Building a Legal Foundation for Your Online Business: Essential Website, Policies, Terms and Conditions

DocPro Legal
Last Updated:

7 Dec 2023

Published On:

4 Jun 2020

min read

Preview Image

If you are planning to start an online business, one of the most important things to think about is which website policies and terms and conditions to implement, such that you secure some level of legal protection and limit your liability. If you are unsure as to what to include, don’t worry, as we’ll be breaking down the most important website policies and terms and conditions for your online business. By following our guide, you can be sure that you’ll cover all the grounds needed to maintain open communication and transparency with your consumers while managing business risks. 




(1) Standard Terms and Conditions


This policy governs what customers agree to and give their consent to when using a service. They are usually referred to as ‘Terms of Use’ or ‘Terms and Conditions' and are not always required by law. However, once in place, T&Cs are legally binding and can help protect your organization and users.


T&Cs are important because consumers must be aware of their rights and obligations. This awareness can also ensure that your business steers clear of disputes that might potentially arise.


For the sake of clarity, your T&C (or a hyperlink) should be visible on every page of your website, and your customer should be given the option to accept the T&C before making an order.


What types of Terms and Conditions do you need?


The content of your T&Cs will vary depending on the nature of your business/location. For instance, the T&Cs for PwC are vastly different from Net-a-porter's - and rightly so. We would recommend you look at other similar online businesses/service providers to determine how best to draft your T&Cs. 


Generally, T&Cs cover pricing, payment, guarantees, liability, data privacy, and security. Your terms must comply with your local regulations, and for websites that supply services to their consumers, it must include cancellation rights for the consumer.  


Basic standard terms and conditions should include the elements as follows:


  • A structure of the legal relationship between the website owner and site users

  • Imposing limitations on website usage

  • Establishing rules on who should legally use the website

  • Granting permission to use materials found on the site


We have created various standard terms and conditions templates, each of which is tailored toward a specific business. For the sake of your convenience, we have compiled the documents into a table below. 



Types of business 

Website / App Terms and Conditions or
User / Subscriber Agreement to Website / App


Website or mobile phone application-based business. 


E.g. Vox, Vulture, Buzzfeed, Instagram

T&C for Professional Services


Professional services provider. 


E.g. Lawyers, accountants, surveyors

T&C for Purchase of Goods


Purchaser, distributor or retailer.

E.g. Walmart, Amazon, Tesco 

Terms and Conditions for Sale of Goods



Individual sale and purchase transaction

E.g. Net-a-Porter,  Harrods, Liberty 




What governing law and jurisdiction should apply in the T&C? 


Since online stores can be accessed globally, you must state the governing law and jurisdiction you intend to apply to the T&Cs. The last thing you want is to be sued in a foreign country where you know nothing about the local law. Most online businesses pick the governing law and jurisdiction where their online businesses operate. For instance, if your business is registered in the United States and you are operating an online business from the United States, the governing law of the T&Cs should be the law of the United States.


A governing law and jurisdiction clause in a T&Cs would look something like the clause below:


"Use of this website shall in all respects be governed by the laws of [jurisdiction], regardless of laws that might be applicable under principles of conflicts of law. The parties of this T&Cs agree the courts located in [country], and [country] shall have exclusive jurisdiction over all controversies arising under this." 

To pick on a jurisdiction that is most advantageous for your business, you might want to consider which law has the best interpretation for your clause, the location of your buyer (and your company), the location of performance of a contract, and most importantly, the jurisdiction that you would like to avoid (e.g. avoid a country that is notorious for having a corrupted legal system).


For more information on the jurisdiction clause, you can see our other guides on the jurisdictions clause:

https://docpro.com/doc302/introduction-to-governing-law-and-jurisdiction-clauses-guide or


(2) Privacy Policy/Data protection policy

What is a privacy policy/data protection policy?


A privacy/data protection policy is a policy that reveals the type of data you collect on your website. It also lists out how consumer data is stored and managed. This type of policy is most important for online businesses that handle personal data or use cookies (i.e. data that keeps track of a user’s preference).  


In most common law jurisdictions, such as Singapore or Australia, privacy policies are a legal requirement. 


There is also one important regulation that you need to know when drafting your data protection policy: General Data Protection Regulation ("GDPR"). GDPR applies when a company is processing personal data, and in general, applies to countries that are within the EU.


Your company might also be subject to GDPR if it is dealing with businesses in the EU, or is processing the personal data of people within the EU. GDPR offers greater data privacy protection (and a very steep fine), and therefore might apply a stricter privacy law requirement than other jurisdictions. 


California has also implemented similar legislation to the GDRP, the California Consumer Privacy Act ("CCPA"). However, the CCPA is only applicable to large online businesses based in California and is therefore not as far-reaching as the GDPR.



Does GDPR apply to my company?


Whether GDPR applies depends on your business model. Generally, GDPR applies as long as your company offers goods or services to data subjects inside the EU, or monitors the behaviour of data subjects within the EU.


It does not matter where your organisation is located. GDPR applies to your company as long as your company collects and processes personal data from an individual located within the EU. 


One exception is that the GDPR does not apply to EU citizens who have their data collected outside the EU.


What should my data protection policy look like?


Your policy should ensure that data collection is done transparently, fairly, and lawfully. The data should be used in a relevant way, and should not be kept longer than strictly necessary. 


If you deploy cookies (e.g. via collecting website statistics), you should make sure to obtain consent from your users before collecting their cookies. Some businesses include cookie terms as part of the Privacy Policy, whilst others have them as a standalone policy (please see below). 


We have created a privacy policy that you can use and place on your website. Click the link below for an example of a pro forma privacy policy that complies with the GDPR requirements: https://docpro.com/doc107/privacy-policy-with-gdpr-website-mobile-app


(3) Disclaimers


What are Disclaimers?


Disclaimers are included in legal notices to indicate that the site owner is not responsible for any potential liabilities. If your online business is of technical or legal nature (i.e. professional services), then you must include disclaimers on your website to protect your online business - particularly on things that are not subject to your control (e.g. IT outages).


Without a disclaimer policy, you might be liable for inaccurate (or non-updated) information provided on your website so far as the user can prove the incorrect message harmed them financially or physically. 


This does not mean that disclaimer policies are 'get out of lawsuit' cards. However, by placing appropriate disclaimers on your website, you will at least be able to argue that you are not liable because you notified the users of the accuracy of your content.


To sum up, disclaimer policies do not necessarily absolve companies from all liability, but they can definitely limit your company from potential liabilities.


Is a disclaimer included in T&C?


A disclaimer is separate from T&Cs. Although the two policies might overlap, it is strategically better to separate T&C and disclaimer to avoid legal problems.


What does a general disclaimer look like?


A general disclaimer might look like this:

"The information contained in this Website / Application is for general information purposes only. The information is provided by [COMPANY] and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is strictly at your own risk. In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this Website / Application." 

However, your website’s disclaimer should be tailored to your business model. Below are some of the most common types of disclaimers that you should consider when drafting your disclaimer:

  • Disclaiming liability for the accuracy of your information

    An error in the accuracy of your content could potentially lead to legal problems.

    To prevent misleading labels or libel lawsuits, you should state that your company does not guarantee the accuracy of your website’s information. 

  • Disclaim physical liability

    This is required if your business sells physical products.  

    To be precise, you should disclaim liability for physical harm that arises from using your product. You should include this type of disclaimer to avoid a potential lawsuit if something unforeseeable does arise.

  • Disclaimer of ownership over your content

  • A disclaimer of ownership can serve as a notice of copyright for a website that consists of personally or professionally made content.
  • Disclaim third-party responsibility

    If your business model is based on revenue generated by advertisement, you likely have no control over advertisements that are served by the 3rd party. To avoid potential legal liability caused by these advertisements, it would be beneficial for you to include a disclaimer that declares you are not responsible for actions done by a third party.

What we mentioned above are examples of disclaimer that is tailored to your business. If you want an example of a disclaimer that is universally applicable, see the link below (or scroll down to the bottom of the page):  


(4) Delivery/Shipping Policy


What is the Delivery/Shipping Policy?


Most e-commerce businesses have a delivery/shipping policy that entails shipping details (e.g. printed tickets) with related costs. For most jurisdictions, this policy is not required by law, but it is still strongly recommended that you still put it on your website.


There are a few key advantages of having a delivery/shipping policy: 


1. Informs customers of the costs of shipping and time of delivery

Shipping and delivery costs are important considerations for consumers as they directly contribute to the overall cost of online products. Online shoppers will usually search for delivery policies to determine their prepaid shipping expenses, with where they live.


With Amazon Prime providing a same-day delivery service, many online shoppers are expecting online products to be delivered quickly by couriers. As such, it is necessary to set realistic expectations with customers regarding the actual delivery time through a shipping/delivery policy.


In addition, you also need to consider including shipping deadlines (especially holiday shipping deadlines), shipping times, and shipping times for international orders.


Generally, the shipping cost and the delivery time are inversely correlated and you may get customers who are willing to wait longer for delivery to save shipping costs. By providing customers with the option to choose from different shipping costs and different delivery times, you can protect yourself from customers who might try to complain about how much the transportation charge is or the delay in delivery. This will save your customer support time to deal with individual enquiries by directing the customers to the shipping/delivery policy.


2. Provide protection in the name of the company

Through a delivery/shipping policy, you can protect yourself and absolve yourself from liabilities whilst also guaranteeing a high consumer satisfaction rate. In addition to shipping details, you should aim to include other information regarding returns and exchanges, product damage, and international shipping expectations.


The more detailed your shipping/delivery policy, the better. You should see the shipping policy as a way of communicating with your clients transparently. 


For general shipping policy, you can use our other document template: https://docpro.com/doc1576/shipping-policy-online-business


(5) Return / Refund Policy


If your business is a retail business (eg: an online cake store), you should list your return policy on your website. Whether you want to impose a strict or loose return policy depends on your business. You might consider imposing a softer return policy (e.g. allows return if there is consumer dissatisfaction) if your foremost goal is retaining customers and luring new businesses in.


Here is an example of a return/refund policy you can use and customise: https://docpro.com/doc110/refund-policy-website-app 

Should you choose not to include a return policy in your website, don’t worry, as we also provide templates of letters you can use to mitigate a hostile consumer situation:



Link to Document

A letter to apologise for the return of goods due to defects



A letter to complain about the return of goods due to defects [For buyers]




(6) Cookie Policy


What are Cookies?


Cookies are small bits of data sent from a website and stored on your computer or other devices in the form of text files by your web browser while you are browsing. They are widely used to remember users, their preferences, and information that they previously entered into form fields, such as names, addresses, passwords, and credit card numbers. 


They are also used to track your browsing activities. Cookies may be set by the website you visit ( "first-party cookies") or by a third party, such as a third party that provides content or advertising or analysis services on the website ("third-party cookies").


What is a Cookie Policy? 


A cookie policy is a policy implemented to inform your users what cookies are active on your website, what user data they track, for what purpose, and where this data is sent around the world. 


Cookie policies are important as cookies constitute a potential privacy risk as they can track, store, and share user behaviour. Therefore, many online businesses choose to put in place a cookie policy as part of their privacy policy to keep things simple. 


Under the GDPR and CCPA, certain legal requirements stipulate that companies should enable users to choose the information they would like to receive, the data they are providing and for what purpose they are sent around the world (along with the choice of preventing it from happening).


Your cookie policy should therefore allow EU and California users to opt out of cookies or change their settings for cookies on your online platform. These rules mean that your cookie policy, in addition to a cookie notice notifying your users of the use of cookies, should also include the option to consent to the use of cookies and options for your users to disable certain cookies.


Many online businesses now have standalone cookie policies. While privacy policies are generally static, cookie policies are dynamic, allowing users to make choices, and also changing frequently (whenever you change your cookies). Procedures should be put in place to update your Cookie Policy whenever there is a change of cookies on your online platform.


For an example of a Cookie Policy that you can implement, please refer to: https://docpro.com/doc1512/cookie-policy-for-website-gdpr-and-ccpa-compliant




In this article, we briefly pointed out the types of policies you might want to include on your website. Whilst we do hope that what we discussed was helpful, you should note that we did not intend to provide a detailed legal analysis, but rather general guidance on the most important matters to be taken into account when drafting legal policies for your online business. 

Please note that this is just a general summary of the position under common law and does not constitute legal advice. As the laws of each jurisdiction may be different, you may want to speak to your lawyer



DocPro Legal

DocPro Legal is a team of legal professionals with a passion for making quality documents and legal contract templates widely available to the public through cutting-edge technology. Our lawyers are qualified in numerous common law jurisdictions including the United Kingdom, Australia, New Zealand, India, Singapore and Hong Kong. We have experience in major law firms and international banks with expertise in business, commercial, finance, banking, litigation, family, succession and company laws. If you would like to become a blog contributor to DocPro, please click the link below:


Data Protection Policy


Gdpr Privacy Policy Template


Gdpr Statement


Gdpr For Small Businesses


Ecommerce Terms And Conditions Template


Does My Website Really Need A Terms And Conditions Page


Do I Need To Register My Online Business


Does My Online Shop Need Terms And Conditions


Pro Forma Privacy Policy


Standard Terms And Conditions


Online Business


Website Policies


Privacy Protection


Gdpr For Dummies




Does My Website Need A Privacy Policy


Do I Need A Privacy Policy On My Website


Where To Put Privacy Policy On Website


Website Accessibility Policy


Do You Have To Have A Privacy Policy On Your Website


Website Accessibility Policy Template


Terms And Conditions May Apply


How To Write Terms And Conditions


Accept Terms And Conditions


Invoice Terms And Conditions Template


What Are Website Terms Of Use


Why Do I Need Website Terms Of Use


How Do I Implement Website Terms Of Use


What Is An E-commerce Terms And Conditions (t&c) Document


Why Should You Have Terms And Conditions For Your Ecommerce Site


What To Include In Your Terms And Conditions


Join Now

You are Master and Commander of
Thousands of Documents

Join one of the largest online documents database created by legal
professionals, with easy to use tools for customization and
jurisdiction selection engine