What Legal Pages Does Your Website Need: Terms, Privacy Policy, and Disclaimers
A website without the right legal pages exposes you to liability for the content you publish, fails to limit your responsibility for how visitors use your information, and in many jurisdictions violates consumer privacy laws. Here is what you actually need and what each page does.
READY TO TAKE ACTION?
Use the free LaunchAdvisor checklist to track every step in this guide.
The quick answer
Every business website needs a privacy policy (legally required if you collect any data), terms of service (limits your liability and sets usage rules), and a cookie policy (required in the EU and many US states). If you provide financial, medical, legal, or investment information, you also need a disclaimer. Most businesses need all four.
Privacy policy: what it is and what it must cover
A privacy policy discloses what data you collect from visitors, how you use it, who you share it with, and how visitors can request deletion or correction. Required if you collect: email addresses, contact form submissions, payment information, analytics data (Google Analytics counts), or any other personal information.
Must include under GDPR: legal basis for processing, data retention periods, rights of data subjects. Must include under CCPA: categories of data collected, right to opt out of data sale, Do Not Sell My Personal Information link if applicable.
Terms of service (terms and conditions): what it does
A terms of service agreement governs the relationship between your website and its visitors. It limits your liability for errors in your content, restricts how your intellectual property can be used, outlines acceptable use, sets the governing jurisdiction for disputes, and defines what happens if your service is interrupted. Without one, visitors can argue your content created an implied warranty or professional relationship.
Cookie policy: when it is required
A separate cookie policy (or cookie section in your privacy policy) is required under GDPR for any website with EU visitors. It must describe which cookies you use, their purpose, and how long they persist. A cookie consent banner is also required for non-essential cookies — visitors must be able to reject analytics and advertising cookies before they are set.
Disclaimer: when you need one
Add a disclaimer when your website contains: financial information (not financial advice), health or medical information (not medical advice), legal information (not legal advice), or investment information. A disclaimer makes clear that your content is for informational purposes only and does not create a professional relationship. Without this, readers may argue they relied on your content as professional guidance.
The verdict
The minimum for any business website: privacy policy + terms of service. Add a cookie banner if you have EU traffic. Add a disclaimer if you publish industry-specific information. Use Termly or iubenda to generate all of these in under an hour. Publish them in your website footer where they are visible on every page.
How to get started
1. Audit what data your website currently collects (email signups, analytics, payments, forms). 2. Use Termly or iubenda to generate a privacy policy, terms of service, and cookie policy. 3. Publish all three pages and add links to your footer. 4. Enable a cookie consent banner. 5. If you publish financial, health, or legal content, add a clear disclaimer to those pages.
RECOMMENDED TOOLS
Termly
Generate all legal pages + cookie banner in one place
iubenda
Best for EU compliance and multi-jurisdiction coverage
Some links above are affiliate links. We may earn a commission if you sign up — at no extra cost to you.
FREQUENTLY ASKED QUESTIONS
Can I copy someone else's privacy policy?
You should not. A privacy policy must accurately describe your specific data practices. Copying someone else's policy risks including inaccurate disclosures, which can create legal exposure rather than limiting it. Use a generator that asks you questions about your actual practices.
Do I need a terms of service if I do not sell anything?
Yes. Even a content website benefits from a terms of service that limits your liability for errors in your content, restricts copying of your intellectual property, and sets the jurisdiction for any dispute. The cost of having it is minimal; the cost of not having it in an edge case can be significant.
What is the difference between a privacy policy and cookie policy?
A privacy policy covers all data collection broadly. A cookie policy specifically addresses cookies — what types you use, their purpose, and how long they last. Under GDPR, a separate cookie policy and consent mechanism is required. Under CCPA, cookie-related disclosures are typically included in the privacy policy. Termly generates both.
Apply This in Your Checklist