The legalese contained on a website (commonly a User Agreement, Privacy Policy and Disclaimer) informs users of the host’s policies and procedures governing the website’s use; the collection, use and storage of personal information; and limitations to the host’s obligations or potential liabilities.  Carefully crafted website legalese can help to set a user’s expectations and may facilitate dispute resolution or avoidance. 

User Agreements

User Agreements, otherwise known as the Terms of Use or Terms and Conditions, are intended to be legally binding agreements setting forth the host’s rules as to how the website should or should not be used.  User Agreements typically include the following elements:

  • A statement that the User Agreement is a binding contract and that users agree to the contract by using the website.

  • Notice that the User Agreement may be changed.

  • Prohibited uses of the website.

  • Intellectual property protections and procedures.

  • Account suspension and termination procedures.

  • Disclaimers, warranties and limitations of liability.

  • Language consenting to the collection of personal information.

An effective User Agreement will be tailored to the specific purposes of the website.  For example, a website serving as the internet presence of a retailer may include terms relating to payment information, return or refund policies, among other relevant considerations.  Although different websites’ User Agreements may contain many similar elements, the specific language of any one User Agreement should be driven by the particularities of the website itself.

The enforceability of a User Agreement depends on two key factors: (i) effective notice of the User Agreement; and (ii) approval by the user to be bound by the User Agreement,[1] either expressly, for example, by clicking “I Agree,” or impliedly through the user’s conduct.  Thus, it is important to consider how approval of the User Agreement will be obtained, including whether access to the website will be blocked until an express agreement is secured.  A balancing of ease of use with enforceability of the User Agreement will depend on the website’s purpose.

Privacy Policies

A website Privacy Policy informs users of the host’s procedures for collecting, using, disclosing and storing personal information such as names, addresses, phone numbers and credit card information.  A Privacy Policy is an essential document in ensuring compliance with various federal and state regulations and developing a relationship of trust with users.  Privacy, especially that of children, is an enforcement priority of the Federal Trade Commission (“FTC”).  Accordingly, strong precautionary measures must be taken by websites to ensure personal information remains private and to comply with applicable federal and state privacy and securities laws.

An effective Privacy Policy typically addresses the following issues:

  • The types of data collected by the website and any third-party providers, including user submitted information, information collected automatically (such as IP addresses) and cookies.

  • What options are available to the user to prevent the collection of data.

  • What is done with the data and with whom it will be shared.

  • How the data will be stored and protected.

  • Any information required by applicable federal, state and industry laws and guidelines.[2]

  • How a user can see what data is being held about them and what they can do to change, update or delete it.

  • How disputes are to be resolved.

  • The effective date of the policy, including any and all updates.

  • Contact information where users can seek more information or send notices.

Once a Privacy Policy is in place, it should be regularly reviewed to ensure that it reflects any material changes in the collection, use or disclosure of data.  Moreover, it is important that the Privacy Policy is adhered to in practice to avoid any enforcement actions, most notably by the FTC for deceptive trade practices.


A legal disclaimer seeks to limit a website operator’s obligations and exposure to liability.  The type of disclaimer will vary based on the product or services being offered.  Some common disclaimers include:

  • An “as is” disclaimer, which informs users that the content of the website is provided “as is” and that the operator cannot provide any guarantees as to accuracy, completeness, legality or reliability of the information presented.

  • A disclaimer stating that any warranties, promises or representations of any kind are not given as to the nature or accuracy of the information provided on the website.

  • A disclaimer stating that the website operator shall not be liable for any loss or damage of any kind.

  • A disclaimer concerning the collection, storage and use of personal information by any third-party.

The enforceability of a waiver depends on a user’s actual or constructive knowledge thereof. Accordingly, disclaimers should be clear and conspicuous.  However, certain disclaimers may not be enforceable pursuant to federal or state law.  Thus, an effective disclaimer should take into consideration the website’s intended audience and any particularities of the jurisdictions in which users may reside.


[1] See, e.g., Nicosia v., Inc., 834 F.3d 220, 233 (2d Cir. 2016) (citing Schnabel v. Trilegiant Corp., 697 F.3d 110, 129 n.18 (2d Cir. 2012)).

[2] Federal laws include, but are not limited to: (i) the Health Insurance Portability and Accountability Act (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), applicable to healthcare related activities; (ii) the Gramm-Leach-Bliley Act, applicable to financial services; (iii) the Fair Credit Reporting Act, applicable to data broker activities; (iv) the Family Educational Rights and Privacy Act (“FERPA”) and the Protection of Pupil Rights Amendment (“PPRA”), applicable to the educational sector; and (v) the Children’s Online Privacy Protection Act (“COPPA”), applicable to child-directed content. State laws include, but are not limited to: (i) the California Online Privacy Protection Act (“Cal-OPPA”); and (ii) the Delaware Online Privacy and Protection Act (“DOPPA”).

ATTORNEY ADVERTISING. This document is provided by P. Taylor Legal, PLLC for information purposes only and is not intended and should not be construed as legal advice.