Poll: Where did you get your site/app's Terms of Service & Privacy Policy?
I'm both interested in how startup folks are doing things and doing a little market research. I occasionally see mistakes in SaaS terms or obvious evidence of copy/pasting. An attorney friend and I were discussing a service that helps build TOS/Privacy pages based on common SaaS features/properties.
64 comments
[ 3.3 ms ] story [ 76.1 ms ] threadThere should be a corresponding survey for where lawyers got their TOS/Privacy page text from. In my experience there are only 3 or 4 boilerplate pages and then some light customization (which I strongly suspect is done largely by interns and secretaries). That'll be a few hundred dollars, thank you.
One more anecdote: When my service went live, I put a free t-shirt offer deep in the TOS. Only had 1 person ever try to redeem the offer.
[1]http://www.iubenda.com/
http://en.wordpress.com/tos/
Used this as well. Just needs a bit of tweaking to fit your need.
Privacy policy is also available:
http://automattic.com/privacy/
If you'd like to find other CC licensed privacy policies, you can use this search:
http://search.creativecommons.org/?q=privacy%20policy
That will give you some other candidates.
I've mentioned this here before, so I hate to sound like a broken record, but it seems worth repeating.
At a minimum, get your lawyer to review very carefully, and edit, the language of those sections.
This probably won't be good enough, though, as the "We can do anything we like" term can't be made good.
Perhaps you could add a term "If any part of this Agreement renders the remainder of the Agreement invalid or unenforceable, that part will be considered void, and the remainder of the Agreement valid and enforceable."
But that doesn't explain how you would resolve a part which only conflicts with a few other parts. You could include something about "if any part invalidates or renders unenforceable another part which is written previously on this Agreement, the part which is written later in this Agreement will be considered null and void." That might be dangerous though - a single bad term at the top could nuke the rest of the agreement.
But ... I'm not a lawyer. This is not legal advice. It's not that expensive to get a lawyer to review (and edit) a contract (OK, it's probably as much as a couple of dedicated servers, which might be a lot for a weekend project... but if you have more than one person in the company it's not expensive), and you get the bonus of a contract that actually does what you want it to, not what Wordpress wants. Wordpress probably has different priorities than you.
I just remembered (smacks forehead with palm) that a couple of years ago I posted a sample privacy policy that can give you and your lawyer a head start---see http://www.ontechnologylaw.com/privacy-policy-for-web-sites-...
Here's a question: has anyone ever heard of someone being sued for copyright violation for reusing parts of someone else's TOS or other posted legal document?
I am definitely not a lawyer, but that lawyer's response sounds reasonable, but it sounds like it was also likely under a range of conditions -- in particular, I think if you ever get in a position where you have a bit of a "special" contract (i.e., anything unusual in the broad sense of the term) copyright could very well apply.
My answer to the poll (for these and most other legal documents) is that we produce a serious draft ourselves first, and then take it to a decent lawyer for review.
Our experience has been that asking lawyers (and accountants) to draft documentation from scratch is rarely cost-effective. If they aren't already very familiar with your business, you're just going to get whatever they can throw together in a couple of hours based on a loose understanding of what you do, partly because you're probably not paying for any more than that, and partly because they probably don't have enough detail from your preliminary discussions to produce something better anyway. Then you're effectively going to rewrite much of it yourself just to explain to them how things really work in enough detail to work with, and you're still going to go and see them again afterwards for fine-tuning.
Edit: We do, however, sometimes have a preliminary call/meeting with a lawyer to find out what sorts of headings we ought to be filling out and ask about any tricky areas so we have some understanding before we try to draft anything. But we still do the drafting ourselves, even if it's just a plain English but detailed description of what we want to say that the lawyers can work on later.
A few of us are working on starting a non-profit to do that - taking the first small step of making an open UK employment contract.
Anyone with a business in the UK who might be interested in using such a contract, do get in touch!
callmeed, I'll email you to see if you'd like to join forces. Website T&Cs are definitely a good one to do.
In principle, this is a great idea. In practice, not so much. The problem with boilerplate contracts is that they're often unenforceable. In fact, simply having an IM conversation with someone in which you discuss and negotiate the responsibilities of each side could carry more weight in litigation than some obtuse, boilerplate contract.
I've actually been working on an NDA generator for a while now, and I'm hoping to eventually get it to a point where the variable elements can be negotiable by each side of the agreement. For example, things like duration/scope, when allowed by the respective jurisdiction, should be negotiable. Launching this into a full service (or a component of another service) that handles confidential information exchanges could be useful, too.
A few of us are working on starting a non-profit to do that - taking the first small step of making an open UK employment contract.
Anyone with a business in the UK who might be interested in using such a contract, do get in touch!
callmeed, I'll email you to see if you'd like to join forces. Website T&Cs are definitely a good one to do.
A few of us are working on starting a non-profit to do that - taking the first small step of making an open UK employment contract.
Anyone with a business in the UK who might be interested in using such a contract, do get in touch!
callmeed, I'll email you to see if you'd like to join forces. Website T&Cs are definitely a good one to do.
Your TOS is more of a sales pitch than an attempt to indemnify yourself against potential legal problems.
Not a bad idea, but it's serving a different purpose than most.
https://www.limelightapp.com/policies
Is this legally negligent?
Although, my website is in Australia so I had to customise it to meet the Australian market. See: http://www.ozshaadi.com.au/page/terms and http://www.ozshaadi.com.au/page/privacy
This is one reason why many TOS and Privacy Policies appear very similar. Any site that collects information from children (which could be almost any site) must comply with the following:
"Section 312.4(b) of the Rule identifies the information that must be disclosed in your online privacy policy. Required information includes: the name, address, telephone number, and email address of each operator collecting or maintaining personal information from children through your site; the types of personal information collected from children and whether it is collected actively or passively; how such personal information is or may be used; whether such personal information is disclosed to third parties, various other types of information about those third parties as set forth in the Rule, and that the parent may deny consent to this disclosure; that the operator cannot condition a child’s participation in an activity on the disclosure of more information than is reasonably necessary to participate; and that the parent can review the child’s personal information and refuse to permit the further collection or use of the child’s information. 16 C.F.R. § 312.4(b)(2).
"The Rule also requires that a link to the privacy policy be posted clearly and prominently on your home page and at each area where personal information is collected. 16 C.F.R. § 312.4(b)."
For example, TRUSTe is a COPPA safe harbor, and if you use their Privacy Policy Generator (available at http://www.truste.com/privacy_seals_and_services/small_mediu... ) to generate a policy, you're automatically deemed in compliance with the COPPA.
Short answer to the question
Any of the current solutions to the Privacy Policy / TOS problem make you waste money and time. I've experienced this problem myself and decided to solve this hell of hassle once and for all, creating a privacy policy generator that is really compliant, with a company making money behind (and this grants quality), built to speak web designers' language (not lawyers' one), allowing to generate a fully-customized high-quality privacy policy within 3 minutes, by pressing a few buttons.
Here's the website: http://www.iubenda.com I'm the founder.
-------------------------------------------------------------------
-
# Small intro
As a web designer I've always faced this problem myself, that terrible hassle of getting rid of the privacy policy. Two years ago I told myself: why the hell nobody solves this problem once and for all? So, I started working on iubenda (http://www.iubenda.com), with the goal of giving any website owner in the world a way to generate a Privacy Policy without having to read a single legalese word.
After a whole year of thinking, another year of cust dev, a seed round and even the awesome Seedcamp experience, we are here to conquer the footer of every website in the world :P
To date we have 2k people waiting to try out the product, we're approaching 1M pageviews served by our privacy policy icon, we have 100 beta testers and we're able to generate a privacy policy both in English and Italian languages.
-------------------------------------------------------------------
-
# Why every solution mentioned is a mess (most of the times)
If you have to spend money and time on that boring document that nobody reads (aka privacy policy), the best you can hope is that the money is actually well spent.
The tough truth? Most of the times it's not, and I'll explain why.
-
## What are Privacy Policies about?
A Privacy Policy must inform the users visiting a website about the personal data collected, the use of those data, the parties involved (first and third parties) and few other minimal things.
The problem here is that every website is slightly different, different because is using different services collecting different data. Any web designer can get it, on some websites you put Google Analytics, on some others Google Analytics and Google Adsense, sometimes you use Mailchimp to manage a mailing list, and so on.
Now, the problem is that most of the privacy policies I read don't mention these services, making the privacy policy completely useless.
-
## So, you're basically telling me that I payed $1k for my privacy policy, and IT IS USELESS?
Yeah dude, the privacy policy can't be general, it must be specific, or it's just like not having a privacy policy at all. Of course you can fall into this hole while copy/pasting, while paying for a lawyer or while using a low-quality generator. Sometimes you may of course find a good lawyer or a good web company (like TRUSTe), but that kind of lawyer/service is usually expensive.
-
## Not every lawyer writes wrong privacy policies: here's a simple way to check yours
Try to ask your lawyer what a "cookie" actually is. Most will start talking about chocolate biscuits.
-
## So, what?
Since the world is never white or black, the Privacy Policy World is not about having or not having a privacy policy, there's a gray area in the middle: having a privacy policy that sucks. Sad but true, this is the most common situation.
-------------------------------------------------------------------
-
# Carrot after the stick
After analyzing this situation and getting to the conclusion above (privacy policies are expensive, and they even suck), I simply started working on a solution, and here I tell you what I did.
-
## Rethinking the Privacy Policy from scratch
The Pri...
TRUSTe reported several tests on this side, even Facebook had a huge benefit from changing the "privacy policy" policy to something more clear.
Just to tell something more on this side, we are working with http://dribbble.com/jonnotie to make our privacy policies not only useful, but even beautiful :) Stay tuned :P
I think it was "Anything You Want" by Derek Sivers that I first heard about doing this.