Legal, Tax, & Accounting May 24, 2020

Privacy Policy, Legal Notice, Terms of Service...

Yassine Zeriouh @yassineze

Hello fellow indie hackers!

Today I have some questions about one of the most exciting parts of running a SaaS business.

As I live in Germany, the regulations here are pretty strict. I need to have a privacy policy, a legal notice and a terms of service. I heard about people where some things were just wrong or not there at all - they got sued pretty fast (there are companies that make money by just searching for non-compliant websites and suing them). Pretty scary if you ask me.

What do you use to get your privacy policy, legal notice and terms of service right?

  1. 2

    Since you live in Germany, your website has to be compliant with the GDPR. If it is compliant with the GDPR, it is compliant with most privacy laws in the world (except California and Nevada).
    This means that you need:

    • a privacy policy containing all the elements required by the law
    • a consent management solution for collecting consent for the collection of personal data (you don't need this if you don't use any cookies)
    • obtain separate consent for each purpose of data collection (statistics, marketing...).
      If your websites use cookies for collection of personal data, having a privacy policy without the consent management solution is useless. You must not send cookies without obtaining prior consent. Doing so is a violation of the EU and German law.

    I don't know much about the lawsuits you mention, but if you don't collect or process personal data, then I see no basis for lawsuits. Users have the right to request information about the data you collect, object to the use of data, request the erasure of data, prove that you have obtained their consent, and so on. If you collect their data, you must do what has been requested from you. I can only guess that this is often the basis of such lawsuits.

    On the other hand, around 60% of the EU websites are not GDPR-compliant.

  2. 2

    Cheers from Germany, I feel your pain. The best thing to do is to befriend a lawyer. ;)

    On a more serious note, when I'm starting something new, I start lean and get proper legal advice once it gets traction or generates decent revenue.

    For a start, legal notice / imprint and privacy policy can be generated (one requires a small fee but it's much better than paying individual consulting from a lawyer).
    Impressum Generator
    Datenschutz Generator

    The terms (AGB) heavily depend on your business, so it's much harder to automate. If I were in your shoes, I would study the terms of similar products, make notes and structure the initial terms yourself. It's a risk, but it's also not rocket science. Make sure to not just look at one example, because it may have been created with the same principle. Don't just copy-paste, or you may get additional trouble. Let me repeat, it's a risk (and I am not a lawyer).

    I totally agree with your sentiment that Germany isn't very startup friendly. But it also has lots of good sides: people willing to invest the 25k€ share capital for a GmbH (of which 12.5k€ have to be paid in on the company bank account when founding) are serious about their project, and consumers always know who they're dealing with thanks to the imprint.

    I am sick of browsing through other (particularly indie developer) project pages without knowing whether I am dealing with some individual, sole trader, or a company, because there's no imprint, no address, no legal entity mentioned at all. Personally, I wouldn't conduct any business without knowing details, regardless how great or useful the project is.

  3. 2

    I just copy one of the bigger sites privacy policy and change their company name to mine. There's also privacy policy, legal notice, etc generator online, cannot think of one off the top of my head. You can also put something like, by visiting this site you agree to not sue us, lol. Not sure how Germany work but in the US we create an LLC. Simple and cheap. If we get sued, only the company get sued and not the individual. If the company has 0 profit, they get nothing.

    1. 1

      In Germany you need at least 25k just to create a GmbH (equivalent of an LLC), then it's the same but they don't care if you have money or not, they'll sue you anyways and to get away with it, you have to file for bankruptcy. Germany is really not startup-friendly.
      Thanks for your suggestion, I'll do some research on it!

      1. 2

        There are several flaws with copying competitor legal docs - for one you'll probably come close to copyright infringement, then who knows if your competitor has good documents in place, maybe they too, copied it from somewhere else and third, likely your situations don't really match.

        The Abmahnungen in Germany are a problem indeed that might be relevant to smaller endeavours. As @Petartod is saying a privacy policy and a cookie policy (banner if those cookies aren't strictly necessary and only placing cookies after the user consents [to those cookies that you need consent for]) are pretty standard these days for a basic setup.
        However, under the GDPR there are several legal bases to collect personal data, consent is just one of them.

        Luckily there are lots of tools that help with these kinds of setups, but there are also more and more alternatives to placing cookies and using less privacy intrusive methods, which means you might not need a consent management platform. It's not hard anymore these days to do a pretty good job with a little bit of investment and set up:

        • a privacy policy (legally required)
        • a cookie policy and a CMP (likely legally required)
        • records of processing (likely legally required)
        • terms (mostly for you, you but there might be required elements if you're selling to consumers)
        • imprint (Impressum, legally required in Germany)

        As @digitalbreed says, I think doing a good job here only benefits you. If you need a tool to help with this, there are many out there, but I'll link to the tool I work on daily: iubenda. Happy to answer questions.

        1. 2

          That's the same I was thinking about copying a competitors legal docs. Also, I wouldn't want to write my own texts to differ from the competitors texts as I am not a legal expert in any means and a slight mis-explanation could cause you a lot of trouble. Thanks for the recommendation, I'll look into iubenda! :)

  4. 2

    +1 im also curious