Many international, federal, and state privacy laws require organizations that handle individuals' personal information to maintain clearly written and up-to-date legal policies on their websites and apps.

Online marketplaces rely on the collection and processing of personal information to complete transactions between buyers and sellers, making legal policies a necessity for their websites and apps.

This article will explain what an online marketplace is, what legal policies are required for marketplaces and the laws that require those policies, and what basic and marketplace-specific clauses you should include within your legal policies.

What is an Online Marketplace?

An online marketplace is a website or app where third-party sellers can list their products. Sales are processed via the marketplace, as opposed to directly between the seller and the buyer. While online marketplaces take care of the transaction process, the seller is still responsible for fulfilling and shipping the order.

Online marketplaces can be large-scale operations, such as in the case of Amazon or Facebook Marketplace, or they can be as simple as your business's website. The defining factor of an online marketplace is that it acts as an intermediary between buyers and sellers.

What Legal Agreements Do Online Marketplaces Need?

Some of the basic legal policies an online marketplace should have are a Privacy Policy, a Terms and Conditions Agreement, a Return and Refund Policy, and a Cookie Policy.

It's important to make sure that these policies include relevant clauses and are easily accessible.

Any time an entity collects or handles individuals' personal information, it needs to be aware of and comply with all applicable privacy and data protection laws, many of which require organizations to maintain accessible legal agreements on their websites and apps.

Since online marketplaces are arenas in which numerous transactions requiring personal information can take place each day, it's crucial that they have appropriate legal policies in place.

Privacy Policy

A Privacy Policy is a statement that describes how you collect, use, share, and protect individuals' personal information.

Amazon's Privacy Notice provides users with information about how it collects and processes their personal information:

Amazon Privacy Notice with table of contents highlighted

Terms and Conditions Agreement

A Terms and Conditions agreement is a document that outlines the rules that users must agree to in order to use your services.

The rules and guidelines you establish in your Terms and Conditions agreement (also known as Terms of Service or Terms of Use) give you control of your website and protect you from liability. Most Terms and Conditions agreements protect your right to stop any abuse of your website or even close accounts for any users who violate your terms.

Having a Terms and Conditions agreement for your marketplace can help do the following:

  • Protect you from legal liability
  • Give you rights to control your website and who uses it
  • Set forth your payment/refund rules
  • Allow you to decide who resolves your disputes

Etsy's Terms of Use covers the rules that users must agree to abide by in order to use its site:

Etsy Terms of Use table of contents

While there are currently no laws that require you to maintain a Terms and Conditions agreement, it's still a good idea to have one as it functions to inform users of the rules they need to follow in order to use your website or app and to limit your legal liability.

Return and Refund Policy

A Return and Refund Policy describes how and under what conditions users can request a return or a refund, how you process returns, and how you deal with refund requests.

A Return and Refund Policy can be included in your Terms and Conditions agreement, or it can function as a standalone document.

Poshmark uses its Return Policy to inform users that all sales are final unless a customer purchases something that they don't receive, or that doesn't match the item's description:

Poshmark Return Policy summary

Cookies Policy

A Cookies Policy lists the types of cookies that your website uses, and lets users know how the cookies are used and how long they remain on the user's computer or mobile device.

Cookies are files that are sent to users' browsers from the websites they visit. Those files are used to track users' browsing behavior, enabling websites to remember things like passwords, items in users' shopping carts, or past purchases.

Ruby Lane's Cookies Policy lets users know that it uses cookies to tell users apart, optimize the user experience, and create personalized ads and content:

Ruby Lane Cookie Policy intro section

Let's take a look at what laws require these different legal agreements.

Laws that Require Legal Agreements for Marketplaces

There are several state, federal, and global privacy laws that require organizations that collect or process personal information to inform users how they handle the data that they collect.

These laws include the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Consumer Rights Directive, and the European Union's (EU) Cookie Law.


The GDPR is the EU's primary privacy legislation. The GDPR applies to organizations that are either based in the EU, or that collect or process personal data belonging to citizens of the EU.

The GDPR requires applicable organizations to inform users about how they process the personal data they collect. Article 12 of the GDPR requires organizations that control personal data to provide information about an individual's personal data in a clearly written and easy to understand way, either in written or electronic format.

One effective method of complying with GDPR requirements is to maintain a Privacy Policy that is accessible from your website or app.


The CCPA is California's main privacy law and requires certain organizations that handle California consumers' personal information to comply with its rules. The CPRA expanded and updated the CCPA.

The CCPA (CPRA) requires businesses that meet its criteria to maintain updated information on their websites about how they treat the personal information they collect, and to inform California consumers about what their rights are concerning their personal information.

Part 5 of section 1798.130 of the CCPA explains that a business must keep either a Privacy Policy or updated information on its website to inform California consumers about their rights and how it handles the personal information it collects:

CCPA Section 1798 130 5 - Privacy Policy

The Consumer Rights Directive

While there are currently no U.S. federal or state laws requiring a Return and Refund Policy, you should still have one if you wish to offer customized return or refund terms. In addition, organizations from any country that does business with members of the EU need to be aware of the EU's Consumer Rights Directive.

The Consumer Rights Directive was passed in June 2014, and requires sellers to provide a withdrawal period of 14 days, during which the buyer can withdraw from the transaction and receive a full refund for their purchase amount without being penalized. If a seller fails to inform consumers of their right to withdraw from the sale, the withdrawal time frame extends to one year.

A great way to meet this requirement is by posting a detailed Return and Refund Policy.

The EU's Cookie Law began as the ePrivacy Directive (EPD) and was passed in May 2011. The Cookie Law requires applicable organizations to list the types of cookies they use, inform users how they use cookies, and get users' consent prior to using cookies.

Any organizations with websites that are based in the EU or that target residents of the EU are required to comply with the Cookie Law. Incorporating a Cookie Policy as a part of your legal agreements is the best way to ensure compliance with the Cookie Law.

Privacy Policy Clauses for Marketplaces

Privacy Policy Clauses for Marketplaces

Your Privacy Policy should include clauses concerning how you handle the personal information you collect, and should let users know that the marketplace's Privacy Policy may differ from its vendors' Privacy Policies.

Here are some of the common clauses for a Privacy Policy for marketplaces.

The Types of Information You Collect

This clause lets users know what kinds of personal information you collect, as well as how you collect the information. It should inform users that you may get information from them directly, through things like account sign-up forms, or indirectly, such as when your sellers collect their information.

Etsy's Privacy Policy includes a clause that details the types of personal information it collects and receives. It lets users know that it can obtain information directly from users, or indirectly from their use of Etsy's services, or from its vendors and suppliers:

Etsy Privacy Policy:Information Collected or Received

Who You Share Information With

Your Privacy Policy needs to inform users of any third parties that you may share the personal information you collect with.

Etsy discloses how it will share information with sellers on its marketplace, as well as how it will obtain information that customers have given directly to sellers, all with the purpose of facilitating the sales:

Etsy Privacy Policy: Sharing Information - Buying and Selling clause

Privacy Rights Granted to Users

Depending on what privacy laws you must follow, you will likely have to disclose what privacy rights your users have, such as the right to have their data deleted, or the right to opt out of you processing their data further.

Here's how Etsy discloses the rights people have and how to exercise them:

Etsy Privacy Policy: Your Rights and Choices clause excerpt

Next we'll look at what your Terms agreements should include for your marketplace platform.

Terms and Conditions Agreement Clauses for Marketplaces

Terms and Conditions Agreement Clauses for Marketplaces

While not legally required, a Terms and Conditions agreement can help to inform users of the rules that you expect them to agree to in order to use your marketplace services, as well as what kinds of rights you retain.

Here are some of the clauses that should be included in a Terms and Conditions agreement for marketplaces.

Prohibited Uses of your Marketplace

Let your users know what they aren't allowed to do with your service. This should be very detailed and specific.

Here's how eBay includes prohibited uses in its User Agreement:

eBay User Agreement: Prohibited use clause

You can also take the approach of setting rules for using your marketplace service.

Governing or Applicable Law

The Applicable Law clause in your Terms and Conditions agreement provides information about which governing body is responsible for settling any disputes, and what law any disputes will be decided under.

This can be very important with the more global your business is. If you don't set your governing law and your U.S.-based business is sued by a shopper in Ireland, you don't want to risk Irish law applying to your case.

eBay lets users know that arbitration is their only method for resolving a conflict and that the laws of the state of Utah will apply.

eBay User Agreement: Applicable Law clause

Here's an example of a clause that declares what law will govern the agreement:

Upwork Terms and Conditions: Choice of Law clause

Payments and Billing

If your website involves subscription fees or payment for goods, services or memberships, you must address all of this in your Terms and Conditions. Omitting your policies for payment-related information could lead to issues such as the inability to collect.

Or, in the case of third party platforms that connect buyers and sellers in which you personally aren't selling any goods or services, your T&C should point that out in order to avoid entangling you in any payment disputes.'s Terms and Conditions agreement features a Purchase Terms clause which lets users know that it is not responsible for product descriptions and prices, and that by making a purchase users agree to authorize Plantly to charge their account for its fees.

Plantly io Terms and Conditions: Purchase Terms clause

Alibaba is a marketplace that allows sellers to market their products and buyers to purchase them, though Alibaba itself is not selling any goods and services. Its Terms agreement explicitly states they are a third party, representing neither buyers or sellers, and providing only a platform to connect buyers and sellers.

Alibaba Terms and Conditions: Transactions Between Buyers and Sellers clause

Fees you Collect

Because you're operating as almost a middleman of sorts with your marketplace, you're likely collecting fees from at least the sellers. It's wise to include a clause that discloses this and details the fees so that your users won't be surprised or upset and try to dispute any fees when you attempt to collect them.

Here's how eBay covers its seller fees in its User Agreement:

eBay User Agreement: Fees and Taxes clause

When you operate a marketplace, you'll have a number of different brands and companies involved on your website, each with its own unique copyright protection. That's a lot of opportunity for infringers to cause issues.

In the United States, the Digital Millennium Copyright Act (DMCA) makes it possible to hold businesses accountable for Copyright Infringement even if they don't own the content. To protect your interests, it is recommended that a Copyright Infringement policy include a method for reporting violations, as well as clearly stating your rules for obeying copyright laws.

Here's how Amazon handles copyright matters:

Amazon Report Infringement page: About Form section with form links highlighted

eBay's Copyright Infringement clause specifically mentions the DMCA and also provides a link to where users can report a potential copyright infringement.

eBay User Agreement: Notice for Claims of Copyright Infringement under DMCA clause

You should also address intellectual property rights in a T&C to further protect your content.

Disclaimer of Warranties and Limitation of Liability

You will want to let your users know that your service is provided "as is" and that you will not be held liable for damages as a result of inaccurate content, financial damages caused by service downtime, malware, etc.

This is known as a disclaimer of warranties and limitation of liability clause.

Sometimes users might encounter problems with your website. A seller may lose business because of some unexpected downtime. A buyer may catch a virus through one of your third party links. A Disclaimer of Warranties and a Limitation of Liability can protect you from liability in these circumstances and others.'s Terms and Conditions agreement includes a Disclaimer of Warranty clause that its Site and Services do not come with any warranty, and lets users know that it is not liable for any damages or loss of any kind:

Plantly io Terms and Conditions: Disclaimer of Warranty clause

The Content Liability clause in's Terms and Conditions agreement lets users know that it is not responsible for its vendors' content:

Plantly io Terms and Conditions: Content Liability clause

Vendor Terms

Including a vendor terms clause in your Terms and Conditions agreement provides sellers with a clear set of guidelines that they must follow in order to list items on the marketplace site.

Vendors on eBay must comply with the Listing Conditions clause in its User Agreement in order to sell items on its website:

eBay User Agreement: Listing Conditions clause excerpt

Account Termination

Your T&C can help you maintain control over your online marketplace by helping you reserve your right to terminate accounts as you see fit. If someone is selling illegal products, committing fraud or using your platform in another undesirable way, you can terminate their account. And by stating in your T&C that you may do so will make it difficult or impossible for the violating party to take any legal action against you.

Here's an example of a termination clause that outlines when the company may terminate an account, while also retaining the right to terminate an account at any time and for any or no reason:

Laird Superfood Terms of Use: Termination clause

Now we'll look at what your marketplace Return and Refund Policy should contain so that your customers and clients are the most satisfied.

Return and Refund Policy Clauses for Marketplaces

Return and Refund Policy Clauses for Marketplaces

Your marketplace Return and Refund Policy will be where you highlight the fact that each seller should have their own return parameters in place, and that you may be available to intervene in some specific cases if needed.

For example, here's how eBay lets shoppers know that it's available to help if a seller doesn't respond or doesn't process a valid return after so long:

eBay Return an Item for a Refund: Get Help from eBay section's Return and Refund Policy describes the timeframe in which customers can request a refund for their purchases, as well as letting them know that its Refund Policies vary and are unique to each seller:

Plantly io Returns and Refund Policy

Here's how Etsy outlines that each seller may have a different policy when it comes to returns and refunds, so shoppers should check for these policies before making a purchase:

Etsy How to Return or Exchange an Item page: How do refunds and returns work and What are listing policies sections

Finally, let's look at what you should include in your Cookies Policy if you have one for your marketplace.

Cookies Policy Clauses for Marketplaces

Cookies Policy Clauses for Marketplaces

A Cookies Policy should provide users with details about the cookies the marketplace and third-parties may use. It should also give users steps for opting out of the use of cookies.

List of Cookies You Use and Why

This clause lists the cookies you use and the reasons that you use them. If you're not sure what cookies you use, you can do a cookies audit.

Check out our FAQ for Cookies for Businesses for further information.

When users click on the Mercari Cookie Preferences link, it opens a pop-up box that includes information about the types of cookies it uses, including required, functional, and advertising cookies:

Mercari cookie details and preferences page

Third-Party Cookies

Marketplaces that allow the use of third-party cookies should include a clause in a Cookies Policy describing the circumstances in which third-party cookies are used.

For example, Nextdoor's Advertising and Cookie Policy explains that its services allow third-party social media login, analytics, and advertising cookies:

Nextdoor Advertising and Cookie Policy: What kind of third-party cookies are used section excerpt

Opting Out of Cookies

This clause explains how users can opt out of cookies. Many websites use a pop-up box to get cookie consent from users, but including steps within your Cookies Policy describing how to manage cookie settings ensures that users have more control over their privacy.

Vinted's Cookie Policy includes a How can I manage cookies? clause that lets users know what steps they can take to accept, decline, or deactivate cookies, as well as how to set their cookie preferences:

Vinted Cookie Policy: How can I manage cookies clause excerpt

Displaying and Getting Users to Consent to Legal Agreements for Marketplaces

After you have your legal agreements created, you need to display them appropriately.

This article won't go into this topic much. To summarize, you'll need to display them somewhere easy to locate such as via links in your website footer. And you'll need to get agreement to their terms where appropriate by a clear, recordable method such as an "I Agree" checkbox.

Here are some helpful resources to explore this topic more and get guidance on best practice methods:


An online marketplace is a website where sellers can list their items for sale. Online marketplaces take care of processing the transactions between buyers and sellers.

There are state, federal, and global laws that require online marketplaces to maintain certain legal policies. It's a good idea for your marketplace to have links to a Privacy Policy, Terms and Conditions agreement, Return and Refund Policy, and Cookies Policy on its website and app, if applicable.

With the continued expansion of privacy laws comes the need for adequate legal policies that inform users about their rights and help to provide legal protection for your organization.

Your legal policies should include clauses that help to inform users of what their rights and responsibilities are when using your services.

Marketplace-specific legal agreement clauses can include:

  • A Privacy Policy clause letting users know that a third party seller/vendor's Privacy Policies may differ from the marketplace's Policy
  • A Terms and Conditions clause specifying vendor terms and what isn't allowed on the platform
  • A Return and Refund Policy clause informing users that Return Policies vary by seller
  • A Cookies Policy clause that explains any third-party cookies that users may encounter when using your site and any actions the user can take to limit this

Don't forget to display your legal agreements appropriately and get valid consent.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy