MAKING YOUR WEBSITE LEGALLY COMPLIANT
Know your website needs legal protections, but don’t know where to start? I’ve got you bestie. Me and my team have put together this guide with your need-to-know basics. We’ll cover Cookies, Privacy Policies, Data Security, Accessibility, Copyright, Spam Laws, and Terms and Conditions, in other words, the broad categories you need to consider to keep your website legally compliant.
But first, a disclaimer. This blog does not constitute legal advice, nor is it or can it be 100% thorough. Laws change by jurisdiction and new stuff is always being created. Join our compliance newsletter at the bottom of the page, and we will do our best to update you with changes.
Cookies
Website cookies, unlike actually cookies are not exciting nor delicious. If you’re new to this new type of cookie, here’s what wikipedia has to say about them in part:
“HTTP cookies…are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer or other device by the user's web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user's device during a session.
Cookies serve useful and sometimes essential functions on the web. They enable web servers to store stateful information (such as items added in the shopping cart in an online store) on the user's device or to track the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited in the past).[1] They can also be used to save for subsequent use information that the user previously entered into form fields, such as names, addresses, passwords, and payment card numbers.”
Your website is probably using cookies even if you’re unaware. European and Californian laws require you to notify your site visitors about these cookies using a Cookie Policy. It’s required if folks in those jurisdictions visit your site, and these laws are expanding, so consider it a must.
I found some mixed information on whether you need a standalone cookie policy, or if it can simply be a part of your privacy policy (discussed below). The quick takeaway is that a separate cookie policy is better (specifically for compliance with EU law). Those can look like a separately linked agreement or a cookie notice popup that are becoming more popular. Meanwhile, including it in your privacy policy is likely fine for now.
Regardless of where it’s located, the policy must:
Disclose use of cookies
Include a Cookie Policy or link to your Privacy Policy which has a Cookie Policy section
Allow users to Opt-In to cookie use
And clearly communicate:
What cookies are used
What information is gathered
Why and how the information is gathered
If a third party is involved
How users can opt in, opt out, or customize their cookie experience
Privacy Policy
Laws dictate that we pretty much all must have website privacy policies. Luckily, they’re not all the complicated. You only need a solid template, which should state:
What data is collected
How the data is collected
When the data is collected
Where the data is collected
If the data is shared with third parties
The rights of users regarding their data, including the right to request a copy and/or deletion of their data.
Contact information for the person in charge of data privacy in your organization, including their title
A fabulous privacy policy is one of dozens of templates you can get in our Contract Club. It’s only $30!
- JOIN THE CLUB -
- JOIN THE CLUB -
All the templates you need. All in one place. Just pay the cover, and you’re in for life.
We’ve got more posts
Need more legal basics to make sure your business is and 🍑 is covered? Start with this juicy posts on the legal essentials for your business.
Data Security
You are legally responsible for the security of any user data you collect. Pay close attention here, especially if you process payments through your website.
Secure your users’ data by:
Choosing a secure hosting platform
Acquiring an SSL certificate
Using your SSL certificate to use HTTPS in your URL
Staying up to date on all software/plugin updates
Using a strong firewall
Using security programs on any computer with access to the data collected on your website.
If you’re like me, you may be thinking “the fuck does any of that mean.” In which case, I have one hot tip. Use serious professional third party companies that specialize in data collection when necessary. For example, use Stripe and Square to collect payments rather than having someone punch their banking info into a random form embedded on your website. Use professional client relationship management programs if you must get addresses or socials.
Those third party companies can be better relied on to be doing the things bulleted above.
By law, if you experience a data breach, you must be able to identify the data accessed and you must disclose the breach to affected parties.
Accessibility
Did you know the same law that requires places of public accommodation to have wheelchair ramps also affects the internet? Under the Americans with Disabilities Act (ADA), your website needs to be accessible to people with disabilities. That means it must work with Assistive Technologies such as screen readers, and conform to the Web Content Accessibility Guidelines.
Here are some important features to include to create an accessible website:
Alternate text for images (Alt text is a text description of an image or graphic. Alt text is displayed when the image does not load, or when a screen reader detects it.)
An accessibility plugin
A statement of commitment to accessibility, with a feedback form
Contrasting colors for text
Clear error messaging (If a person makes an error in completing a form, does the website tell them what the error was?)
Complete navigation via keyboard
Transcripts/captions for time based content (Time based content includes audio and video)
Copyright
Protect your content and respect the ownership rights of others.
Content which you create is protected by copyright law regardless of whether you register the copyright. Mark your work as copyrighted to prevent theft, and to give yourself a stronger case in court if you ever need to sue. To protect all the content on your website, you need a Copyright Notice. Typically included in a website’s Footer, a valid Copyright Notice includes:
© OR “Copyright” OR “Copr”
The year the website was published
The name of the copyright owner
Your Copyright Notice should look something like: “© 2023 Braden Drake”
Spam Laws
Any marketing conducted via email is governed by laws in the United States, the European Union, the UK, and Canada. Here are the Do’s and Don’ts of email marketing:
The Do’s
Ask permission before sending any marketing emails
Keep a record of consent
Only send email relevant to the business they agreed to receive emails from
Include an obvious, working “Unsubscribe” link at the bottom of every marketing email.
Honor opt-out requests promptly
Identify the message as an advertisement
Tell the recipient where your business is located
Monitor any emails send on your behalf by third parties
The Dont’s
Use false or misleading header information
Use deceptive subject lines
Program Terms
Program terms of service, I’d argue, can be the same as client contract. Program terms are like a client service agreement but they live on your website or elsewhere on the internet. When people download your products or make purchases on your website, they check that little box that says “I agree to the terms of service.” You need to have terms that essentially serve as the agreement for that offer.
Your Web terms should include:
Terms of acceptance
Disclosures
Disclaimers
Legalese must-have clauses such as Venue, Force Majeure, Severability, and Waiver
If you have a library of templates, you could link to the same agreement for each. If you sell group programs and memberships, you’d like want a separate agreement for each. We also have templates for each of these in our Contract Club.
I WROTE A WHOLE-ASS BOOK, AND
I never thought people would be jazzed about reading a book on law in tax, but the reviews are in! And most read something like "I read this whole book, and I didn't hate it, and now I know stuff.
But for real, it walks you through my full "Unf*ck Your Biz Framework" - something I created for my first course, which was $2,000 and saw over 70 graduates - and is like the A to Z guide to get you started.
UNF*CK YOUR BIZ, THE BOOK -
UNF*CK YOUR BIZ, THE BOOK -
“I never thought I would say I enjoyed reading a book on taxes, but I definitely did. Braden’s wit and spunk made this, often times, traumatic topic of taxes, actually really fun and enjoyable. He put into perspective the proper ways of filing your taxes, as well as covering if you should become an LLC, S Corp or sole proprietor, for small business owners. It was jam packed with knowledge and key tips that I have already put into effect in my own business! I’m so thankful that Braden has decided to share his knowledge and help us small business owners. Highly, highly recommend reading this book and getting your legal stuff figured out!”
- Kelsey, Owner of Kelsey Rae Designs