

Ask HN: What legal mumbo jumbo does my startups website need? - helly

I am running a typical web startup. A website about my favorite topic. Running on a LAMP stack. Using Analytics, Adsense and affiliate links from Amazon and other retailers.<p>Users love it. I get over a million monthly pageviews now. I am very happy that people like what I build. Life is good.<p>I do it all completely based on what people want me to do. I run user surveys all the time and talk to users directly.<p>One of the things nobody ever asked for - and therefore is absent on my site - is legal mumbo jumbo.<p>Somehow I feel that might cause problems at some point. So what should I put up?<p>Lately I got an email from Google saying that users of their services shall put up that annoying &quot;This site uses cookies. Click here to get rid of this popup.&quot; message to european visitors. I don&#x27;t know any local european sites that do that. But when God^Hogle says so, you better comply, right? So looks like it&#x27;s time to implement geotargeting.<p>That probably also implies putting up a privacy policy, as the full message in that popup shall be &quot;This site uses cookies. OK|MORE&quot; and MORE linking to the privacy policy. If I understand it correctly.<p>Similar with Amazon who wants publishers to put up an &quot;Ad Disclosure&quot; statement on their site. It&#x27;s unclear where that has to go and if you have to link it from every page and if that can go on the &quot;About&quot; page or on a separate &quot;Ad Disclosure&quot; page or whatever Amazon wants. They don&#x27;t give any more info about this requirement.<p>And then there is the local law. Sites in my country have to carry the information who runs them, the owners address and an &quot;easy way to contact the owner&quot;. So either email or telephone I guess.<p>Can these 3 things (Address, Privacy Policy, Ad Disclosure) be put on one page? Is it enough to link to that page from an &quot;About&quot; link on every page of the site?<p>Anything else that I have to put up? How do you guys handle this?
======
sbfeibish
Of course, the best course of action is to have a lawyer draw up the "Terms",
etc.

That said.

I think you can get "Terms" from Google and several other companies like
WordPress/Automattic under a Creative Commons License. I'm sure you can find
boiler plate terms of service all over the internet. Just do a search.

The Europeans can hit you with a stiff penalty for not having a cookie/privacy
policy. (But probably won't.)

"The ICO (the body responsible) has the power to serve penalties of up to
£500,000 (about $800,000) to organisations that seriously breach the law."

In Spain:: "Two companies were investigated and fined. The decision concludes
that the two companies had failed to comply with the obligation to provide
clear and comprehensive information about the cookies they used.

"The total amount of the fines, 3,500 EUR, is very modest, especially if one
considers the great enforcement powers of the Spanish DPA who could have
potentially issued a fine up to 30,000 EUR per infringement in this case."

~~~
sbfeibish
Note that several U.S. states have varying requirements for a cookie/privacy
policy also.

------
codegeek
Usually, 2 things at a high level:

    
    
      - Privacy Policy
    
      - Terms and Conditions
    

For address and contact, just create a "About us" or "Contact" page and add
those information there. Have these in your top level menu on every page.

Privacy policy is where you talk about what you do with user data, cookies
blah blah. What information do you collect and what you do with it. Check out
any well known SAAS and get inspired :).

Terms and conditions is where you define the rules of your system. Remember
this is your system and you want to set the rules even if you have paying
clients. What users can do, what they cannot and should not do. For example,
if you offer ecommerce platform, then users cannot sell drugs etc. If users
want to cancel their account, what needs to be done and what you offer. Things
like that.

Oh, and always put a "Last updated" date on top of the Privacy Policy and
Terms and Conditions page. This helps reassure that you are constantly looking
at this. Don't fool the users though by using dynamic system date:)

Finally, whenever you update these, send an automated email to let your users
know. Not sure if this required by law in some countries.

------
rajacombinator
With a million monthly page views it's probably worthwhile paying a few grand
to a lawyer for help with this ...

