Legal Agreements if You Sell Online

When you sell products online you need to make sure that you have the proper legal agreements in place in order to protect your customers' personal information and comply with applicable state, federal, and international laws.

This guide will cover the legal agreements you should have if you sell products online. It will go over some of the laws requiring these legal agreements, and what you need to know about selling on a website, through an online marketplace, or through a dropshipping model. It will also take a look at the legal agreements you should use when selling internationally and the differences in legal policies for physical and digital products.

Legal Agreements Required for Selling Online

Having a Privacy Policy, Terms and Conditions agreement, Return and Refund Policy, and Shipping Policy accessible online can help to inform users about their rights and responsibilities, and help you to comply with privacy and data protection laws.

Here's a brief overview of each type of agreement and why it's needed.

Privacy Policy

Your Privacy Policy is a document that describes how you collect, use, share, and store users' personal information, and lets users know what rights they have concerning their personal information.

Your Privacy Policy should include the following information:

• How you collect personal information
• How you use the collected information
• What third parties or service providers you share the information with
• How (and how long) you store the information you collect
• What security measures you take to keep the information you collect safe
• Your contact information

This table of contents from eBay's User Privacy Notice highlights common sections seen in a Privacy Policy addressing the kinds of data collected and for what purpose, how long the data is stored, how it is kept safe, and data subject rights, among other clauses:

Terms and Conditions Agreement

Your Terms and Conditions agreement (also referred to as Terms of Use, Terms of Service, or just Terms) lets users know what rules they need to follow in order to make purchases from you. It helps keep users informed while helping to limit your liability and maintain your control over your sales process.

Your Terms and Conditions agreement should contain information on the following when relevant:

• Electronic communications consent
• Copyright information
• Granting users a temporary license to use your product
• Disclaimer of warranties
• Limitation of liability, informing users that you are not responsible for any damages they may incur from their transaction with you
• Who to contact if they have a dispute
• Governing law
• Termination rights, letting users know that you reserve the right to terminate their accounts for any reason
• Payment information
• Any other information users need to agree to in order to buy your items through an app

Here's the table of contents from Nextroll's Terms of Service agreement that shows the types of information covered in the agreement including payment terms, intellectual property rights, customer responsibilities and resolving disputes:

Return and Refund Policy

Your Return and Refund Policy explains how users can return a product and request a refund. Your Return and Refund Policy can be included within your Terms and Conditions agreement, or it can function as a separate agreement.

Your Return and Refund Policy should cover the following points:

• The time limit for returning a product or requesting a refund
• The circumstances in which you fulfill return or refund requests
• What types of products are eligible for returns
• Where customers should send returned items
• Any return fees customers need to know about

Vestiaire Collective is an app where users can buy and sell used clothing. Its Return Policy explains that items purchased from Individual Sellers can be relisted but not returned, while items purchased from Professional Sellers can be returned within 14 days of the purchase for a full refund:

Shipping Policy

Your Shipping Policy lets users know shipping details, such as shipping timelines or any fees they need to be aware of.

Amazon's General Shipping Information page's table of contents includes information about deliveries, packaging, shipping restrictions, and delivery photos:

Now that you see some of the key legal agreements for when you sell online, let's take a look at some of the laws you need to be aware of, that will also affect these legal agreements.

Laws to Be Aware of When Selling Online

There are several privacy and data protection laws that you should be aware of when selling online. These laws include refund, privacy, and customer protection regulations.

Return and Refund Laws

While there are currently no federal U.S. laws concerning refunds, there are some international and state refund laws that apply to anyone who does business with residents of the area where the law originates.

California Civil Code

Section 1723 of California's Civil Code requires businesses to post a Refund Policy if it includes any requirements that the average consumer wouldn't expect.

For instance, most consumers can expect a Refund Policy to provide either a full refund or an exchange for a product of equal value if they are unhappy with a purchase. If your Refund Policy does not include those expectations, then you are required to post your Refund Policy and explain the conditions that consumers must meet in order to receive a refund, exchange, or credit.

Many states have similar types of laws, most revolving around the need to display your return and refund parameters and requirements in order for them to be enforceable. Become familiar with state laws, and always display a Return and Refund Policy to ensure compliance.

Consumer Rights Directive

The European Union's (EU) Consumer Rights Directive applies to any company that does business with EU citizens, and requires applicable organizations to give consumers a 14-day withdrawal time period, during which time they can return a purchase for a full refund.

If businesses fail to inform consumers of the 14-day withdrawal period, the time frame automatically extends to one year.

Privacy Laws

Whenever you collect personal information from people, you need to make sure that you are complying with applicable privacy laws. These laws can be found around the world, so at least one surely applies to your online business.

GDPR

The General Data Protection Regulation (GDPR) is the EU's primary privacy legislation. It grants European residents specific privacy rights, and informs businesses how they should treat the personal data that they collect or process.

The GDPR applies to any businesses that collect or process personal data belonging to EU residents, and violations of its requirements can result in substantial financial penalties. It requires applicable businesses to inform EU consumers of their privacy rights and to let them know how their personal information is collected, processed, shared, and stored.

A Privacy Policy can help you to comply with the GDPR.

CCPA/CPRA

The California Consumer Privacy Act (CCPA) was amended and expanded by the California Privacy Rights Act (CPRA). The CCPA (CPRA) functions to protect the privacy rights of California consumers. Similar to the GDPR, this law requires certain businesses that collect personal information from California residents to inform them of their rights and how the information is used.

You can use a Privacy Policy to help you to comply with California privacy laws.

Customer Protection Laws

There are several customer protection laws that you need to be aware of when selling goods through your mobile app, including the U.S. Federal Trade Commission Act and the United Kingdom's (UK) Consumer Rights Act.

Federal Trade Commission Rules

The Federal Trade Commission (FTC) helps to protect U.S. consumers from deceptive and unfair business practices. There are certain circumstances in which you need to disclose specific information and give users options in order to comply with FTC rules.

For instance, the FTC requires anyone who sells online to comply with its Prompt Delivery rules by clearly stating their shipping period, which should take no longer than 30 days.

Ensure that your Shipping Policy informs users of your shipping period and include disclosures in your Terms and Conditions agreement to help you comply with the FTC's guidelines.

UK's Consumer Rights Act

The UK's Consumer Rights Act of 2015 requires goods sold to UK consumers to meet certain standards of quality and to match their description. It also gives consumers the right to receive repairs or replacements for faulty goods.

The table of contents of the Consumer Rights Act outlines the rights UK consumers have when they make a purchase:

Now let's look at some scenario-specific details about online sales, from mobile apple and marketplaces to your own website versus dropshipping models of sale.

While there are many similarities between each model, there are some differences that you should be aware of when it comes to legal agreements.

Selling Through Your Own Website

Whether you sell products through your own website or through an app you developed, the legal policies you need to have in place are the same, with some variations in the clauses you will want to include.

You should maintain an ecommerce-ready Privacy Policy, Terms and Conditions agreement, Return and Refund Policy, and Shipping Policy on both your website and available via your app.

It's a common best practice to display your legal agreement links in the footer of your website. This is where people tend to look for a collection of important links.

Here's an example:

Depending on the nature of your site and exactly what you're selling, the content of some of these legal agreements can change. Some of the later sections in this article can hold relevant information for your site if you sell things such as digital products or subscriptions.

If you are selling through an app that you developed, you should consider writing a special mobile app Terms and Conditions agreement that contains the following important clauses:

• What kind of devices your app is compatible with
• A restrictions clause that describes prohibited uses of your app, such as tampering with the app's source code, sublicensing the app, or trying to override the security settings of the app
• An intellectual property clause that lets users know that the content of your app is owned by you, and that their use of your app does not grant anyone else ownership over its content
• A licensing clause that gives users a temporary license to access your app's content
• A disclaimer that lets users know that you are not responsible for their behavior when they use your app
• A fees clause that informs users that they are responsible for paying any fees associated with making purchases through your app, including recurring subscription fees

The Ultimate Guitar app's Terms of Service includes a Service Fees clause that lets users know that they are responsible for paying their recurring subscription fee, and that they can cancel their subscription at any time

While it can be tempting to just copy and paste another business's legal agreements, it's important that you make your legal policies your own. That means examining the refund, privacy, and customer protection laws that apply to you and your customers, and making sure that the clauses in your policies reflect your business's unique practices.

For instance, if your mobile app provides users with a subscription option, you will need to make sure that your Terms and Conditions agreement includes a clause describing how long the subscription lasts and what associated fees the user is responsible for.

Selling Through a Mobile App

When selling products through a mobile app, there are special legal considerations you need to keep in mind. Your mobile app should have a Privacy Policy, Terms and Conditions agreement, a Return and Refund Policy, and an End User License Agreement (EULA).

If your ecommerce app collects any data about your customers, the law in most countries requires that you must have a Privacy Policy. It's required for websites, it's required for mobile apps.

Both the Google Play Store and the Apple App Store require that apps that you publish on their stores must have a Privacy Policy, even if you don't collect any personal data.

Check out our guide on how to add a Privacy Policy URL to your Android app for more information.

You can use the same agreement on both your website and mobile app, as long as it addresses the full range of personal information you collect on both the site and app.

Here's an example of a Privacy Policy clause from Reflectly that outlines what personal data is collected via the app:

Don't forget to include how you use the information collected from the app:

Your Terms and Conditions agreement can also be the same that you use for your website, but make sure you include information and rules relevant to themobile app such as how not to use the app.

Display your agreements in an in-app menu:

Many mobile apps, ecommerce or not, will also need an EULA.

An EULA is a contract between you and the purchaser of your app or software, and it gives the purchaser the right to use that copy of your app after they've paid for it.

A mobile-optimized website does not need an EULA because the user is not downloading software. But a mobile app is software, so your user needs a license to use that copy of the software before they can purchase anything through the app.

If you don't have an EULA, Apple has a default agreement that binds the user when they download your app. Apple's default EULA includes things like defining the scope of the license, consent to using the data gathered about the user's device, a limitation of liability, exclusion of liability for third party materials, and an exclusion of warranties.

Check out our article on how to create a custom EULA that meets Apple's minimum requirements for more information.

Google does not have a default EULA. However, the Distribution Agreement of Google Play Developer requires that you grant your users a "non-exclusive, worldwide, and perpetual license to perform, display, and use the Product on the Device."

Google allows you to use your own EULA. So if you include your own EULA, Google's broad license above will not apply.

If you want to use your own EULA, you should make sure that the agreement covers the following:

• The terms and scope of the license (i.e. what your users can do with the app, and what they aren't allowed to do, such as make additional copies of it, share it, or modify it)
• Any licensing fees
• Warranties and disclaimers
• Limitation of liability
• Revocation or termination of license
• Intellectual property information such as trademarks included in the app and restrictions on using them (e.g. modification and copying)

As both the EULA and Terms and Conditions agreement cover different aspects of how your users use your app, in most cases it's important to include both of them, but make sure that you don't include the same terms twice or have conflicting terms.

If you only want to include 1 legal document, at the very least draft a good Terms and Conditions, and include all of your licensing information within it.

Selling Through an Online Marketplace

Online marketplaces are websites or apps like Amazon or Etsy where consumers can find and make purchases from a variety of different vendors, all centralized on one platform.

If you sell products via an online marketplace, you will want to make sure that you have marketplace-relevant legal agreements in place such as Privacy Policies, Terms and Conditions agreements, Return and Refund Policies, and Shipping Policies.

While most online marketplaces will have their own legal agreements, it's important to make sure that you maintain your own policies as well.

Your policies will need to include marketplace specific-clauses about what steps you take to comply with applicable refund, privacy, and customer protection laws. It's also a good idea to take a look at the marketplace's policies and make sure that your legal agreements meet their requirements.

Etsy's Privacy Policy includes a Buying and Selling section that lets users know that it and its sellers will only advertise its Services or the sellers' products with the consent of its users:

Nolia Jewelry, an Etsy vendor, uses its Privacy Policy to inform users that it uses the personal information it collects for advertising purposes, and takes a step toward assuring user consent by providing links for opting-out of targeted advertising:

If you sell in an auction marketplace, check out our article Terms and Conditions for Online Auction Platforms.

Selling Through the Dropshipping Model

Dropshipping is a business model that enables you to sell products without keeping them in stock yourself. When a customer makes a purchase from your online store, you can fulfill the order by buying inventory directly from the manufacturer.

While the manufacturer is responsible for shipping the items to the customer, you will still need to make sure that you have appropriate legal agreements in place.

Dropshipping stores typically have a Terms and Conditions agreement, Privacy Policy, Return and Refund Policy, and a Shipping Policy.

As with selling via online marketplaces, if you're using an ecommerce platform for your dropshipping store, you should make sure that your policies are congruent with the platform's policies, and that both you and the manufacturer handle customers' personal information in a way that complies with any applicable laws.

BigCommerce is an ecommerce app that allows its vendors to use the dropshipping model to sell products. Its Privacy Policy includes a Merchant Policies clause that lets merchants know that they must maintain a compliant Privacy Policy on their storefronts, process data legally, and get consent from consumers before using their personal or sensitive personal data:

Wildflower Cases, a popular dropshipping store that sells phone cases, uses its Privacy Policy to inform users that while it does not currently need to meet the criteria required to comply with the CCPA, it values their privacy, and gives instructions for how users can make a request for information about how their personal data is disclosed to third parties:

It's important to make sure that the manufacturer, the ecommerce app, and any other third parties (such as payment service providers) treat customers' personal information with the same level of care that you do, so make sure to read the policies of the dropshipping entity you work with to ensure it seems compliant.

Selling Internationally

In the U.S., shipping to all contiguous states is easy to do because interstate commerce is incredibly streamlined and state lines don't change much when it comes to commerce.

Because of this, your U.S.-based, U.S.-sales-only ecommerce store's legal agreements will be able to be of a one-size-fits-all-states nature.

However, things change a little when you get into selling internationally:

• Shipping: International shipping is more costly, takes longer, and may involve required forms, documents and other legalities.
• Returns: Returns from international locations will be more expensive to make. Will your Refund Policy change for international buyers versus domestic buyers?
• Payments: You'll need to consider costs of tariffs, taxes, customs, and other fees. Will you work with one main currency, or accept other forms?
• Arbitration: How will you handle situations where arbitration may arise between your U.S. company and an overseas disgruntled customer?

Because each of these points are addressed in standard legal agreements, your legal agreements will need to be altered a little to reflect international selling practices.

You don't necessarily need to have two separate sets of agreements (one for local sales, one for worldwide or international sales), but you may find yourself having a "domestic" section as well as an "international" section within your legal agreements.

At minimum, you should make sure that your policies include clauses about international sales.

These clauses should explain differences in international shipping costs and shipping times, any fees associated with international returns, what kinds of currency and payment forms you accept, and how you handle international legal disputes.

When it comes to shipping, you can include shipping rates for each country if you ship to many of them:

Consider using creative ways to divide up information between domestic and international sections, such as the following tabbed chart:

Clicking on the tab toggles the chart:

For more detailed information, add clauses to your Terms and Conditions agreement like in this example from ShopBop. Topics such as refusing payments, import fee deposits and other issues that may arise with international shipping are covered here:

Your return requirements will likely be different for domestic versus international customers due to costs associated with returns.

Here's an example of how you can display this information in a Return and Refund Policy, or as part of your Terms and Conditions agreement:

Luckily, due to the global nature of ecommerce, taking payments from people around the world will usually not be an issue. Payment service companies such as PayPal will convert currency automatically, and even provide safeguards for you and your customers.

However, some forms of payment may understandably not be accepted when making an online purchase, especially an international one.

Here's an example of how you can let shoppers know what forms of payment are accepted, as well as which forms are not accepted:

You're going to want to have an arbitration clause to protect yourself against lawsuits and help keep control over arbitration actions.

Most arbitration clauses will name what law and venue (typically a state in the U.S., if you're based in the U.S.) will lead the arbitration.

Arbitration clauses for companies that have international customers typically reference an international arbitration court that will be used in the event of international arbitration. Such international courts include the International Court of Arbitration, a branch of the International Chamber of Commerce (ICC).

Here's an example of such a clause:

It says:

"If you are not located in, are not based in, do not have offices in, and do not do business in the United States, any arbitration between you and Spotify will be finally settled under the Rules of Arbitration of the International Chamber of Commerce then in force by one or more arbitrators appointed in accordance with the ICC Rules..."

To help keep international business as successful as possible, remember to do the following:

• Always include your business information (such as address, email address and telephone number) on your website, emails and other commercial communications so international customers are aware of just who they're dealing with and how to contact you,
• Make it clear that international transactions can be costly, and that some rights may be waived, such as the ability to make returns, or warranties and guarantees that don't carry across country lines, and
• Take security and privacy seriously, especially when it comes to financial information collected from customers around the world. Include a Privacy Policy that lets your customers know exactly what information and data you're collecting from them.

Communication is key when it comes to doing business internationally.

Selling Digital Products vs Physical Products

Whether you sell physical or digital products, you will want to make sure that you have a Privacy Policy, Terms and Conditions agreement, and Return and Refund Policy. A Shipping Policy will only be necessary when you sell physical products.

Check out our article Legal Agreements for Digital Products for more detailed information on each of these agreements.

Privacy Policy for Digital Products

You can use your Privacy Policy to inform users how their personal information is affected when using digital products they purchase from you.

For instance, certain digital products allow users to interact with one another and share their personal information, which is something users need to be made aware of.

Here's how Adobe outlines such details in its Privacy Policy:

Terms and Conditions Agreement for Digital Products

Your Terms and Conditions agreement should include a licensing clause that gives users a temporary license to use your digital products.

Here's how WhatsApp notes this in its Terms agreement:

If your digital products allow users to interact with one another, you should make sure to include a clause outlining the rules they need to follow in order to do so. This is often referred to as "acceptable use."

Here's an example again from WhatsApp of a sub-section of its Acceptable Use clause:

Keep in mind that while a standard website's Terms agreement will outline rules for using that site, if you sell digital products on that site and provide licenses, your Terms agreement will have another layer of information. You will still want to limit the use of your site, for example, but now you will also want to limit the use of your "product."

Return and Refund Policy for Digital Products

If you sell digital products, you will need to address how you handle returns and refunds on such items in your Return and Refund Policy. These items tend to have much stricter return limits than tangible goods due to their nature.

When writing your Return and Refund Policy you should take into account whether it's an extensive product, such as a course, vs a simple downloadable, and how offering returns might affect your bottom line.

Digital products are often subscription-based, making them non-returnable. If you do allow returns for your digital products, you should let users know how long they have after making a purchase to request a return.

Here's an example of how a Refund Policy clause can look:

Check out our article Return and Refund Policy for Digital Products for more detailed information, including laws regarding this topic.

Summary

Some of the main legal agreements you should use when selling online are:

• Privacy Policy
• Terms and Conditions agreement
• Shipping Policy
• Return and Refund Policy

There are several refund, privacy, and customer protection laws you should be aware of when selling through your mobile app, including:

• Consumer Rights Directive
• California Civil Code
• GDPR
• CCPA (CPRA)
• FTC rules
• Consumer Rights Act

When selling through an online marketplace, you will need to check that the policies available via your app are in alignment with the marketplace's policies.

As with selling through an online marketplace, if you sell through a dropshipping model you will need to make sure that your policies match those of the manufacturer. It's important to ensure that the manufacturers you purchase inventory from and any other parties involved treat customers' personal information appropriately.

When selling internationally, you should include international sales clauses within your legal agreements.

When selling digital products, you should make sure that your legal agreements include relevant clauses, and that your Return and Refund Policy lets customers know whether or not your products are eligible for returns, refunds, or repairs.