This is a guest post from KJ Dearie, a product specialist and privacy consultant for Termly, which helps businesses create legally-compliant policies for their websites.

Legal documentation isn’t the most exciting part of running an online business—but it’s a necessary one.

You know what you sell, who you sell it to, and how to sell it right. What you may not know is that your eCommerce site could be undermined by a simple lack of appropriate policies—the lack of which could potentially put your business in severe legal jeopardy.

Here are the three major policies your eCommerce site needs to have. 

Privacy policies are commonly acknowledged as a must-have for any business operating online. They’re especially important for eCommerce sites. 

Online stores rely on the collection of data like names, email addresses, and credit card details to operate successfully. When you’re gathering, sharing, storing, or otherwise processing those customer details, you have a legal requirement in virtually every jurisdiction worldwide to post a privacy policy—or pay a steep price. 

Let’s look at what a successful eCommerce privacy policy needs to be.

Transparent

To build trust with your customers and comply with data privacy laws, your privacy policy needs to be transparent. 

Transparency isn’t just about gaining consumer trust, it’s a legal requirement of the General Data Protection Regulation (GDPR). One of the most comprehensive, strict, and far-reaching privacy laws in the world, the GDPR is applicable to any business or website that targets citizens or residents of the European Economic Area (EEA). 

Article 12 of the GDPR states that businesses must present users with clear and transparent documentation of their data-handling practices. 

[Sites] shall take appropriate measures to provide any information … in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

Article 12, GDPR

With fines for violating the GDPR as high as €20 million ($22.1 million USD) or four percent of your annual revenue (whichever is higher), the price to pay for not having a transparent privacy policy is far too steep to ignore. 

Comprehensive

Privacy policies aren’t just disclaimers that you collect data. Under laws like the GDPR, privacy policies need to be clear and detailed regarding all aspects of your data collection. (For reference, Jilt has taken several measures to make sure your store’s email marketing efforts are GDPR compliant.)

Here are some details you need to include in your privacy policy:

• The what, how, and why of data collection
• The third parties (or general categories of third parties, e.g., service providers) with which you share user information 
• Where data is transferred to and from
• Your company’s contact details (including relevant privacy personnel)

If you choose to forego attorney assistance in making your privacy policy, online templates and privacy policy creation software are two of the easiest ways to ensure your policy has all the necessary information. 

Interactive

The California Consumer Privacy Act (CCPA), a law that applies to businesses that target California residents, follows in the footsteps of the GDPR.

One of the many CCPA requirements that eCommerce sites need to be aware of is the right of consumers (California residents) to deny the sale of their personal information. 

To meet this guideline, you need to add instructions about California consumers’ rights to your privacy policy, along with links that allow consumers to act on their rights.

Similarly, the GDPR requires businesses to post links and instructions in privacy policies that allow users to request access to view, edit, or delete their data.

So, if you have customers in either the EEA or California, it’s important that your privacy policy include interactive elements that allow consumers to act on their rights. 

Unlike a privacy policy, terms and conditions aren’t necessarily mandated by law. Rather, terms help protect your online business in the event of litigation. 

Here are three big ways terms and conditions can save your business.

Prevent abusive customers

Your terms are a contract between your site and its users. Within this important document, you have the power to determine what is and is not appropriate behavior on your site.

Do you allow comments? Reviews? Community and user-generated content? All of these outlets have the potential to be abused by customers, possibly creating a hostile environment for your business or other site users.

By establishing your boundaries in your terms and conditions, you have the right to discontinue customer accounts and boot abusive users from your platform. 

Prevent intellectual property theft

With the amount of intellectual property (IP) online today, it’s essential that rightful owners stake their claims on their creative assets. Lay claim to your creative properties, including content, logos, and images, in your terms. 

If property disputes or battles over IP were to arise, your terms could save you from losing the rights to your hard work. 

Prevent a losing legal battle

Unfortunately, eCommerce sites run the risk of falling victim to litigious customers. In the event that a customer tries to lodge a complaint against your business, terms and conditions could be the winning weapon in a legal battle. 

To fully leverage the legal power of your terms, have users consent to the terms and conditions agreement you create by presenting a banner or popup to first-time users that links to your terms and asks them to agree to your policy. 

Return policies are nothing new for the eCommerce industry. And yet, many online businesses overlook the importance of making a well-tailored return and refund policy. 

A study found that 96 percent of online shoppers would shop at a store again if they had a good returns experience. (PDF) That means a clear, easy, and transparent policy on returns can help you retain customers. 

You may even already have a return policy—but is that return policy good enough? Here are some questions you need to ask yourself when making or updating your return policy.

What are my shipping restrictions?

Shipping and delivery clauses may be the single most important component of your return policy. Why? Research shows that online returns will cost companies $550 billion this year. 

As customers shift their focus to online shopping instead of brick-and-mortar retail, more and more shoppers are taking advantage of free returns and company-handled shipping. 

For mega-retailers and large marketplaces, that’s a cost they can absorb. But if your store can’t afford to be overly generous with shipping and handling costs, you need to outline your return stipulations clearly in your policy. 

For example, you can add a clause offering to handle the shipping costs of defective or incorrect products, but clarify that shipping on other returns are the responsibility of the customer. 

Are my guidelines for digital products different?

While you may be shipping out goods, you also may be selling online products, software, or services. 

Surprisingly, many online stores use one-size-fits-all return policies that aren’t customized to their business—meaning digital products and services aren’t even mentioned. 

Your return, refund, and exchanges clauses need to be specifically tailored to what you offer, and what kind of returns your business can support. 

For example, you may be generous with physical product returns, but offering full refunds on downloadable content could lead to customers taking advantage of you. 

What other policies should I link to?  

To harness the full force of your site’s policies, create an arsenal of documents that complement each other. The legality and comprehensiveness of your return policy can be bolstered by referencing other policies you have on site. 

For example, if you offer subscriptions to customers, guidelines for cancelling or refunding subscription plans will likely be coupled with your terms and conditions. Make sure these documents link to one another and work together to outline your boundaries for membership cancellation. 

While legal documentation isn’t the most thrilling aspect of running an eCommerce store, it’s undeniably an important one. There are three major policies your store needs to have in place to protect it in the future.

A privacy policy is a must-have for every business operating online. It lets your customers know what you’re doing with their data and is a legal requirement in virtually every country. A successful privacy policy will be:

• Transparent. Let your customers know exactly what you’re collecting and what you’re doing with that info. This is especially important under the GDPR, as the fines for not having a fully transparent privacy policy can extend into the tens of millions of dollars.
• Comprehensive. Your privacy policy should cover every aspect of data collection.
• Interactive. Include links in your privacy policy that allow people to choose what happens with their data. These links are legally required in California and under the GDPR.

Terms and conditions aren’t legally required like a privacy policy, but they can protect you in the event of litigation. You can use your terms and conditions in a variety of ways:

• Prevent abusive customers. Establish boundaries for user-submitted content, from comments to reviews, so you can ban abusive users.
• Protect intellectual property theft. Claim your content in case a battle over intellectual property arises. 
• Prevent a losing legal battle. If a customer sues your site, your terms and conditions can help you win—especially if you require users to consent to the terms the first time they arrive at your site.

And finally, it’s important to lay out a clear return policy. This helps your customers know your guidelines if they want to return something to you—and could help you avoid losing a fortune from things like return shipping fees in the future.