Founders of e-commerce businesses can often be so wrapped up in getting to market and scaling as quickly as possible that they overlook legal protection for their business. Operating any business, let alone one providing goods or services over the Internet, without important legal safeguards in place is like trying to cross the 101 Freeway every day wearing a blindfold. Could you get away with it? For awhile, perhaps. However, sooner or later, the odds will catch up–with potentially catastrophic results.
In this post, we’ll cover the five essential legal agreements which every e-commerce site should have. Understand that this list is merely intended to describe the most basic documents that your e-commerce site should have in place. It is not meant to be exhaustive. There are other, no less important agreements separate from your website that you will also want to consider with your employees, contractors, and strategic partners at some point.
1. Terms and Conditions
Whether your venture is more website or app based, I cannot stress the importance of this key legal agreement enough. Tremendous care should be taken to make sure that your T&Cs are drafted properly and tailored to your business model and its user base.
In addition to describing to visitors and users what your website/app is about, well-drawn T&Cs can specify how the site can and cannot be used, both identify and protect your ideas and any intellectual property, as well as establish who owns the rights to published content (including that uploaded by users).
T&Cs can also establish a user code of conduct, including what specific behavior is prohibited, as well as setting forth your company’s right to suspend or terminate user accounts for violating the terms. Good T&Cs will also provide for which state’s law will interpret the T&Cs and in which jurisdiction any disputes will be heard (and resolved).
On that score, I’ve prepared a few T&Cs that address procedures to be followed by both user and the site itself in case of a dispute, in addition to specific provisions limiting the types of claims and capping a site’s liability for certain damages (see Warranty Policy below).
Until a national-level GDPR-like law is passed, the Federal Trade Commission is on the beat. Sort of. In this section, we take a look at the patchwork of U.S. laws and regimes involving general (as opposed to medical or financial) online privacy that the FTC has as part of its enforcement toolbox.
Section 5(a) of the Federal Trade Commission Act, 15 U.S.C. § 45(a), prohibits “unfair and deceptive acts or practices in or affecting commerce”. Using this very broad language, the FTC can issue an administrative complaint against a company when it has reason to believe that the law is being violated and that a proceeding is “in the public interest”.
Finally on the general privacy front, if your e-commerce company has started its application to participate in initiatives like EU-U.S. Privacy Shield, Swiss-U.S. Privacy Shield (which replaced the U.S.-EU and U.S.-Swiss “Safe Harbor” regimes, respectively), or APEC’s CBPR system, avoid claiming participation in such a program unless and until your application has actually been approved.
The FTC has dropped the hammer on several companies whose use of the Privacy Shield logo and descriptors on their site was found to be deceptive to consumers–particularly since these companies had yet to receive certification from the Department of Commerce! It is important to remember that Privacy Shield participation requires ongoing compliance and re-certification. Letting your e-commerce site or app’s certification lapse means that a claim of participation in Privacy Shield is now untrue.
“Cookies”, or tiny files are stored on a user’s computer or device intended to hold that user’s data specific to a third-party client or website, are commonly used by e-commerce sites to do such things as identify and count visitors, retain user login details and preferences, and help users to shop and make use of e-billing services.
Third-party tracking for the purpose of advertising and affiliate sales is one of the primary uses of HTTP cookies. The problem is, if your e-commerce site or mobile app is using cookies for this purpose, the FTC has said that you must let your site visitors know what you’re doing. The Commission has taken the position that a failure to provide truthful information about your tracking practices could violate the FTC Act.
4. Return Policy
Just because you’re not selling out of a traditional “brick and mortar” store doesn’t mean you can ignore the return policy. Whether your site sells (or re-sells) widgets or services, a clear and well thought-out return policy can be critical to your customer’s happiness and, consequently, your business’ reputation and brand.
A good return policy should cover such things as: how many days the customer has to return the purchase, whether the customer will get a refund (or a credit or replacement), who pays for the shipping or return of the product, how and by when the product must be returned, as well as the refund policy for digital products or in-app purchases, among other information.
In addition to creating legally enforceable terms between you and the customer, a well drafted (and especially fair) return policy has the power to turn a new client into a long-term customer. While the tendency may be to ignore the return policy, or leave it up to your Customer Support team to improvise when the time comes, take some free advice and don’t. Doing so could be very costly to you and your e-commerce business.
5. Warranty Policy
A warranty is like insurance for your customers but specifically giving them certain guarantees (which you establish) for the performance of your products or services.
Depending on your business and customer base, the warranty policy can be either a part of the terms of service, or can be a standalone agreement (I’ve done it both ways).
There are several business-related and competitive reasons why your e-commerce company would want to have a warranty policy. It might be customary in your industry to do so, your competitors may offer similar warranties, or your product or service may be so novel and unproven that you want to help reduce the perceived risk for the customer.
From our standpoint as a business and technology law firm, however, the warranty policy offers the cleanest and most practical way of adjusting or shifting risk from your business to the customer.
What do I mean? A carefully crafted warranty policy can address such issues as the product’s intended use, prohibited uses, maintenance and care requirements, and shelf-life information, how long the warranty will run and what it will and will not cover. Perhaps more importantly (to us lawyers anyway!) an express warranty can also help to reduce or place a limit on your liability should the product fail, thereby reducing you and your e-commerce business’ risk exposure.
Ben Bhandhusavee is the Managing Attorney for BHANDLAW, PLLC, a Phoenix business and technology law firm working with start-up companies, creative intellectual property, Internet and digital media matters, and complex corporate M&A and technology transactions. Ben can be reached at (602) 222-5542 or by e-mail at email@example.com