Ask HN: How do you write a privacy policy/legal page for your site?

http://automattic.com/privacy/

1) Look around the web for the Terms and Policies from similar companies. (Since SeqCentral is SaaS provider, I looked at GitHub, 37 Signals, and our competitors.)

2) Look at the Wikipedia pages for more "official" references: http://en.wikipedia.org/wiki/Privacy_policy and http://en.wikipedia.org/wiki/Terms_of_service

3) Draft your own terms such that if you were a user, that you would be comfortable with them. (I'm an idealist, and as such, the SeqCentral ToS centers around the right of the consumer rather than the tyranny of the provider.)

4) Iterate with a lawyer who will tell you what you need at a minimum. (e.g. Refunds, children (COPPA), health (HIPAA), EU or CA rules, etc.)

5) Sleep on it.

6) Post as a "draft", issue an RFC, and be ready to make changes as needed.

Best of luck.

I don’t believe you’re required (by US law) to have a policy statement or legal page, although things may be different depending on where you are located. That said, I would suggest outlining your privacy policies (e.g. who can see their data under what circumstances, how long the data is stored, etc.) and establishing a jurisdiction for any legal issues at the very least; if you store sensitive data, I’d suggest talking a bit about what you do to keep the data secure. Depending on your site, this might be something that hardly anyone looks at or something that is important to users before they use the site.

[1] Iron Money: https://ironmoney.com/

It discusses how WikiLeaks got kicked off of AWS, PayPal, and other providers for violating the ToS.