Last Updated: March 13, 2023
Which of These Top 11 Website Legal Documents Do You Need?
I help eCommerce and digital marketers with customized Internet marketing and digital advertising compliance tactics and documents to be compliant and competitive without costing them sales.
* My wheelhouse is the tip of your marketing spear: how you present your marketing message to your prospects in a hyper-regulated online marketplace
* Your marketing message is a big deal. You should be able to navigate new and complex regulations, but instead, you're left with questions.
I'm here to help.
In this discussion, I'll use the term "portal" to include websites, online platforms, and marketplaces, except when the context requires specificity.
Website Legal Documents - Concerns and Challenges
Having the correct and appropriate website compliance and legal protection documents on a commercial online portal can present a significant challenge and risk for a website or online platform owners and operators.
Without the required and appropriate legal documents, it's like you're living in a beach house in a hurricane-prone area that's not built according to the prevailing building codes. Bad things can and often do happen.
* Without these documents, you, the website, and the website's customers face substantial legal liability.
* Failure to incorporate required documents will expose customers to the risk of data breaches or misuse of their data. This failure also places the platform owners or operators at risk from claims by customers.
* Additionally, portal owners and operators could be exposed to potential fines or other penalties from regulatory bodies, including the FTC and state regulators. In some situations, liability exposure can rise to the level of personal liability for owners and operators.
As the owner or operator of a commercial portal:
* Your concern should be to protect yourself, the portal, and customers, and
* Your challenge is to integrate and maintain the required and appropriate online compliance and legal documents into your portal.
How I Can Help You
* Assessment. The priority will be to either assess your current documents, if the project is to update an existing website or online marketplace, or if it is yet to be launched, to assess required and recommended legal documents.
* Decision-Time Among Recommended Options and Requirements. Decision-makers are required to provide input regarding recommended options. Decisions also include a mutual agreement regarding the project schedule, interim delivery of documents, implementation, and go-live for the launch.
* Document Delivery. I'll deliver the website or online marketplace documents per the agreed-upon schedule with Memoranda as required to assist with timely and seamless implementation.
* Post-Launch. After the launch, there will be a final discussion regarding the completion of the remaining tasks and issues.
Website Legal Documents Checklist
This is not intended to be a complete list, only the typical documents and related terms you might expect.
Terms that do not have a requirement for visitors to take an affirmative action to accept are often referred to as "browsewrap" agreements.
This is a partial list of typical terms.
* Use and Restrictions
* Postings to the Site
* Defamation; Communications Decency Act Notice
* Monitoring Rights
* Warranty Disclaimers
* Limitation of Liability
* Third-Party Websites and Links
* Non-Confidential Information
* Consumer Rights Information
* Governing Law; Jurisdiction & Venue
Terms and Conditions (T&Cs) - Sale of Online Services/Products
An online portal is a website or platform that enables eCommerce transactions between a seller and purchasers over the internet.
The portal provides information and services that help users search, locate, and compare services or physical products and subsequently enter into purchase transactions.
* Agreement Notice
* Use of Service; Termination
* User Account and Restrictions
* Acceptable Use
* Shipment and Returns Policy (physical goods)
* Audiovisual Content
* Changes in Service
* User Generated Content (UGC)
* Proprietary Rights
* Data Security
* Limitations of Liability
* User Indemnity
* Governing Law, Arbitration, Class Action Waiver, and Jury Trial Waiver
Acceptance is vitally essential with online contracts because it establishes a legally binding relationship. There must be a clear and unambiguous action taken for consent to avoid any uncertainty regarding whether a binding agreement exists.
Acceptance of T&Cs is typically accomplished in one of three ways for portals engaged in the sale of services and physical products.
* “Sign-In Wrap” Agreement. There is no separate acceptance of the T&Cs. Instead, a conspicuous webpage notice states that the acts of signing in and creating an account or completing a purchase, all taken together, constitute an agreement with the T&Cs.
* “Click-Wrap” Agreement. This approach requires the user either to affirmatively click a specified "I Agree" or a similar button or to check an unchecked box to indicate agreement with the T&Cs. The user must be provided reasonable notice of the terms, and the user should not be able to proceed with enrollment without taking one of these actions.
* “Scroll-Wrap” Agreement (sometimes referred to as a "Page-Wrap" Agreement). This is similar to the Click-Wrap approach, except that the user is required to scroll through the entire T&Cs in order to be able to click the required button or check the required box. Additional requirements are that the user should be provided instructions to scroll down and conspicuous notice that the terms are binding.
In addition to securing unambiguous consent with the agreements discussed above, eCommerce portal owners and operators have the burden of proof to provide the following to support a claim for breach of contract:
* The T&Cs were presented to the user entirely and were easily accessible.
* The terms were clear and unambiguous, and the user had the opportunity to review them before accepting them.
* The user clicked or took some other specified action indicating acceptance of the terms.
* Date-stamped records show the version of the terms that were accepted by the user.
* The alleged breach by the user was in clear violation of one of the material terms accepted in the agreement.
Terms and Conditions (T&Cs) – Online Marketplaces
An online marketplace is a portal that enables buyers and sellers to enter into transactions for the sale of services or physical products over the internet.
The marketplace acts as a third-party facilitator for buyers and sellers to interact with the intention to enter into purchase and sale transactions. Transaction processing services are typically provided by the marketplace.
* Terms are typically set out in the marketplace agreement as follows:
* Terms that apply to all sellers and buyers,
* Terms that apply only to sellers, and
* Terms that apply only to buyers.
Marketplace terms incorporate some of the terms described above for portals for the sale of online services and physical products; however, there are terms that are tailored to protect the marketplace, including the following.
* Limitation of liability: limiting the marketplace's liability for damages or losses resulting from its services or user interactions.
* Dispute resolution: specifying a process for resolving disputes between buyers and sellers, such as mediation or arbitration.
* Intellectual property rights: clarifying the ownership of intellectual property rights and setting out the process for reporting infringement.
* Indemnification: requiring users to indemnify the marketplace for any losses or damages resulting from their actions on the platform.
* Termination and suspension: giving the marketplace the right to terminate or suspend user accounts for violations of terms or policies.
Copyright infringement under the U.S. Copyright Act is a “strict liability” offense.
Strict liability means that if someone else posts infringing material on your website or portal:
* You will be a copyright infringer and potentially liable for damages for infringement,
* Even if you didn't post it or know about it (hence “strict liability”).
Infringing material includes any post of copyrightable material, which includes material in
* Written form,
* Other audiovisual works, and
The DMCA statute provides a “safe harbor” (exemption) from copyright these infringement claims to protect you, provided that you:
* Post a DMCA Notice prominently on your site, and
* Register an Agent for service at the U.S. Copyright Office.
Registration of an Agent for service is required to secure the "safe harbor." The DMCA “safe harbor” will NOT apply unless you register (and maintain your registration) for an agent for service that may be used by anyone claiming copyright infringement to contact you.
Your DMCA notice will include instructions on how to establish an account and register with the U.S. Copyright Office.
In addition to the protection of the "Safe Harbor," the DMCA Notice on your website demonstrates a commitment to protecting the rights of content creators.
* Shared with others, and
* Protected as required by the data rights of users.
Privacy Policies also build trust with users and demonstrate compliance with applicable law.
More Information: Privacy & Data Rights Compliance
An accessibility statement is a disclosure statement posted to a portal or marketplace that describes the measures taken by the exit for purposes to make its content and services accessible to individuals with disabilities.
Accessibility is governed by the U.S. Statute “Americans with Disabilities Act” (ADA), Title III.
Title III requires that “places of public accommodation” provide equal access to goods, services, and facilities for individuals with disabilities. This includes removing barriers to accessibility and making reasonable modifications to policies, practices, and procedures.
The purposes of the accessibility statement are twofold:
1. To provide transparency and accountability to users regarding the status of the portal's efforts to make its services accessible to all users, and
2. To describe the portal's progress with ADA Title III requirements and other guidelines for accessibility, including the Web Content Accessibility Guidelines (WCAG).
Two questions are often asked.
1. Does ADA Title III actually apply to my portal?
2. What does ADA Title III actually require my portal to do in terms of effort and expense regarding the removal of barriers to accessibility?
What does ADA Title III actually require my portal to do in terms of effort and expense regarding the removal of barriers to accessibility?
First, these are the general guidelines regarding whether ADA Title III applies to your portal.
* If your portal is “website only,” meaning that there is no related physical presence such as a storefront (which would be a place of public accommodation), some cases have held that Title III does not apply. But there are a few cases that have ruled otherwise.
* On the other hand, it is well settled that Title III does apply if a portal has an associated physical place of public accommodation, such as a storefront.
* The Department of Justice has made it clear on several occasions that it believes all portals should be regulated by Title III and specifically that they should be compliant with the standards of WCAG 2.1AA.
Second, Title III does not specify the exact expenses a business must undertake to remove barriers to accessibility.
* The requirement is to provide "reasonable modifications" and "reasonable accommodations" to individuals with disabilities.
* This can include measures such as making a website accessible through assistive technologies, providing alternative methods for accessing information, and removing physical barriers in facilities.
* The specific expenses will vary depending on the nature of the business and the particular barriers to accessibility.
* The goal of Title III is to ensure that people with disabilities have equal access to the goods and services provided by the business.
* The costs of removing barriers must be reasonable and proportional to the size and resources of the portal and the benefits to people with disabilities.
Bottom line, Title III provides a sliding scale, depending on the size and resources of the business.
Data Security Policy
A data security policy is a set of guidelines and procedures that portals put in place to protect sensitive information, such as personal data and confidential business information, from unauthorized access, use, disclosure, and destruction.
Typically, a data security policy outlines the measures that the portal will take to ensure the security and privacy of its data, including:
* technical and administrative controls,
* employee training and awareness, and
* incident response and breach reporting procedures.
Your data security policy should not be posted to the public areas of the portal. Instead, it should be maintained in confidential portal records.
The Federal Trade Commission (FTC) is now including incident response and breach disclosure as potential factors for potential enforcement actions.
On May 20, 2022, the FTC's Team CTO and the Division of Privacy and Identity Protection published a blog post titled Security Beyond Prevention: The Importance of Effective Breach Disclosures. The blog noted that the FTC Act creates a de facto data breach notification requirement because failure to disclose can increase the likelihood that affected parties will suffer harm.
The FTC's blog post outlines effective security breach detection and response programs, which can:
* Permit an organization time to take remedial actions to counter, prevent, or mitigate an attack; contain and minimize consumer harm from breaches;
* Provide valuable information to the prevention function of a security team; and
* Remove an attacker and allow for post-breach remedial measures.
According to the FTC, failure to maintain such practices could indicate a lack of competition in the marketplace. The post stated that “[r]egardless of whether a breach notification law applies, a breached entity that fails to disclose information to help parties mitigate reasonably foreseeable harm may violate Section 5 of the FTC Act.”
Listing recent cyber-related FTC enforcement actions, the FTC blog post explained that deceptive statements could limit consumers' ability to mitigate foreseeable harms like identity theft, loss of sensitive data, or financial impacts.
The FTC's post further noted that "companies have legal obligations with respect to disclosing breaches, and that these disclosures should be accurate and timely."
Incident Response Plan
An incident response plan is a document that provides guidelines for a portal's response to a security breach or other type of data security incident in an organized and efficient manner.
Typically, the incident response plan outlines the steps that portal personnel will take to detect, contain, and resolve security incidents, as well as how it will communicate with stakeholders and comply with any legal or regulatory requirements.
It eliminates confusion and guesswork if and when a security breach or other incident occurs.
* The incident response plan typically includes the following:
* Designated roles and responsibilities for responding to incidents
* Communication protocols for internal and external interested parties
* Procedures for incident containment and eradication
* Guidelines for data preservation and evidence collection
* Post-incident review and lessons learned process
The goal of an incident response plan is to minimize the impact of security incidents and to restore normal operations as quickly as possible.
Having an incident response plan in place will allow your portal to respond to security incidents in a controlled and effective manner, reducing the risk of further damage.
The goal of an incident response plan is to minimize the impact of security incidents and to restore normal operations as quickly as possible.
Typically, the incident response plan is not posted to the public areas of the portal. Instead, it is maintained in confidential portal records.
A refund policy for an eCommerce portal describes the circumstances whereby the portal will provide a refund to its customers.
Your refund policy should be clear and easy to understand, and conspicuous to customers on the portal.
Refund policies generally include the following points:
* Eligibility: Description of the conditions whereby a customer may request a refund.
* Time Limitations: The time limit for requesting a refund, such as within 30 days of the purchase date.
* Cost for Return Shipping: Responsibility for paying for the return shipping costs (either the customer or the portal).
* Refund process: Requirements for requesting a refund and the process that the portal will follow to process the refund.
* Exclusions: Description of products or services that are not eligible for a refund.
Shipping Terms: The Mail Order Rule
What is the FTC's “Mail Order Rule”?
The Mail Order Rule has been updated since its 1975 enactment to reflect consumers' shift to online shopping. It prohibits sellers from soliciting orders unless, at the time of the solicitation, the seller has a reasonable basis for expecting it will be able to ship: (1) within the time it states; or (2) if no time is stated, within 30 days.
It's a practical rule that recognizes that sometimes stuff happens. When shipments are delayed, the Mail Order Rule lays out sequential if-then steps sellers must take to ensure consumers aren't left hanging.
One key provision is that if a seller can't ship within the required time, the seller must send the buyer a shipping delay notice that offers the buyer “an option either to consent to a delay in shipping or to cancel the buyer's order and receive a prompt refund.”
The rule applies to traditional merchants as well as fulfillment houses (also known as drop-shippers).
Failing to comply with the Mail Order Rule can result in civil penalties of up to $43,280 per violation, restitution, and/or injunctive relief.
The Fashion Nova Case (2020)
The FTC alleged that Fashion Nova often:
* Failed to meet its shipping promises to consumers, and
* Failed to meet the Mail Order Rule's requirement that consumers must be notified of shipping delays and given a chance to cancel orders and receive prompt refunds.
In addition, the FTC alleged that Fashion Nova at times failed to refund consumers for the items it didn't ship merchandise. Instead, it was the company's policy to issue gift cards, which aren't considered refunds under the Mail Order Rule. The company also failed to cancel orders and provide refunds when it didn't offer consumers delay option notices.
Fashion Nova settled for $9.3 million, which is the largest ever in a case of its kind.
Fashion Nova Takeaways
* You must have a reasonable basis for shipping representations. It's important to remember that statements about shipping aren't puffery. Like price and product features, they're among the objective claims consumers rely on in deciding whether to do business with you or your competitor. Under the Mail Order Rule, a company must have “a reasonable basis to expect that it will be able to ship” within the stated time. That “reasonable basis” must be grounded in objective criteria, not crossed fingers and wishful thinking.
* If you won't be able to ship on time, tell buyers about their options and honor their choice.
* Suppose there is a shipment delay; the decision-making shifts to the buyer. You must "clearly and conspicuously and without prior demand" give buyers "an option either to consent to a delay in shipping or to cancel the buyer's order and receive a prompt refund." That first clause means you must reach out to them in a way they'll notice. You can't wait until they ask, "Where's my stuff?" And the second clause makes it clear that buyers, not sellers, are in the driver's seat. It's illegal for you to substitute your judgment and conclude that they won't mind the wait.
* A gift card isn't a “refund.” When a shipping delay has left consumers in the lurch or when a retailer doesn't fulfill an order or doesn't ship merchandise, a gift card won't suffice.
A disclaimer on an online eCommerce portal is a legal statement that informs customers about the limitations and conditions of the products or services being offered for sale on the portal.
The purpose of a disclaimer is to protect the business from legal liability and to communicate the terms of the transaction to the customer clearly.
Some disclaimers are required by law.
For example, the Federal Drug Administration requires this disclaimer on supplements:
"This statement has not been evaluated by the FDA. This product is not intended to diagnose, treat, cure, or prevent any disease."
The foregoing disclaimer is meant to inform consumers that the FDA has not evaluated the claims made about the product and that the product has not been approved by the FDA as a drug to diagnose, treat, cure, or prevent any disease.
Other disclaimers are crafted by the portal for specific circumstances and concerns.
This is an example of an earnings disclaimer:
"Earnings and income representations made by the portal are not guarantees of your actual earnings. There is no guarantee that you will make any money using the techniques and ideas provided in our services. Your results may vary based on a number of factors, including but not limited to your background, experience, and level of effort."
The foregoing disclaimer is intended to limit the portal's liability exposure for deceptive advertising.
You should exercise great care with disclaimers. The FTC has made it clear that disclaimers that contradict advertising claims may be deemed to be a deceptive marketing practice subject to an FTC enforcement action.
How to Get Started
The recommended way to get started is to scroll to the bottom of this page and click on the "Book a Call" button, then schedule a call.
We'll discuss your requirements and concerns and answer any questions you may have.
At the same time, sign Up for my complimentary 2-Minute Marketing Compliance Email.
It's not a newsletter (they take too long to read).
Every week or so, you'll get compliance tips, insights, strategies, tactics, and alerts you can digest quickly and use,
written in a simple, conversational way to help you grow your business with confidence.
Best wishes for your online business success.
- Juris Doctor Degree, Wake Forest University School of Law
- Adjunct Professor of Law, Wake Forest University School of Law (20 years)
- Martindale-Hubbell Highest Attorney Peer Rating – AV® PREEMINENT™
- Co-Founder & CEO, FTCGuardian.com, #1 in FTC Compliance Training