Your Website Is a Legal Document. Does It Know That?
Most Oregon and Idaho small businesses have a website. Far fewer have terms of service and a privacy policy that actually hold up. Here's what you need, why it matters, and what happens when you skip it.
A client books a service through your website. Something goes wrong — they claim the work wasn't what they expected, or they want a refund you don't offer, or they're using content from your site in a way you never intended. You go to enforce your position and realize your website has no terms of service. Or it has one you copied from another site years ago that doesn't match your business at all.
This is more common than it should be. Most small business owners put real thought into their website's design and almost none into its legal infrastructure. That's a problem — because your website is often the first place a customer relationship begins, and it's where the terms of that relationship should be set.
Terms of Service and Privacy Policies Are Not the Same Thing
Before getting into what each document should say, it helps to understand what each one does.
A terms of service agreement (sometimes called terms and conditions, or a user agreement) governs the relationship between your business and anyone who uses your website or purchases your products or services through it. It sets the rules: what you offer, what you don't, how disputes get handled, who owns what, and what happens if something goes wrong.
A privacy policy is a disclosure document. It tells users what personal information your website collects, how you use it, who you share it with, and how users can request changes or deletion. In many cases, a privacy policy isn't just good practice — it's legally required.
You need both. They serve different functions and one does not substitute for the other.
What Your Terms of Service Should Cover
A terms of service agreement that actually protects your business should address the following:
What you're offering and what you're not. This sounds obvious, but vague service descriptions are one of the most common sources of client disputes. Your terms should define the scope of what you provide clearly enough that a stranger — or a judge — could understand what was and wasn't included.
Payment terms and refund policy. If you don't accept refunds, say so. If you require deposits, say so. If invoices are due within 30 days and you charge interest after that, say so. Your terms of service is one of the few places you can set these rules unilaterally, before a dispute arises.
Intellectual property ownership. Who owns the content on your website? Who owns deliverables you create for clients — designs, written content, custom software? If your terms don't address this, the answer may not be what you assume. Spell out what you retain, what you transfer, and under what conditions.
Limitation of liability. A well-drafted limitation of liability clause caps your exposure if something goes wrong. Without one, a dissatisfied customer's damages claim is limited only by what they can argue they lost. With one, you've defined the boundaries in advance. These clauses won't protect you from everything — they have to be reasonable and conspicuous to be enforceable — but they're far better than nothing.
Dispute resolution. Do you want disputes handled in Oregon courts? Idaho courts? Through arbitration? Your terms can specify this. Without it, a customer in another state could potentially drag you into litigation somewhere inconvenient and expensive.
Governing law. For Oregon and Idaho businesses, this typically means specifying which state's law applies. This matters if you have customers across state lines, which most websites do.
What Your Privacy Policy Should Cover
If your website collects any personal information — names, email addresses, payment information, or even just cookies tracking user behavior — you need a privacy policy. Here's what it should address:
What you collect. List the categories of information you gather, both actively (through forms, purchases, account creation) and passively (through cookies, analytics tools, IP addresses).
How you use it. Do you use email addresses to send marketing? Do you share data with third-party tools like Google Analytics or payment processors? Be specific.
How users can control their data. Can they request deletion? Opt out of marketing? Update their information? Your policy should tell them how.
How you protect their information. You don't need to describe your security infrastructure in detail, but you should acknowledge that you take reasonable steps to protect data and describe what happens if there's a breach.
A brief note on GDPR and CCPA. If you have customers in California or the European Union — which most websites do, whether you've thought about it or not — additional legal requirements may apply. Oregon and Idaho don't yet have comprehensive state privacy laws on par with California's, but that's changing. If your business collects significant amounts of consumer data or targets customers in those jurisdictions, it's worth a specific conversation about compliance. This post won't go deep on those frameworks, but don't assume they don't apply to you just because you're based in Eugene or Boise.
The Problem With Templates
Search "free terms of service template" and you'll find hundreds of them. The problem isn't that templates are always wrong — it's that they're written for nobody in particular, which means they're often wrong for you specifically.
A template written for a SaaS company doesn't fit a landscaping business. A template pulled from a retail e-commerce site doesn't fit a consulting firm. And a template that worked fine in 2018 may not reflect how your business operates today or what Oregon and Idaho courts expect.
The other problem with copied terms is enforceability. Courts look at whether a user had reasonable notice of the terms and meaningfully agreed to them. A wall of legalese pasted from another company's site, buried in a footer, is a much weaker position than terms that are clearly presented, specific to your business, and designed to be read.
How Terms of Service Are Actually Enforced
A terms of service agreement is only useful if it can be enforced. A few things that affect enforceability:
Conspicuous placement. Terms that are impossible to find don't protect you. At minimum, they should be linked clearly in your website footer, at checkout, and anywhere a user is agreeing to a transaction.
Clickwrap vs. browsewrap. Clickwrap agreements — where a user actively checks a box or clicks "I agree" — are significantly easier to enforce than browsewrap, where terms are posted but users aren't required to acknowledge them. For any transaction of consequence, clickwrap is the better approach.
Consistency with your actual practice. If your terms say one thing and your invoices, emails, and contracts say something different, you've created ambiguity that will likely be resolved against you. Your terms of service should be consistent with the rest of your legal infrastructure.
Bottom Line
Your website is where your business introduces itself, makes promises, collects information, and often closes transactions. The legal documents that govern all of that aren't a formality — they're the foundation of how disputes get resolved if something goes wrong.
For most Oregon and Idaho small businesses, the investment in properly drafted terms of service and a privacy policy is modest. The cost of not having them — in a dispute, a regulatory inquiry, or a damaged client relationship — is typically much higher.
If you've been operating on a template or nothing at all, it's worth a review.
This post is for general informational purposes only and does not constitute legal advice. Website terms and privacy requirements vary by business type, jurisdiction, and the nature of your operations. Contact a licensed Oregon or Idaho business attorney to discuss your specific situation.
Questions about your business's legal infrastructure? Contact Track Town Law to schedule a consultation.
