Doing business online—whether through a blog, informational website, or online sales platform—offers pretty badass potential to engage with more readers, gain more followers, and connect to more customers. BUT with that seemingly exponential opportunity for growth, comes some pretty significant risks and responsibilities; risks and responsibilities that aren’t quite the same for an offline business.

Operating on the Wild, Wild Web brings unique challenges to online operations, as well as legal obligations for online entrepreneurs in areas related to privacy, security, taxation and intellectual property.

But don’t ye fret. We have your back and the questions below cover just a taste of the things we can handle for you when it comes to Internet Law. Read it and don’t weep.


What legal notices should I have on my website?

When operating online—even if you aren’t selling anything online—there are a number of federal regulations with which you must be compliant related to privacy and security, including the use of mailing lists and commercial emails.  You may need disclaimers that ensure you’re complying with the FTC’s truth in advertising regulations. The Federal Trade Commission (FTC) mainly regulates these activities online and compliance with their regulations is mandatory for anyone who conducts online transactions, or merely collects information from online visitors.  While many of these Federal regulations apply uniformly, some states have specific rules, and those rules may apply to you even if you don’t target customer in that particular state.

At a minimum, to comply with these regulations, you should have a terms and conditions and privacy policy posted on your site, and be sure that your advertising and other communications aren’t misleading and that your claims are substantiated.

What is a privacy policy?

As you may know, websites and apps collect a variety of sensitive information from their customers and online visitors. If you collect even one iota of information on your website, you need a website privacy policy. As we continue to conduct more and more of our lives online, identity theft and privacy concerns are a big deal to lawmakers. There are several laws governing privacy issues that affect small businesses.Here’s a small sampling:

  • All websites and mobile apps that serve Californians must comply with California’s Online Privacy Protection Act (CalOPPA).
  • Any website that collects information from children under 13 must comply with a federal law called the Children’s Online Privacy Protection Act (COPPA).
  • If your website collects health information you must comply with HIPAA, and financial information is protected by the Gramm-Leach-Bliley Act.
  • In addition, the FTC can impose fines and other penalties against websites that violate consumer privacy rights, and class action suits have been filed by consumers themselves when they feel their private information has been exploited.

The hard truth is that privacy policies are not required by law in most states, but since your website can be accessed from any state, and (hopefully) has visitors and customers all over the country, you need a clear, easily accessible privacy policy that includes all of the legally-required information on ALL of your websites. Here’s some more on that. Also, a helpful video.

What exactly are terms and conditions?

In addition to your privacy policy, you should have some good ol’ terms and conditions posted on your website. Terms and conditions (also known as terms of use or terms of service) serve as the contract between your business and your website visitors, subscribers, and customers who make purchases from your website. Terms & conditions can cover a wide variety of topics; some examples include your right to use information posted by users on your site, whether and how your intellectual property posted on the site may be used by web visitors, payment terms, warranties and liabilities waived, account management, site security, jurisdiction for any lawsuits arising from their use of your site, etc.

How should they be posted on my site?

The most important factor for your website terms and conditions is that they are posted in an obvious and visible way that doesn’t require a bunch of clicks to get to. Most people opt to post them on the footer of the site so they’re easy to find. You’ll also want to make sure that they’re set apart from any other text to help with visibility (think a different color, bolding, all caps). You ideally want them to show up on every single page, including landing pages, so keep that in mind when placing them.

Why do I need both a Terms and Conditions AND a Privacy Policy?

Well, mostly because these guys cover entirely different things. A privacy policy covers the information you collect from your website users, and explains to them how you use that information. Your terms and conditions cover the relationship between you and your website visitors and/or purchasers. Both documents, if they contain the right information, also help you comply with different federal and state legal requirements, so it’s important to have both on your site.

If I have a refund policy posted is that enough?

While a refund policy is definitely important and you may decide you want that conspicuously posted on your sales page or FAQ’s, it’s definitely not enough on it’s own to satisfy the e-commerce terms and conditions. Your refund policy will generally cover the basics of when and how you provide refunds for your products or services. It’s important that any refund policies are consistent wherever they’re posted. So if your terms and conditions state that you give refunds with no questions asked within 30 days, then any statements on your sales page should match.

Do I need disclaimers on my website?

If you’re giving advice on your website (and almost all of us are giving advice this way, intentional or not), or if you’re in a highly-regulated industry such as providing information about fitness, nutrition, finances, or law, it can be beneficial to post disclaimers on your website. You’re likely giving advice via blog articles, ebooks, videos and other ways you communicate with your audience, so disclaimers are a way to notify people of how to use the information on your website and put limitations on the inherent promises, advice and guarantees that may be expressed in some of your website’s content. It’s all about covering your behind and disclaimers provide an added layer of…well, coverage.

Consider placing a disclaimer in your footer, at the bottom of your blog posts, on your materials, or in the beginning of your videos, for example. These are all places where you could be providing advice. If you’re guiding your audience on a particular topic, chances are you need at least one disclaimer.

Are there rules about running a contest?

Yes! (I mean, are you surprised?) If you’re running a contest you need to follow the laws specific to contests and sweepstakes while also ensuring that you’re in compliance with advertising law. One very important consideration is that you cannot conduct a contest that is tantamount to a lottery. Only states are allowed to run lotteries. A lottery includes three elements: chance, consideration and a prize. So, in order to avoid running a lottery you need to eliminate one element. Usually, companies eliminate the “consideration” element by including “no purchase necessary” language. This typically is enough to keep a contest clearly out of lottery territory, but not every situation is the same.

In addition to avoiding an illegal lottery, an Internet contest must comply with laws in all 50 states. Of course, the laws across all 50 states aren’t the same, but there is a general checklist that, if employed, should cover most requirements. To avoid international compliance issues, it’s also a really good idea to limit entrance to U.S. citizens and residents. Of course, with contests, there are also issues of intellectual property and privacy to address. The Children’s Online Privacy Protection Act (COPPA) also applies to contests, so it would be wise to restrict the age of entrants.

Keep in mind that if you’re running the contest through a social media platform like Facebook or Instagram, they may have their own policies for you to follow.

What if I’m offering promotional pricing—are there rules I should follow?

Oh hey guess what: the Federal Trade Commission’s general standards for clarity and truthfulness also apply to pricing. So it’s important that any special offers are honest and not intended to mislead. For example, if you are offering a 2 for 1 special, you can’t double your normal price so you’re not actually giving them the advertised deal. There are also strict guidelines on how you may advertise “free” products/services. In general, attempting to imply something about your product or service that is not true or omitting pertinent information from your advertisements is a big no-no. State laws on pricing are relevant in this context as well.

Are there rules about how to use or post testimonials?

Similarly, testimonials need to be honest and not misleading. So let’s just say no to false testimonials right now (which should be implied, but you’d be surprised). When you display testimonials from someone who achieved extraordinary results with your product or service, be sure to clarify that there are no guarantees of the same results for every customer and communicate the realistic results consumers can actually expect. In other words, you know everybody who signs up for your e-book isn’t going to make a million dollars from it, even if one person did.

Do I have to comply with FTC regulations on my site?

Yes. If you’re selling anything, endorsing anything, or making any money off of your site whatsoever, you need to comply with FTC regulations. You also need to comply if you’re collecting any information from visitors to your site. Here’s a hint: you are probably collecting some kind of information, even if you aren’t doing so intentionally.

I’m an affiliate. How do I disclose those relationships?

As an affiliate, you’re generally going to endorse a product as well as earn a commission on any sale from your endorsement or discussion of a product or service. If you endorse a product, it’s important that you have actually used the product and had a positive experience with the product (i.e. you’re being honest and truthful)! You must also disclose that you are an affiliate and are receiving a kickback wherever the links appear on your website. Placing a catch-all disclosure on your website is better than nothing, but ideally you want to have the disclosure in your terms and conditions, and include it where the reader is seeing the actual endorsing content or where affiliate links are posted.

I’m a blogger and companies send me products to review, do I have to disclose that?

Absolutely. It doesn’t matter whether you’re receiving monetary compensation or product compensation. The same rules from above apply.

What about if they pay me for my review?

Same goes. See above two questions. 🙂

The domain name I want to use is already used by someone else, what can I do?

If you own the trademark in a name, and someone else is using that name as a domain name, you can assert your trademark rights to challenge that person’s use of the domain name. This can be done by filing a trademark infringement suit, or through iCANN’s dispute resolution process (you could also file a cybersquatting lawsuit if dispute resolution isn’t your thing). None of these measures guarantee your ability to take control of the domain name, but having trademark rights in a mark encompassed by the domain name is certainly an advantage compared to trying to secure an already in-use domain name when you have no trademark rights to assert. If you would like to use a domain name for your business and you don’t have any trademark rights, you can always offer to buy the domain name. Whether your offer is accepted depends, of course, on whether the domain name is already in use, or merely reserved, and how successful the domain name already is in its current operations. Someone who is making bonafide use of the domain (not a cybersquatter) has no obligation to sell to you, but it doesn’t hurt to ask.

Someone online is using my business name or content without permission, what do I do?

If you think the infringement is unintentional, or if the infringer is a small business, or someone you work with, you may want to call them up and play nice. If you think someone is deliberately ripping you off, you have some options.

For content, you can use The Digital Millennium Copyright Act (DMCA)—a Federal law in the United States—to get the infringing material taken down from the infringers website. You may also want to consider issuing a cease and desist letter. You can find examples of these online, but definitely don’t copy and paste it, make sure it’s tailored to your situation and says what you need it to say. For your business name, issuing a cease and desist letter may be the way to go. Make sure you’re clear about the rights you are asserting, and your ownership over the material and the rights. (Mis)use of your trademark by others can put your trademark rights at risk, so it’s important to police and protect them vigilantly.

I got a cease and desist from someone else, what should I do?

First, take a close look and see if all of the facts in the Cease and Desist are correct. Does the person who sent the Cease and Desist own the copyright or mark that you are using? Did they include any proof? Are you using the copyright or mark that they say you are using? Do you have valid rights to use the item? If you ask all of these questions and you think the Cease and Desist is valid, you will have to stop using the content or mark altogether. On the other hand, if it seems like the Cease and Desist isn’t valid (often because you have the right to use the item you are using), then you can contact the other person and tell them why you think they are wrong and why you won’t stop using the item in question. Honestly, this is one of those things that is best handled by an attorney, because trying to figure out the validity of a Cease and Desist requires some detailed legal knowledge.

I got an invoice for the unauthorized use of an image, do I have to pay it?

So, you got an invoice in the mail from an online stock photo house and now you’re all “Crap. What do I do?” There’s no need to run (we hear that’s bad for you anyways). You shouldn’t hide either. This is a situation best handled straight on. The appropriate reaction, however, depends on whether you used the photo in question, and if you did, whether you had a license for it.

Let’s say you used the photo in question and let’s also say you didn’t purchase a license to use it.  First, verify that the stock photo house actually owns the rights to the photo in question. While you’re doing that, you should also try  to figure out where you originally got the photo and if you, in fact, did have permission from that source. After you’ve verified their ownership of the copyright, and since we’re assuming here that you used it without authorization, you should probably try to negotiate with them as much as possible. Otherwise, they do have the right and the option to sue (your pants off).

Let’s say you didn’t use the photo, or you had permission (via license or otherwise).

In this scenario, you’ll need to contact the photo stock house and explain the situation–either that you didn’t use the photo or that you had permission. If you have a license for the photo, you should provide that or other proof that you were authorized to use the photo. If you never possessed or used the photo, say so, and hopefully you can resolve the situation.

For more, check out this post.

Should I use a free template I found for my Terms & Conditions or Privacy Policy?

There are lots of Privacy Policy and Terms and Conditions templates and samples available online. However, as templates go, most are very general and may not cover all of the aspects of your business’s online operations. Moreover, because regulations change, it’s difficult to know whether a certain template or sample is up to date legally. Depending on your business and the type of website you operate, you may need very specific disclaimers, limitation of liability clauses, confidentiality clauses, and disclosures about automated information-gathering or data and use tracking. Compliance with the most up to date regulations regarding minor users/consumers of your site is also crucial (and can be a bit tricky).

If you do decide to use a privacy policy template or terms and conditions template, we recommend that you make sure it’s from a trusted and verified source. You’re using this document to comply with federal and state regulations and to protect you from a whole lotta liability, so it’s important that you can trust the contents of the document. Using a random template you found on the internet is not likely to meet this standard. Moreover, if you rely on a random template, you run the risk of using something you don’t actually have permission to use, since you can’t be sure of its true source.

When is it best to have an attorney draft my Privacy Policy and/or Terms and Conditions?

The great thing about hiring lawyers who are experienced with online business and e-commerce, is that they can create tailored policies for your business’s unique needs—taking into consideration the type of engagement your customers and visitors have with your site—so there aren’t any legal gaps that could leave you vulnerable to penalties from noncompliance with regulations. Privacy Policies and Terms and Conditions that have been specifically drafted for your business, blog, etc., also ensure that you’re able to set the exact terms upon which you want to engage with your customers and visitors. When you’re able to clearly explain what you offer your visitors and customers, and under what terms, you rest assured knowing that you are legally covered and your customers are assured by your transparency. Experienced lawyers can also be sure that your Privacy Policy and Terms and Conditions meet legal obligations for any states or jurisdictions that have special or specific rules. This is especially true when you are dealing with situations like HIPPA, selling to anyone under age 18, or if you’re collecting and storing financial information of any kind.

Thirsty for more information like this but not ready to hire a lawyer? We’ve got you. Our Legal Clinic gives you a baseline legal education and helps you protect your business…right from your inbox.

Think: video tutorials, PDF legal lessons and plug ‘n play disclaimers you can whip up and use right away. Bonus? The content is funny and entertaining so you are way less likely to poke your eyes out whilst you learn.

  • This field is for validation purposes and should be left unchanged.