Why does my nonprofit’s website need terms of use and a privacy policy?

By guest author, Larry Silverman

You have just created your website. The work took longer than expected so you are anxious to get the site up and running, but a friend of a friend urges you to prepare Terms of Use and a Privacy Policy before going online. Is he right? The short answer is YES. In this article, I will highlight just some of the reasons why.


Terms of Use (“Terms”) tell users the rules that govern their use of the site. All nonprofits should post these Terms on each page of the site. Below are just some of the reasons why:

  • Even if a user does not purchase products or services on your site, a contract is formed each time they use your site. As such, unless the site contains language in the posted Terms that clearly disclaims liability, your nonprofit could face liability from a user who claims an injury based on his/her alleged reliance on information contained on the site
  • If your site allows users to post User Generated Content (“UGC”) such as photos, videos and writings and that UGC infringes on a third-party’s copyright, your nonprofit may be liable to that copyright owner UNLESS your site contains takedown procedure language in the Term’s that comply with the Digital Millennium Copyright Act (DMCA)
  • Particularly if users can purchase products or services thru your nonprofit’s site, the site should require affirmative acceptance of the Terms via the “click thru” acceptance method. Otherwise, the various restrictions in your Term’s, including resolution of claims thru binding arbitration, the requirement that claims be filed in your locale and language limiting damages to the cost of the product or service, are likely to be deemed invalid and unenforceable by the court


Your Privacy Policy tells the user what personal and aggregate information is collected thru the site, how that information and data is used and secured and whether the information is shared with third-parties. A link to your Privacy Policy should be contained in the Terms so the user knows he/she is bound by both policies. The policy should be separate from the Terms, since many states require that your Privacy Policy be posted on the site. It is imperative that the policy fully and accurately disclose your site’s data collection activities. Only then can you minimize the chances of liability from a user who claims they were unaware how their personal data was being used, shared and secured. While the rules in the U.S. differ from state to state, if any users are located in the European Union, your nonprofit may be subject to the General Data Protection Rules (“GDPR”) that became effective in May of 2018. The GDPR broadly defines “personal information” and grants users sweeping protections, including requirements that your Privacy Policy contain rules protecting the user from unwanted electronic communications, advise the user of their rights to access their data, detail their rights to erase their personal information and describe how their data is secured. Since the GDPR’s penalties are substantial, complying with this law is a must.


Now that we agree that the friend of a friend is correct, that is, you should post Terms and a Privacy Policy when the site goes online, how can your nonprofit minimize its liability? Because
each nonprofit’s website activities are different, the Terms and Privacy Policy must be tailored to fit those particular activities. “Off the Shelf” policies found online often fail to fully and accurately disclose your particular nonprofit’s activities and data collection practices. Experienced counsel can usually prepare both of these policies for a modest cost. Considering the risks your nonprofit faces if it fails to post Terms and a Privacy Policy or if those posted policies fail to include the necessary language or fail to accurately describe the site’s operations, that cost is a small price to pay. Don’t be “penny wise and pound foolish”.

4719 Bayard Street
Pittsburgh, PA 15213