Depending on your website or mobile/desktop app, you'll need either a Privacy Policy agreement and a Terms and Conditions (T&C) agreement, or both.
Each of these two legal agreements serves different purposes for both you (the company operating the website/mobile app) and your users.
So, what's the difference between these two agreements?
In short:
- A Privacy Policy agreement is required by law if you collect or use any personal information from your users, e.g. email addresses, first and last names etc. The purpose of this agreement is to inform users about your collection and use of personal data of users.
- A Terms & Conditions (T&C) agreement sets forth terms, conditions, requirements, and clauses relating to the use of your website or mobile/desktop app, e.g. copyright protection, accounts termination in cases of abuses, and so on.
The agreements
What's a Privacy Policy
If your website or app (regardless if it's a mobile app or a desktop app) collects and uses any kind of personal information from users, you're required by law to have the Privacy Policy agreement and make it available to your users, preferably before they start using your website or app.
"Personal information" can include any information that can be used to identify an individual, such as a name, email address, mailing address, birthdate, IP address, etc.
In the United States, for example, California's Online Privacy Protection Act (CalOPPA) requires businesses that collect any personal information from users in California to have a Privacy Policy agreement.
And, due to the widely accessible nature of online businesses (like e-commerce stores), CalOPPA in effect means that any websites or apps (especially US businesses) that collect personal information from users must have this legal agreement since limiting a California audience is not feasible.
CalOPPA requires that this agreement is conspicuously posted on the website or through the app, to include the word "Privacy" in the title of the agreement and in the link's text that links to this legal page.
It requires that the following to be disclosed by a business:
- What personal information is collected through the website/app
- What's the purpose of collecting this information
- How the collected information is used by business and/or by any third parties
- How can user review and make changes to their information
In the EU, the GDPR calls for an increased protection of privacy rights. If you collect any personal information from people in the EU, you must have a Privacy Policy according to the GDPR. This rings true whether your business is located in the EU or not.
How to Create a Privacy Policy for Your Website
- Click on the "Start the Privacy Policy Generator" button.
- At Step 1, select the Website option and click "Next step":
- Answer the questions about your website and click "Next step" when finished:
- Answer the questions about your business practices and click "Next step" when finished:
- Enter your email address where you'd like your policy sent, select translation versions and click "Generate My Privacy Policy." You'll be able to instantly access and download your new Privacy Policy:
What's a Terms & Conditions
A Terms and Conditions agreement (T&C), but also known as a Terms of Service or Terms of Use agreement, is the legal agreement that sets forth the rules, requirements, and standards of using a website or a mobile/desktop app.
For example, common sections of a T&C include information on copyrights, account deactivation if certain users abuse the website or app, billing and subscriptions (especially for SaaS companies), forbidden activities and uses of the website platform, and various disclaimers.
Here's an example of the table of contents of the Terms and Conditions of RentalCars that shows the wide range of areas this kind of legal agreement can cover:
A Terms and Conditions is not required by law, unlike a Privacy Policy, but it's highly recommended to have one as you can prevent abuses happening to your website or mobile app, and to limit your own liability as the owner of the online business.
Without this kind of agreement in place, and without it being properly enforced, there's no way for you can legally limit or control how anyone can use or can't use your website or app.
Issues of copyright infringement can appear if users make use of your content without your permission or issues of abuses such as someone spamming other users or posting defamatory content on your website.
A Terms & Conditions agreement lets you include language to forbid such activity, and can also provide a remedy (such as accounts deletion) in the event these abuses do occur.
It's highly recommended that online business (regardless if they operate just a simple website or a simple mobile app) that allow or require a user to register for an account have this agreement in place and present it to users at the time of their account registration.
Desktop apps also benefit heavily from having a T&C, besides benefiting from having an EULA agreement.
How to Create a Terms and Conditions for Your Website
- Click on the "Start the Terms and Conditions Generator" button.
- At Step 1, select the Website option and click "Next step":
- Answer the questions about your website and click "Next step" when finished:
- Answer the questions about your business practices and click "Next step" when finished:
- Enter your email address where you'd like your agreement sent and click "Generate My Terms and Conditions." You'll be able to instantly access and download your new agreement:
What to use
A single agreement or separate
If you're going to have both legal agreements - one Privacy Policy agreement and one Terms & Conditions agreement - always keep them separate.
While both agreements can reference each other, and the T&C agreement can have a section relating to privacy (which should link to the Privacy Policy), you should create two separate legal agreements.
Remember that it's also required by CalOPPA to have the word "Privacy," but keeping these agreements separated makes it easier for users to browse both legal agreements and to understand that there are multiple legal agreements to be aware of.
Here's the list of sections in the Terms and Conditions agreement of Opodo:
You can see how Opodo's disclosures on privacy and other separate policies (such as its "Cookies Policy") are included in a single agreement, called "Terms and Conditions."
You could include the entire statement of your privacy practices in a Terms & Conditions, like Opodo, but you won't comply with CalOPPA's requirements.
Here's the "Privacy" section within the Terms of Service of Twitter. It mentions basic privacy info, as well as a link to Twitter's full and separate Privacy Policy agreement page:
This can a great way to bring information about your privacy practices into the Terms & Conditions agreement and still maintain a separate agreement that deals with your privacy practices.
The Terms and Conditions can be named anything you'd like. Common names for this agreement include a Terms of Use, Terms of Service, or User Agreement. What you call this kind of legal agreement isn't as important as what's actually in the agreement.
eBay calls this kind of agreement, "User Agreement." It includes relevant information regarding using the eBay's website, intellectual property issues, purchasing and listing conditions, disclaimers of warranties and limitations of liability, and a section on enforcement of the policy.
Instagram calls this kind of agreement a "Terms of Use." It includes information on using the service (the website and the mobile app), information about copyright violations, the rights of users, limitations of liability for the company, and a general conditions section:
Twitter calls this kind of legal agreement a "Terms of Service." Sections such as limitations, rights, and licensing information for those who use the service (both Twitter's website and Twitter's mobile app) are included, as well as standard restrictions, disclaimers, and account termination sections:
Here's what you should keep in mind for Privacy Policy agreement:
- Create this agreement separately from all other legal agreements. Include information that needs to be disclosed as required by CalOPPA and the EU Data Privacy Directive.
- Make sure the agreement is an honest and accurate reflection of what personal information you actually collect and how you actually use that data.
- Include the word "Privacy" in the name of this agreement and in any links you provide that links to this legal page.
- Make sure this agreement is it's own separate agreement, regardless where you display it: in your website's footer section, on one of your mobile app's screens, and so on.
Privacy Policies should document your privacy practices. Update it as soon as anything changes, such as if you begin to collect a different type of personal information from your users, or if you begin to allow third parties to access the information when you didn't in the past.
Here's what you should keep in mind a Terms & Conditions agreement:
- You can create this agreement to include licensing rights, rules and guidelines for your users.
- Include a section that allows you to terminate user accounts in the event of abuses, or under any circumstances, you wish to include.
- This agreement is where you can maintain control over your website or app, so make sure to include any limitations and restrictions that you want to be able to enforce.
Comprehensive compliance starts with a Privacy Policy.
Comply with the law with our agreements, policies, and consent banners. Everything is included.
