IANL, but I'll take a risk here and say you don't need anything at all. I don't think reddit had any legal boilerplate when they launched, for example.
No one cares about this kind of stuff till you're big. So get big and then worry about it.
I suppose it depends on your product really, if you're storing credit card numbers you'll need to think about what you are responsible for legally, which can change from state to state. That being said, if you're doing some kind of social app I wouldn't be too worried about the legal stuff. I would write up something that tells the user you're going to do your best to keep their data safe and available but you can't promise 99.9% uptime or anything. I think a well written paragraph telling the users what they should expect, and what they will have to agree to, will go alot further then pages of legalise.
When you accept money you're establishing a contract, so you'll want to limit liability to just getting their money back. You'll want to establish what courts might be used for dispute resolution. You'll need to be explicit about any behaviors that would result in you terminating their service without refunding their money.
Your users agree to certain obligations as part of the contract; you should too. Make privacy a contractual obligation on your part, not just a policy.
Sounds like a bad plan to make privacy a contractual obligation, because then you're undertaking a legal obligation not to have your server hacked. No one who understands servers would do that.
ourdoings.com "Agrees not to use or disclose your personal information, or the personal information of others who use your site, without permission for any purpose other than providing and improving this service, except as required by law."
If someone breaks into the datacenter and physically steals the server (a more realistic scenario than the server being hacked) I don't think that would count as "disclosing". But I'm in Massachusetts where courts seem to have a higher-than-average degree of common sense.
This is the kind of thing that you should probably not spend any time on. Risk is the name of the game and this is one of the smallest.
It might even be riskier post copy/paste legal documents. Because you're not a lawyer you don't know what ramifications it could have on any future litigation.
So I am about to launch a product that I have been working on for some time now. The question I have is does anyone know what legal stuff and exceptable use policies I need and where I could get some. I don't have cash to get a lawyer to do this.
In Canada at least, legal notices are not themselves protected. The same is probably true in the US. You can copy them, but obviously someone else's policy might not be what you want.
(IANAL, I could be wrong and often am, this is not legal advice, etc. etc.)
Our start-up (i-conserve.com) looked around on the web, saw that most were partial copies of each other (as in, whole paragraphs verbatim), and decided to write our own, based on 4 or 5 we liked. We really liked the bare-bones approach most YC companies have, and tried to follow that philosophy when writing such legal documents.
Then we talked about to a local long-time entrepreneur, who said that is exactly what his lawyer did, and charged him thousands for it; in fact, it didn't turn out that great. So, save some money and write them yourself.
Write one yourself. You're a new startup? I wouldn't get too involved with formal legal policies. You can take a look at any website to get an idea of what issues you may want to address.
No one cares about this kind of stuff till you're big. So get big and then worry about it.