Legal Pages for E-Commerce: What Online Stores Must Have
E-Commerce Has Unique Legal Requirements
Running an online store means handling customer payments, shipping physical or digital goods, collecting personal data, and often selling across state and international borders. Each of these activities comes with legal obligations. The right set of legal pages protects your business from liability, builds customer trust, and keeps you compliant with consumer protection, privacy, and e-commerce regulations. Ignoring these requirements is not just risky; in many jurisdictions, it is illegal.
The Must-Have Legal Pages
1. Privacy Policy
E-commerce stores collect extensive personal data: names, addresses, phone numbers, email addresses, payment information, order history, browsing behavior, and more. A privacy policy is legally required by GDPR if you sell to EU customers, CCPA if you sell to California residents and meet the thresholds, and numerous other national and state privacy laws. Your e-commerce privacy policy should detail every category of personal data you collect through your store, the specific purposes for each (order fulfillment, marketing, analytics, fraud prevention), every third party you share data with (payment processors, shipping carriers, email marketing platforms, analytics providers), data retention periods, and how customers can exercise their rights.
Be especially transparent about marketing data use. If you use customer purchase data for targeted advertising, email marketing, or remarketing campaigns, disclose it clearly.
2. Terms and Conditions
Your Terms and Conditions (or Terms of Sale) govern the contract between you and your customers. For e-commerce, they should cover order acceptance and processing (when a binding contract is formed, how orders are confirmed, your right to refuse orders), pricing and payment (accepted payment methods, currency, tax handling, what happens if a price is listed incorrectly), shipping and delivery (estimated delivery times, shipping methods, who bears the risk during transit, shipping restrictions by region), intellectual property (ownership of your store content, product images, and branding), limitation of liability (caps on your liability for product defects, shipping delays, or website errors), and governing law and jurisdiction (which laws apply and where disputes will be resolved).
3. Return and Refund Policy
A clear return policy is both a legal requirement in many jurisdictions and a practical necessity for customer satisfaction. Your policy should specify the return window (how many days customers have to initiate a return), the condition requirements for returned items (unused, original packaging, with tags), who pays for return shipping, the refund method and timeline (original payment method, store credit, or exchange), non-returnable items (customized products, perishables, intimate items), and the process for initiating a return.
EU law grants consumers a 14-day withdrawal right for most online purchases (the "cooling-off period") under the Consumer Rights Directive. This is a minimum; you can offer more. The UK has a similar 14-day right under consumer contract regulations. In the US, return policies are governed by state laws (California requires conspicuous posting of no-return or limited-return policies) and FTC guidelines.
4. Cookie Policy
E-commerce sites typically use numerous cookies: session cookies for shopping carts, analytics cookies for understanding customer behavior, marketing cookies for retargeting, and functionality cookies for remembering preferences. Each non-essential cookie requires informed consent under EU law. Your cookie policy should list all cookies used, categorized by type and purpose.
5. Shipping Policy
While shipping details can be included in your Terms, a dedicated shipping policy page improves the customer experience and reduces support inquiries. Cover available shipping methods and estimated delivery times, shipping costs (flat rate, weight-based, free shipping thresholds), international shipping availability and customs responsibilities, order processing times, tracking information, and procedures for lost or damaged shipments.
Consumer Protection Laws
EU Consumer Rights Directive
If you sell to EU consumers, you must provide clear pre-contractual information (seller identity, product description, total price including taxes, delivery costs), a 14-day right of withdrawal for most products, confirmation of the contract in a durable medium (email), and delivery within 30 days unless otherwise agreed. You must also clearly inform customers about the right of withdrawal before purchase, including providing a model withdrawal form.
FTC Act (United States)
The Federal Trade Commission prohibits unfair or deceptive business practices. For e-commerce, this means accurate product descriptions, truthful pricing (no fake "original" prices for manufactured discounts), clear disclosure of material terms, and timely delivery (within the timeframe stated or within 30 days if no timeframe is given). The FTC's Mail Order Rule requires you to ship within the promised timeframe or give customers the option to cancel for a full refund.
Payment Card Industry (PCI) Compliance
If you handle credit card data, you must comply with PCI DSS (Payment Card Industry Data Security Standard). Most small e-commerce stores use payment gateways like Stripe, PayPal, or Shopify Payments that handle card data on their behalf, which significantly reduces PCI scope. Your privacy policy should explain how payment information is processed and stored.
Platform-Specific Requirements
If you sell on platforms like Shopify, WooCommerce, BigCommerce, or Etsy, each has its own legal requirements. Shopify requires merchants to maintain a privacy policy and comply with all applicable laws. WooCommerce (being self-hosted) places all legal responsibility on you. Marketplace platforms like Etsy and Amazon have their own terms that govern your relationship with the platform and set minimum requirements for seller policies. Check our guide on e-commerce legal pages for platform-specific details.
Product-Specific Regulations
Some product categories have additional legal requirements. Food and supplements require nutritional information and health disclaimers. Children's products must comply with safety standards (CPSIA in the US). Electronics may need FCC compliance declarations. Cosmetics require ingredient lists (INCI format in the EU). Consider whether your products fall under any specific regulations and ensure your legal pages address them.
Displaying Your Legal Pages
Legal pages should be accessible from every page of your store, typically through footer links. Additionally, link your Terms and Conditions and privacy policy at checkout (with a checkbox for consent in the EU), link your return policy from product pages, make your shipping policy easily findable from the cart and checkout, and include a link to your cookie policy in your cookie consent banner. Accessibility is not just best practice; many consumer protection laws require that terms be made available before the customer commits to a purchase.
This article is for informational purposes only and does not constitute legal advice.