Legal pages for your startup

Legal pages for your startup

Most software developers when developing an MVP for their startups think that the legal stuff is something that can just be done later.

But they don't realize that it's important to establish this legal stuff before they release the product, particularly given the product development role of the MVP during the initial phases of the startup: to collect information from customers.

For this reason, a Privacy Policy page is absolutely vital. A legal page for the Terms of Service agreement is also important, as even though your startup's service or product is still in development, you need to ensure that you have the legal agreements to govern the relationship between you and the users using your service or product.

Finally, disclaimers and warranties (as well as a refund policy) are important to reassure your customers about what exactly the service or product is, what it isn't, and what they can do if they are unhappy with it.

The Privacy Policy page

The Privacy Policy agreement is one of the most crucial documents for a startup, due to the unique role of the MVP in product development.

You're likely collecting a lot of information about your users either to improve existing features, create new features, or testing the viability of different pricing schedules or even considering whether anyone will pay for your service.

Whenever you collect data about your users, you're collecting and storing their private information. The law in most countries requires that you deal with this private information in certain ways and disclose what you're doing.

The most effective way of covering off these privacy bases is to set up a Privacy Policy agreement and implement good privacy practices within your company to meet all these your legal obligations.

So what's the law?

The US does not have an overarching privacy law, but CalOPPA law has a number of requirements for a Privacy Policy agreement.

It requires that your legal agreement must be displayed as a standalone document and must detail what kind of personal information you collect from users, what you'll do with that collected personal information and who it will be shared with (if anyone).

If you have any users of your service or product in the US, it's likely that some of them will be from California and you should ensure that you comply.

Likewise with the UK and Europe: if there's a possibility that some of your users are from UK or Europe, ensure that you follow the laws.

UK is party to what's called the EU Data Protection Directive 1995. This directive sets out data collection principles that describe how you should collect data, what you can do with it, and what you need to tell your users.

This directive is covered by UK's privacy law, the Data Protection Act 1998. The principles covered by both of these pieces of legislation are:

  • Users must be notified when you're collecting their data
  • Personal data should only be collected for specific (and lawful) purposes
  • That data collected should be adequate and relevant for the purpose
  • Personal data should be accurate and kept up to date
  • Personal data should not be kept for longer than necessary
  • Appropriate security measures should be put in place
  • Personal data must not be transferred to a country or territory outside the European Economic Area (EEA) unless that country or territory also ensures an adequate level of protection for that data collected

To comply with these laws, your legal agreement should set out:

  1. What kind of personal data you will collect
  2. How you'll protect and store that personal data collected
  3. What you'll do with the personal data collected
  4. In what circumstances you'll release the personal data collected
  5. How your users can see what personal data you hold on them, and how they can change, delete, or update that data
  6. Dispute resolution
  7. Effective date of the legal agreement
  8. What changes were done to the legal agreement previously and how notices of these kind of updates would be sent to users

Here's an example of a short from the Privacy Policy from Art's International Bakery that covers a few of the main points (what type of data is collected, what will be done with it, and when it will be released):

Screenshot of Art's International Bakery Privacy Policy

The Terms of Service page

A Terms of Service agreement is also very important, as it sets out the rules for both the use of your service or website and the relationship between you (the service owner) and your users.

This kind of legal agreement usually contains the following clauses:

  • A list of definitions of key words and phrases
  • The rights and responsibilities of users
  • What is the proper or expected usage of the service or product
  • Clauses related to intellectual property protection
  • Information regarding the accountability for online actions, behavior, and conduct of users
  • If your startup is developing a SaaS app, disclosures related to payment details such as membership or subscription fees
  • Disclaimers and warranties
  • Procedure for user accounts termination, if available
  • Exclusion or Limitation of Liability clauses clarifying the service/product's legal liability for damages incurred by users
  • Notification upon modification of this legal agreement

Having a good Terms of Service agreement protects you in a number of ways.

First, by establishing the proper or expected usage of the service or product (as well as accountability for user behavior or conduct, and user account termination procedures) you can ensure that rogue users are not permitted to take actions that harm you, your service, or your other users.

Intellectual property protection clauses are also important, as they set out how your trademarks, branding, and copyrighted material can be used. If your website or app allows user-generated content, make sure that you establish that your app or website has a license to use that content for the purpose of operating your service.

Disclaimers and warranties are especially important for your service/product, as the product may be not fully developed and may not have all features that a user would expect.

Information related to warranties in your Terms of Service agreement can set clear expectations for what your service can and will do, and what it will not.

If your startup is still developing an MVP, users might purchase a service or product they may not be satisfied with the lack of features. Particularly if you're testing the willingness of users to pay or examining different pricing schedules, some users may find that your current service/product is overpriced and may want to obtain a refund.

It's important to include a Refund Policy as part of your business that outlines clearly in what circumstances you'll provide a refund. Local laws may also apply to you, and some require that you give a refund if the product is not "fit for purpose" i.e. if it doesn't do what you said it would do.

For example, in the UK you must give a refund if the product is faulty, not as described or doesn't do what it's supposed to.

In addition, distance selling laws in the UK require that if you're selling your product online or by way of phone or mail order, you must provide a refund if the customer requests one within 14 days of them receiving the product.

In the US, there's no federal law on returns or refunds, so your obligations will differ state-by-state. However, California law requires that you must clearly post your Refund Policy unless you offer a full cash refund, exchange, or store credit within 7 days of the purchase date.

If you don't display this kind of policy customers may return goods for a full refund within 30 days. In Florida, if you don't offer refunds you need to do the same, and if you don't do this a customer may return goods for a full refund within 20 days of the purchase.

To avoid these issues, clearly and frequently display your refund policies on your website or in store, and also make sure that you set up a clear disclaimer about what the product does, and what it doesn't do.

It's useful for purchasers if you include a "Beta" tag on any computer software to indicate that the product is still in development, so that your users do not unfairly expect the current service or product to function in ways it cannot.

This is what I mean by a "Beta" tag:

Screenshot of PHPKB 7.0 Beta Release page

You can see the word "Beta" in the release title that clearly indicates to customers that this product may not be complete.

Always remember that no matter how new your product is, and regardless of whether it's in test or development, you need to cover your legal obligations to protect both you and your customers.

Particularly, if you're collecting user or market information with your product, a Privacy Policy is important. a Terms of Service and Refund Policy can also help to set clear expectations for customers and users of your product so that you don't end up in legal hot water.

Leah H.

Leah H.

Qualified Solicitor. Writer.

This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.