Legal, Tax, and Accounting May 25, 2020

Do I need a ToS and Privacy Policy?

Rahul Padalkar @rcoold


I am launching my web app in open beta, do I need a ToS and privacy policy in place before launching it?

The product :

  • Doesn't cost money to use.
  • Doesn't show any ads
  • Has no third party authentication system
  • Doesn't collect any personal information of the user other than email address
  • Doesn't track user's interaction with the website
  • Doesn't use cookies

Thank you!

  1. 1

    If you want to have third-party Login to you web app, like login with Google, Login with Twitter/facebook etc. then you need those privacypolicy.html

  2. 1

    Hey Rahul, I've just answered on another thread and I'll post partly the same answers in here. Email addresses are usually counted as personal information, in that regard you're already well advised to provide a privacy policy (app store page, within the app, within a promotional website).
    Then of course the added complexity is your target audience. Two thoughts:

    • even if you only target Indian users (because you have India in your profile), you might still deliver the apps via the two big app stores, the App Store and the Google Play Store, both of which require a privacy policy to disseminate your app.
    • India is soon publishing (how soon we'll see) it's own new privacy laws, so you might be covered there, too even if you only go for your fellow compatriots. Now however if you target Europeans, you'll be covered by the GDPR, if Californian's you could be covered by the CCPA

    In terms of what's usually required:

    • a privacy policy (looks like legally required, see above)
    • a cookie policy and a CMP (looks like you might not need it, judging from your statements)
    • records of processing (you might not need it, I can't judge that)
    • terms (mostly for you, you but there might be required elements if you're selling to European consumers, hard to judge, but you might not need it from what I'm reading)
    • imprint (required in several legislations, simply meaning that you need to state who you are and provide certain information)

    My startup provides these services, a basic privacy policy comes for free (not on mobile apps). We offer generators for privacy, cookies and terms, but more importantly we also offer a wealth of information to read into if you feel lost. :)

    1. 1

      Hi @s2imon, I came to this group looking for some advice on how to use Iubenda.

      I see the benefits, but I've found some of the clauses to be far too vague, and I'm not confident subscribing to something with legal implications.

      1. 1

        hey Wayne, thanks for the note. What's your doubt exactly? Some clauses are vage in order to fit a certain use case, but if you read any privacy policy out there you'll notice that we're way way more descriptive than most.
        Also pretty much anything is easily moddable, it all depends on how far you want to go.

        We're happy to engage with your any doubts at info@iubenda too, or just tweet at @iubenda and we'll see how we can help.

        1. 1

          Hi Simon, I'm working through the Terms and Conditions, and there doesn't appear to be an option in Content Rights that fits with the application, in that it's a mix of user-generated content and pages saved from the web, like Evernote or Microsoft OneNote.

          1. 2

            ah you're in the terms, you can email support and mention my name. What I can do is to unlock the custom wording templating system for you, if you don't mind to get your hands dirty.

            1. 1

              Simon, that would be much appreciated.

              1. 1

                the support is there any time, if it needs to happen faster sometimes pinging via Twitter helps.

  3. 1

    The ToS are an agreement between you and your user about using your product. Letting users use it without the ToS means that they use it without any contract in place. Such a contract is not a must, though.
    A privacy policy is obligatory for your interactions with users from Europe, even if your website does not use cookies. Their laws oblige website owners to show a privacy policy in any case. The EU data protection authorities, however, are after big companies. They don't bother with websites in beta. If you don't have users from Europe, don't bother with this.
    If I were you, I may go without ToS and privacy policy during the beta and get them in place when the business gets serious. If you are not comfortable without them, online generators other indie hackers proposed in the comments will do a good job.

  4. 1

    Yeah I'm never sure when those docs are necessary or not. Personally I've just put up a general TOS and Privacy Policy on my main "business" domain/portfolio site, then each project I make I just link to those.

    Basically every projects I make has the same setup - no ads, no cookies, etc - so it made sense for me just to use the same docs.

  5. 1

    Great product you've got in the works. ToS, Privacy Policy and Disclaimers are a must have for websites and apps.

    All the best

  6. 1

    Rahul, this is great. I would like to try your product. Can you share?

    1. 1

      Sure man, will update once launched!

  7. 1

    So you don't plan to use Analytics?

      1. 2

        So no, you don't need a privacy policy. But it's always a good thing to add some TOS.
        You can use

        1. 1

          EU in Europe considers IP address as personal information, which implies privacy policy needed.

        2. 1

          Thanks for sharing this site :)

        3. 1

          I don't have a company name. What should I put there?

Recommended Posts