How to use this checklist: Go through each section before you launch. Items marked Required are legal obligations in most jurisdictions. Recommended items protect you even when not strictly required. Optional items are good practice for serious businesses.
Launching a website or app is exciting β but skipping the legal groundwork is one of the most common (and costly) mistakes new founders, freelancers, and developers make. A complaint from a user, an app store rejection, or a regulatory inquiry can happen fast. This checklist covers everything you need to have in place before you go live.
π Essential Legal Documents
β
Privacy Policy Required
Required by law in virtually every country for any website or app that collects personal data β including email addresses, names, contact form submissions, or analytics data. Must be linked in your site footer and accessible before users submit any data. Generate yours free β
β
Terms & Conditions Recommended
Not legally required in the same way a Privacy Policy is, but essential for protecting yourself. Without T&C, users have no agreed rules for using your platform, leaving you exposed to disputes, misuse, and liability. Required by Apple App Store and Google Play Store for apps that involve user accounts or purchases. Generate yours free β
β
Cookie Policy Required (if using non-essential cookies)
Required under GDPR and the ePrivacy Directive if your site uses cookies beyond what's strictly necessary β which includes Google Analytics, advertising pixels, and social sharing buttons. Must accompany a cookie consent banner. Generator coming soon to LegalyJet.
β
EULA (for software/apps) Recommended
End User License Agreement β defines how users may install, use, and distribute your software. Required if you want to limit how your product is used, restrict reverse engineering, or protect your intellectual property. Generator coming soon to LegalyJet.
β
Refund / Return Policy (e-commerce) Required (if selling)
Required by consumer protection laws in most countries if you sell physical or digital products. Must be clearly accessible before purchase. For digital products, you may have different rules depending on jurisdiction.
β
Disclaimer Recommended
Important for blogs, advice sites, health or finance content, or any site providing information that could be acted upon. Clearly states that your content is for informational purposes only and not professional advice.
πͺ Cookie Compliance
β
Cookie consent banner Required (EU/UK visitors)
Must appear on first visit, before non-essential cookies are set. Must offer a genuine accept/decline choice. Pre-ticked boxes or hiding the reject option are not compliant under GDPR.
β
Cookie audit Recommended
Run a cookie scanner on your site to identify every cookie being set. Include this information in your Cookie Policy. Tools like CookieBot or your browser's DevTools can help.
π Privacy Compliance
β
GDPR compliance (EU visitors) Required
If you serve visitors from the EU, you need a GDPR-compliant Privacy Policy, cookie consent, a lawful basis for processing data, and a process for handling data subject requests (access, deletion, correction). Read our GDPR guide β
β
CCPA compliance (California visitors) Recommended if you meet thresholds
If your business processes data from 100,000+ California consumers annually or meets other CCPA thresholds, you must provide California-specific disclosures and a "Do Not Sell or Share" opt-out mechanism. Read our CCPA guide β
β
Data processor agreements Recommended
If you use third-party tools that process user data (payment processors, email platforms, analytics), ensure you have Data Processing Agreements (DPAs) with each vendor. Most major platforms provide these.
π± App Store Requirements
β
Privacy Policy URL in app listing Required
Both Apple App Store and Google Play require a Privacy Policy URL for all apps. Apps that collect any user data will be rejected without one.
β
App Store Privacy Nutrition Label (Apple) Required
Apple requires you to complete a privacy questionnaire disclosing exactly what data your app collects and how it's used. This information must match your Privacy Policy.
β
Terms & Conditions in-app Recommended
For apps with user accounts, purchases, or community features, include a link to your T&C within the app and require acceptance on sign-up.
π Website Essentials
β
Footer links to legal documents Required
Your Privacy Policy, Terms & Conditions, and Cookie Policy must be linked from your footer on every page β not buried in a settings menu.
β
Contact information Required
GDPR and many consumer protection laws require you to provide a way for users to contact you β at minimum an email address. A physical or registered address may be required for businesses in some jurisdictions.
β
HTTPS / SSL certificate Recommended
Not a legal requirement in most places, but essential for user trust, SEO, and GDPR compliance (which requires appropriate technical security measures). Most hosting platforms provide this for free.
Getting started: the essentials in 10 minutes
If you're launching soon and haven't done any of this yet, start with the two documents that are both legally required and cover the broadest legal ground: your Privacy Policy and Terms & Conditions. Both can be generated on LegalyJet in under 4 minutes each, completely free, personalized to your business.
Start with the two essentials
Privacy Policy + Terms & Conditions. Free, personalized, and ready in under 10 minutes.