WordPress (the WordPress.com team) made available their Terms of Service agreement and their Privacy Policy agreement available under the Creative Commons Attribution-ShareAlike 3.0 license.
This means that you can copy the Terms of Service and the Privacy Policy from WordPress for your own website, but should you copy and paste the agreement?
A Terms of Service agreement is optional for your website or mobile app. It's not required by law. It's recommended to have this kind of legal agreement: you can set the rules to which users must agree to in order to use your website, mobile app, SaaS application, etc.
A Terms of Service is not the same as a Privacy Policy.
A Privacy Policy is required by law if you collect personal information (such as email address, first and last names, etc.) from users by laws such as CalOPPA in the US:
- Email address
- First and last name
- Shipping address
- Billing address
- Credit or debit card information to process payments
- And many more categories of data that are considered personal
The purpose of this kind of legal agreement is to simply state that you (your company, your app etc.) will collect personal data, and to explain how, which kind of data is collected, and what you will do with this personal information.
A Privacy Policy is a legal statement that specifies what the owner of a business (website, mobile app, Facebook app, etc.) will and will not do with the personal data collected from users.
The license from WordPress
The license with which WordPress.com released their Terms of Service and Privacy Policy is called Creative Commons Attribution-ShareAlike 3.0.
This license allows you to copy the agreements presented by WordPress.com and adapt it for your website, but you are required to credit WordPress for this agreement (a link back to their website.)
You're also required to release your agreement (with whatever edits you did on top of the original agreement from WordPress) under the same license, the Creative Commons Attribution-ShareAlike 3.0.
This means that users can copy your own Terms of Service and/or Privacy Policy agreement and adapt it for their own website. They also must release their own agreements under the same license.
Briefly, the Attribution-ShareAlike 3.0 license allows you to:
- Share the agreement, meaning: to copy, distribute and transmit the work
- Remix the agreement, meaning: to adapt the work
- Make commercial use of the work, meaning to use it for a commercial website
But, under these conditions:
- Attribution, meaning: you must attribute the work to the right owner (in this case, WordPress.com)
- Share Alike, meaning: if you build upon this work, you may distribute the resulting work under the same license, Attribution-ShareAlike 3.0
Copy-paste the Terms of Service from WordPress
You can copy the Terms of Service of WordPress.com, but it's important to keep in mind that their agreement is suitable for their own business needs, their own website functionality, etc.
Your business can be completely different and include a clause from WordPress.com Terms of Service, that doesn't align with your industry, and therefore isn't a good solution.
Remember that a Terms of Service is the contract which binds users to the rules you've set:
A Terms of Service Agreement is a set of regulations which users must agree to follow in order to use a service.
If you're drafting your own Terms of Service, you can copy parts of the agreement presented by WordPress such as the "you agree to become bound by the terms and conditions of this agreement" section:
Please read this Agreement carefully before accessing or using the Website. By accessing or using any part of the website, you agree to become bound by the terms and conditions of this agreement. If you do not agree to all the terms and conditions of this agreement, then you may not access the Website or use any services. If these terms and conditions are considered an offer by Automattic, acceptance is expressly limited to these terms. The Website is available only to individuals who are at least 13 years old.
Their Intellectual Property, which we already covered in our Terms and Conditions Sample and Meaning article, reads like this:
This Agreement does not transfer from Automattic to you any Automattic or third party intellectual property, and all right, title and interest in and to such property will remain (as between the parties) solely with Automattic.
If you need the Intellectual Property clause in your Terms of Service, this clause above from WordPress.com is a good starting point.
Their Terms of Service can provide with a good basis to start your own agreement.
You can copy most of their sections and clauses if you know that these are going to fit the needs of your website, such as Introduction, Intellectual Property, Termination and so on.
Copy-paste the Privacy Policy from WordPress
Can you copy-paste the Privacy Policy? The short answer is Yes. You can copy the agreement from WordPress.com/Automattic.
But remember to double-check to make sure that it applies to your own website and your own business needs.
Your business can have different needs than the needs of WordPress.com. That's why copy-pasting the Privacy Policy from WordPress.com isn't a good solution.
If you're developing an iOS app you need a Privacy Policy adapted for iOS requirements. Similarly, if you're in the SaaS industry, you need the agreement specific to SaaS apps.
If you're drafting your own Privacy Policy, the agreement by WordPress.com provides you with a good starting point, and you can copy certain clauses for your own agreement.
The "Cookies" clause is important to have in any Privacy Policy agreement because you need to inform users that you or any third-parties you use - such as Google Analytics - will be placing cookies on users' devices for various reasons:
A cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns. Automattic uses cookies to identify and track visitors, their usage of the Automattic website, and their website access preferences. Automattic visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using Automattic's websites, with the drawback that certain features of Automattic's websites may not function properly without the aid of cookies.
The "Privacy Policy Changes" clause is also good to add in your own agreement, as you must inform users about how you'll notify them of any upcoming changes to your Privacy Policy:
Although most changes are likely to be minor, Automattic may change its Privacy Policy from time to time at Automattic's sole discretion. Automattic encourages visitors to frequently check this page for any changes to its Privacy Policy. If you have a WordPress.com account, you should also check your blog's dashboard for alerts to these changes. Your continued use of this site after any change in Privacy Policy will constitute your acceptance of such change.
Note that telling users "to frequently check this page for any changes" is no longer recommended. That's called a browsewrap agreement and it's no longer a good best practice to follow.
Comprehensive compliance starts with a Privacy Policy.
Comply with the law with our agreements, policies, and consent banners. Everything is included.