biz ladiesLife & Business

Biz Ladies: Privacy Policy, Terms of Service, and Disclaimers

by Stephanie

The wild, wild web can be a very unpredictable place. Whether you’re surfing around or managing your own site, it’s important to keep your rights and privacy in check. Today, lawyer/photographer and previous Biz Ladies contributorKiffanie Stahle shares some simple tips and suggestions for drafting your own terms of services, privacy policies and disclaimers for your own sites. If you’ve always wondered about the proper method for safeguarding your site, this post is for you. –Stephanie

Back when you worked with your website designer, they might have told you something about terms of service and privacy policies. Maybe they even created them for you as part of their deliverables. Or maybe you designed your site yourself and in your research came across terms of service and privacy policies and either (a) ignored it or (b) went to someone else’s site and copied theirs.

Either way, my guess is that you haven’t really thought about these items since you designed your site.

While terms of service, privacy policies, and disclaimers might seem like a bunch of legal mumbo-jumbo, they are important and can give you peace of mind that you (and your website) are protected. Today, I’ll be breaking down what each of these are, how they have your back, and what questions you should answer when developing yours.

Privacy Policies
Privacy policies are really all about consumer protection. They stem from the notion that we, as consumers, should be able to control how the businesses that we interact with use our information.

So, the goal is to stand in your consumers’ shoes and make it transparent to them what information you are gathering and what you are doing with that information. They can’t read your mind or know what you do with the information behind the scenes, so it’s your duty to let them know. Wouldn’t you want the same if you were in their shoes?

Having a privacy policy is a legal requirement if you are gathering data on California consumers (and I bet you have customers/clients in California). Additionally, many credit card processors require that you have a privacy policy to comply with your terms of service with them.

So why have one even if it’s not a legal requirement? First off, it’s just good karma. Letting people know what you are tracking about them and what you are doing with it enhances your trust and credibility with them. Also, if you have one (and are complying with it), you’ll have something to point to when that crazy lady gets mad at you because an ad pops up in the sidebar that she doesn’t like (maybe because someone in her household visited the site).

What questions should you ask to develop your privacy policy?

  • 1. What kind of information are you collecting and how?
  • 2. Who is collecting the information?
  • 3. How are you using the information?
  • 4. How do you protect sensitive, identifiable information?
  • 5. Do you share the information with others? If so, who, what, and how?
  • 6. How can I, as a customer, find out what information you have on me? Who do I contact? How long will it take you to provide it to me? Do I have to pay a research fee?
  • 7. When was this privacy policy last updated?
  • 8. What is the process for updating the privacy policy?

When you are working through the questions, think about not only the information users enter themselves (through sales pages, contact forms, or comments) but also information that’s automatically collected (through Google Analytics, Google AdSense, Jetpack, or MailChimp). You should also think about how the information is shared; did you check that box to allow Google Analytics to view your information in the aggregate and compare it with other users in your industry? Do you have an affiliate program and share information with your affiliates?

And remember that most businesses get in trouble with their privacy policies because they don’t follow their policy, not because they don’t have one. So once you’ve drafted one, look it over every few months and update it to reflect that new plug-in you installed and how you are now storing credit card information (or whatever it is that you changed).

Right here on Design*Sponge is a good example of a plain English privacy policy.

**Side note: If you are collecting health or financial information or information on children under the age of 13, there are special laws that you must comply with.

Terms of Service
Terms of Service (or terms of use) are really just a contract with your website visitors to outline what their rights are and what each of you can expect from the other.

Terms of service aren’t a legal requirement, but again, they are there to give you peace of mind that you and your website visitors know what the boundaries of your relationship will be.

So, what questions should you ask to develop your terms of service?

    • E-commerce rules. What are your payment/shipping terms? Refund or exchange policies? Promises about your products or services?
    • Comment rules. What are your rules surrounding comments? Do they need to add value to the conversation?
    • Do you moderate the comments? What happens when someone leaves a comment that breaks the rules? How many chances do they get?
    • Intellectual Property rules. What can users do with the content you post on your site? Use one photo and a summary of the post? Only share on social media? If you do lots of DIY/tutorials you might want to look at A Beautiful Mess, they do a good job of laying out what visitors can do with their tutorials. What should visitors do if they think your content is infringing on their intellectual property?
    • Rules about change. How will you change the terms of service? Will you give users advance notice? What’s the process for opting out if they don’t like the new policy?

Disclaimers are all around us, in fact, if you pull out your last parking lot or valet stub there’s a disclaimer on there.

Disclaimers are used when risks exist, but the exact risk in this exact situation is not known.

What might you be doing on your website that is opening yourself up to risk?

  • Giving advice
  • Making promises or guarantees
  • Selling products that vary or could cause an allergic reaction
  • Allowing users to generate content on your site
  • Creating content or earning income from sponsors/affiliates

So, what might you include in your disclaimer?

  • That your site is not the same as working one-on-one with a professional
  • That you cannot guarantee that users will get the same result
  • That your site is for educational and informational purposes only
  • That while you attempt to include accurate information and update it when you find incorrect information, that information may not be 100% accurate
  • That users should use your site/the information at their own risk
  • That you are not a licensed health/fitness/medical professional (if you are not)

The bottom line is that you should customize these for your site, stealing them from someone else doesn’t protect you because you don’t know what information they are collecting or better yet, who drafted theirs (or if they just stole it, too).

So, take some time this week to review your website from your client/customer’s perspective and then write out, in plain English, how you are tracking them and what you are doing with that information (your privacy policy), what their rights are and what both of you can expect from each other (your terms of service) and what risks they might take by using your products/information on your site (disclaimers).

Not too difficult, right?

Suggested For You


  • This is golden! I’m not surprised because Kiffanie is pretty awesome :) But I am bookmarking this for the next time I attack my website…which is right about now ;)

    Thanks for the fantastic info!

  • Thank you for this great introduction. These are intimidating and by most, are probably left ignored so this is a great resource!