Brand, Web & Presence

What are the boring legal and trust pages (privacy, terms, refund) I need before I take money or emails on my site?

A starting point

If you collect emails or personal data from Indian users, you now need a real privacy policy under the DPDP Act, not a copy-paste from a random generator. If you're taking payments, add clear terms, a refund or cancellation policy, and contact details, because payment gateways like Razorpay actually require them before they'll approve you. These pages feel like a chore, but their absence quietly signals 'not a real business' to careful buyers.

Go deeper

Hand-picked from around the web, each with a note on why it earns your time.

3 resources 3 link-checked Read Use

Read

📄 Article
✓ Link checked India Free Beginner

Why we picked it If you take emails or money from people in India, the DPDP Act is the law your privacy page now has to answer to, and this EY guide walks through it in plain terms instead of pure legalese. It is honest about what a small founder actually owes (a clear consent notice, a way for people to access or delete their data, breach reporting) versus the heavier obligations that only kick in at scale. Treat it as a starting point to understand the shape of the law, not as your lawyer.

Decoding the Digital Personal Data Protection Act, 2023

From EY India by EY India ~15 min read

  • Your privacy notice has to be in clear, plain language and spell out what data you collect, why, and how someone can get it corrected or erased.
  • Small startups are not on the hook for a full-time data officer or annual audits, but you still owe a consent notice, a 90-day response window on data requests, breach reporting, and reasonable security.
  • Non-compliance penalties run high (up to 250 crore), so getting the basics on your site early is cheaper than fixing it later.
Open ey.com
📄 Article
✓ Link checked India Free Beginner

Why we picked it This comes straight from Razorpay, so it is the gateway itself telling you the exact pages it checks before it will activate your account, not a third party guessing. It lists the four policy pages founders forget (terms, privacy, a refund and cancellation policy with real timelines, and a proper contact page) plus the grievance officer detail that trips up first-timers. Read it before you apply so a missing page does not stall your onboarding.

Payment Gateway Compliance: What Your Website Needs Before You Can Accept Payments

From Razorpay by Razorpay ~10 min read

  • Indian payment gateways verify your terms, privacy policy, refund and cancellation policy, and contact page before activating your account, and missing even one can get you rejected.
  • Your refund policy needs concrete timelines (something like 5 to 7 business days), not vague phrasing like refunds at seller's discretion.
  • Your contact page needs a registered legal name, a real physical address, and a working phone and email, and you likely need a named grievance or nodal officer too.
Open razorpay.com

Use

🛠️ Tool
✓ Link checked Freemium Beginner

Why we picked it When you just need a first draft on the page so a gateway or a signup form will work, a generator like Termly gets you a structured policy in minutes by answering questions about your business, with one policy free to publish. It is a starting point to adapt, not a substitute for a lawyer once you are handling real money or sensitive data. Read what it produces and edit it to match what your product actually does, especially the India-specific bits it will not know about.

Free Privacy Policy Generator

From Termly by Termly ~10 min to generate

  • You answer a short set of questions about your business and it generates a privacy policy you can publish, one for free with no card required.
  • It is built around global rules (GDPR, CCPA) so you will need to add or adjust India, DPDP specifics yourself.
  • Use the output as a draft to review and edit, not as final legal text once money or sensitive data is involved.
Open termly.io

People also ask