Essential Legal Documents
Website Terms & Conditions
Your website must have clear Terms of Service that cover:
● How users can use your website or app
● Prohibited activities and user conduct
● Limitation of liability
● Governing law and dispute resolution
● Intellectual property rights
● Refund and cancellation policies (if applicable)
Privacy Policy (Mandatory)
Under the Digital Personal Data Protection Act 2023 and IT Act 2000, you must display a
privacy policy if you collect any user data. Include:
● What personal data you collect (name, email, phone, payment details, etc.)
● How you collect it (forms, cookies, analytics)
● Purpose of data collection
● How you use, store, and protect the data
● Whether you share data with third parties
● User rights (access, correction, deletion of data)
● Data retention period
● Contact details of your Data Protection Officer or grievance officer
Cookie Policy
If your website uses cookies or tracking technologies, inform users about:
● Types of cookies used
● Purpose of each cookie
● How users can manage or disable cookies
Regulatory Compliance
Grievance Officer Appointment
Appoint a Grievance Officer if you’re an intermediary (social media platform, marketplace,
hosting service). Display their contact details prominently on your website. They must
acknowledge complaints within 24 hours and resolve within 15 days.
Data Protection Registration
If you process significant amounts of personal data, you may need to register as a Data
Fiduciary under DPDP Act 2023. Consult with a cyber law expert to determine if this applies to
your business.
Payment Gateway Compliance
If accepting online payments:
● Use PCI-DSS compliant payment gateways
● Never store complete credit card details
● Display secure payment badges
● Comply with RBI guidelines for payment aggregators if applicable
Cybersecurity Measures
Secure Your Digital Assets
● Use strong, unique passwords and enable two-factor authentication
● Install SSL certificate (HTTPS) on your website
● Keep software, plugins, and systems updated
● Regular backup of all data and systems
● Use reputed antivirus and firewall protection
Employee Policies
Create written policies covering:
● Acceptable use of company devices and internet
● Social media guidelines
● Confidentiality and non-disclosure requirements
● Consequences for data breaches or policy violations
● Reporting mechanism for security incidents
Data Breach Response Plan
Prepare a plan outlining:
● How to identify and contain a breach
● Who to notify (authorities, affected users)
● Timeline for notifications (under DPDP Act, notify within specified timeframe)
● Steps to prevent future breaches
Intellectual Property Protection
Trademark Your Brand
Register your business name, logo, and tagline with the Trademark Registry to prevent misuse
and establish ownership.
Copyright Your Content
While copyright is automatic, consider registering original content (website copy, graphics,
videos) for stronger legal protection. Add copyright notices to your website footer.
Domain Name Security
● Register similar domain variations to prevent cybersquatting
● Use domain privacy protection to hide personal details from WHOIS databases
● Set up auto-renewal to prevent accidental expiration
Contracts & Agreements
Vendor and Service Provider Agreements
When working with third parties who access your data:
● Sign Data Processing Agreements
● Ensure they comply with Indian data protection laws
● Define data ownership and usage rights
● Include confidentiality clauses
Customer Contracts
For B2B businesses, ensure contracts include:
● Clear scope of services
● Data handling and protection clauses
● Liability limitations
● Termination conditions
● Dispute resolution mechanism
E-commerce Specific Requirements
Consumer Protection Act Compliance
If selling products or services online:
● Display accurate product descriptions and pricing
● Clear return, refund, and exchange policies
● Provide customer support contact details
● Avoid misleading advertisements
● Issue proper invoices and maintain transaction records
Legal Metrology Act
If selling packaged goods, comply with labeling and packaging requirements.
Social Media & Marketing
Advertising Guidelines
● Follow Advertising Standards Council of India (ASCI) guidelines
● Avoid misleading claims or fake reviews
● Disclose sponsored content clearly
● Respect trademark and copyright of others in marketing materials
Social Media Policy
If maintaining business social media accounts:
● Define who can post on behalf of the company
● Guidelines for responding to customer complaints
● Protocol for handling negative reviews or trolling
● Crisis communication plan
Regular Maintenance
Annual Review
Review and update all legal documents annually or when laws change. The DPDP Act 2023 is
new and rules are still being notified.
Audit Trail
Maintain logs of:
● Data access and modifications
● Security incidents
● Customer complaints and resolutions
● Changes to policies and terms
Legal Consultation
Schedule periodic reviews with a cyber law expert, especially:
● Before launching new products or services
● When expanding to new markets
● After significant changes in data handling practices
● When regulations are updated
Quick Action Steps for New Businesses
Week 1:
● Draft and publish Privacy Policy and Terms & Conditions
● Install SSL certificate on website
● Set up secure password management
Month 1:
● Appoint Grievance Officer (if required)
● Create employee cyber policies
● Review vendor contracts for data protection clauses
Month 3:
● Conduct cybersecurity audit
● Register trademarks
● Implement regular backup systems
Ongoing:
● Stay updated on cyber law changes
● Train employees on data protection
● Monitor for trademark or content infringement
Disclaimer: This checklist provides general guidance and does not constitute legal advice.
Cyber laws are evolving rapidly in India. Consult with a qualified cyber law attorney to ensure
complete compliance specific to your business model and industry.
For legal consultation on cyber law compliance: Nitin Vashista (Advocate), Gurgaon District
Court +91 98736 78373