79 lines
2.4 KiB
Markdown
79 lines
2.4 KiB
Markdown
# 21. Privacy Policy, TOS & Legal Pages
|
|
|
|
meta:
|
|
id: web-production-21
|
|
feature: web-production
|
|
priority: P2
|
|
depends_on: []
|
|
tags: [compliance, legal, production]
|
|
|
|
objective:
|
|
- Create and deploy all required legal pages for production operation
|
|
|
|
deliverables:
|
|
- Privacy Policy page (/privacy)
|
|
- Terms of Service page (/terms)
|
|
- Cookie Policy page (/cookies)
|
|
- Data Processing Agreement (DPA) page
|
|
- Legal pages linked in footer
|
|
|
|
steps:
|
|
1. Create Privacy Policy:
|
|
- Data collection practices (what, why, how long)
|
|
- Third-party services (Stripe, Clerk, Twilio, Firebase)
|
|
- User rights (access, rectification, deletion, portability)
|
|
- Contact information for privacy inquiries
|
|
- Last updated date
|
|
2. Create Terms of Service:
|
|
- Service description and limitations
|
|
- User responsibilities and prohibited conduct
|
|
- Subscription terms and billing
|
|
- Termination clauses
|
|
- Limitation of liability
|
|
- Dispute resolution
|
|
3. Create Cookie Policy:
|
|
- Types of cookies used (essential, analytics, marketing)
|
|
- Purpose of each cookie
|
|
- How to manage cookies
|
|
- Third-party cookies
|
|
4. Create Data Processing Agreement:
|
|
- Roles and responsibilities
|
|
- Data security measures
|
|
- Subprocessor list
|
|
- Breach notification procedures
|
|
5. Add legal pages to app:
|
|
- Create routes: /privacy, /terms, /cookies, /dpa
|
|
- Add links in Footer component
|
|
- Ensure pages are server-rendered for SEO
|
|
6. Review with legal counsel:
|
|
- Have privacy policy reviewed by attorney
|
|
- Ensure compliance with applicable jurisdictions
|
|
- Update based on feedback
|
|
|
|
tests:
|
|
- Unit: Test routes render correctly
|
|
- Integration: Verify links in footer navigate correctly
|
|
- Compliance: Review with legal counsel
|
|
|
|
acceptance_criteria:
|
|
- Privacy Policy live at /privacy
|
|
- Terms of Service live at /terms
|
|
- Cookie Policy live at /cookies
|
|
- DPA live at /dpa
|
|
- All pages linked in site footer
|
|
- Pages reviewed and approved by legal counsel
|
|
- Last updated date within 30 days of launch
|
|
- Contact email for privacy inquiries functional
|
|
|
|
validation:
|
|
- Navigate to /privacy → complete policy displayed
|
|
- Click footer links → correct pages load
|
|
- Legal counsel approval documented
|
|
- Email to privacy@kordant.com → received
|
|
|
|
notes:
|
|
- Consider using Termly or iubenda for generated policies
|
|
- Ensure policies cover all data processors (Stripe, Clerk, etc.)
|
|
- Update policies when adding new third-party services
|
|
- Keep records of user consent to terms
|