require that you give a refund if the product is not "fit for purpose" i.e. if it doesn't do what you said it would do.

For example, in the UK you must give a refund if the product is faulty, not as described or doesn't do what it's supposed to.

In addition, distance selling laws in the UK require that if you're selling your product online or by way of phone or mail order, you must provide a refund if the customer requests one within 14 days of them receiving the product.

In the US, there's no federal law on returns or refunds, so your obligations will differ state-by-state. However, California law requires that you must clearly post your Refund Policy unless you offer a full cash refund, exchange, or store credit within 7 days of the purchase date.

If you don't display this kind of policy customers may return goods for a full refund within 30 days. In Florida, if you don't offer refunds you need to do the same, and if you don't do this a customer may return goods for a full refund within 20 days of the purchase.

To avoid these issues, clearly and frequently display your refund policies on your website or in store, and also make sure that you set up a clear disclaimer about what the product does, and what it doesn't do.

It's useful for purchasers if you include a "Beta" tag on any computer software to indicate that the product is still in development, so that your users do not unfairly expect the current service or product to function in ways it cannot.

This is what I mean by a "Beta" tag:

Screenshot of PHPKB 7.0 Beta Release page

You can see the word "Beta" in the release title that clearly indicates to customers that this product may not be complete.

Always remember that no matter how new your product is, and regardless of whether it's in test or development, you need to cover your legal obligations to protect both you and your customers.

Particularly, if you're collecting user or market information with your product, a Privacy Policy is important. a Terms of Service and Refund Policy can also help to set clear expectations for customers and users of your product so that you don't end up in legal hot water.