Why we picked it This is the exact question, answered in Indian law. It draws the line most founders get wrong: a Privacy Policy is mandatory the moment you collect any personal data (name, email, phone, location) under the DPDP Rules 2025, while a Terms of Service is strongly recommended but not strictly mandated. It gives a per-surface decision tree (mobile app: both mandatory before launch; website with a contact form: policy mandatory now) plus the DPDP timeline to May 2027 and the up-to Rs 250 crore penalty, so you know what to do this week versus later.
Terms of Service and Privacy Policy: Do You Really Need Them?
From Growth Gurukul by Growth Gurukul editorial 12 min read
- Privacy Policy is legally mandatory if you collect any personal data; Terms of Service is strongly recommended, so ship both before an app-store launch.
- DPDP Rules 2025 (effective November 2025) drive the requirement, with a phased runway to May 2027 and penalties up to Rs 250 crore per breach.
- Use the decision tree by surface (app vs website vs contact form) to decide what is required at launch versus what can wait for legal review.