The legal pages your website actually needs — Privacy Policy, Terms, cookie notice, disclaimers, and the ones that only apply if you sell. Plain English, why each matters, and what goes in it. Check them off as you go.
Most owners treat legal pages as an afterthought — a footer link to copy from someone else's site. But these pages are required by law in many cases, demanded by the platforms you depend on, and they're often the only thing standing between you and a dispute. Four reasons they're worth an hour of your day:
Privacy laws (GDPR, CCPA/CPRA, CalOPPA and more) require a privacy policy if you collect any personal data — even just an email or Google Analytics.
Stripe, PayPal, Google AdSense, the Apple App Store, Google Play, and Meta & Google Ads all require a posted privacy policy to keep your account in good standing.
Terms, disclaimers, and limitation-of-liability language set the rules and cap your exposure. Without them, every assumption defaults against you.
A clear privacy policy and real contact info are quiet trust signals. People look for them before they hand over an email or a card number.
For scale: GDPR fines can reach €20 million or 4% of global revenue, whichever is higher. California's CCPA/CPRA runs up to $2,500 per violation ($7,500 for intentional ones). You don't need to fear-spiral over this — you just need the pages up and accurate.
Before the full list — here's what the four pages nearly every site needs actually do. No legalese.
Tells visitors what personal info you collect, why, and what you do with it.
"Here's what we know about you, and here's what we do with it."Sets the rules for using your site, caps your liability, and spells out expectations.
"Use the site, and here's the deal you're agreeing to."Says what your content is — and isn't — and that visitors rely on it at their own risk.
"This is information, not professional advice for your situation."Discloses the trackers your site runs and, where required, asks before setting them.
"Here are the cookies we use, and how to say no."Start with the Core four — every site needs those. Then work down only what applies to you. Tick each line; your progress saves in this browser.
Most legal pages just describe what your business actually does with data and money. Have these facts in front of you and the writing (or the generator) goes 3× faster.
Having the pages isn't enough — these are the slip-ups that turn them into decoration.
Copy-pasting a competitor's policyIt describes their business and data, not yours — so it's both inaccurate and a copyright problem. Use it for structure only.
No effective dateA policy with no "last updated" date can't show what was in force when. Date every page and re-date it on every edit.
It doesn't match realityYour policy says "we don't use cookies" but you run Analytics and a Meta Pixel. The page has to describe what you actually do.
Buried or broken linksIf visitors and platforms can't find your policies in the footer of every page, they may as well not exist. Check the links work.
Treating a generator as finalGenerators give you a solid first draft — full of brackets and placeholders. Publishing one unread leaves wrong terms in your name.
Set-and-forgetYou added a new email tool, payment method, or pixel — but never updated the policy. Re-check whenever your data practices change.
Sign up for the Sidekick Summer Slam. One free marketing or operations tool dropped to your inbox every day from May 8 → September 4. No fluff. No fee.
Get me on the list →