Acceptable Use Policy Template
Website and app owners should provide their users with an Acceptable Use Policy. It doesn't matter whether you collect personal data from your users or not.
The Acceptable Use Policy basically outlines what services you'll provide, and what you expect from your customers. So, this document is central to minimizing the chance of disputes arising between you and your customers or platform users.
We'll show you how to write one and how to get consent to your Policy's terms.
- 1. What is an Acceptable Use Policy?
- 2. Are Acceptable Use Policies Required by Law?
- 3. Why Should I Have an Acceptable Use Policy?
- 4. Acceptable Use Policies: Key Clauses
- 4.1. The Date
- 4.2. Purpose of the Policy
- 4.3. Other Key Agreements
- 4.4. The Governing Laws
- 4.5. The Acceptable Use Rules
- 4.6. Prohibited Activities
- 4.7. Your Right of Termination
- 4.8. Limits on Contractual Liability
- 4.9. The Disclaimers
- 4.10. Your Contact Details
- 5. Getting Consent to Your Acceptable Use Policy
- 5.1. Other Agreements
- 5.2. Footer
- 5.3. Account Registration
- 5.4. Checkout or Download Screen
- 5.5. Conclusion
You might be wondering if an Acceptable Use Policy is the same as a Terms and Conditions Agreement. The answer is yes, it is. They're just different names for the same thing.
Here are some other titles you might see rather than Acceptable Use Policy:
- Terms of Service
- User Agreement
An Acceptable Use Policy is not the same as an End User License Agreement (EULA).
Before we go on to look at writing an Acceptable Use Policy, let's be absolutely clear on what they are, what purpose they serve, and what the law has to say about them.
What is an Acceptable Use Policy?
An Acceptable Use Policy is exactly what it sounds like. It tells your customers:
- What use of your website or app is acceptable
- What will happen if they try to use your services in a different, unacceptable way
What's included in your Policy varies depending on what services you offer. So, you might include clauses about:
- Protecting your designs and other IP
- What type of content users can post in your public forums
- Subscriptions and other recurring payments
There's no right or wrong way to write your Acceptable Use Policy so long as you include all the clauses you actually need to make your Policy work.
We'll take a look at examples of the most common clauses you'll need below.
Are Acceptable Use Policies Required by Law?
No, the law doesn't require you to provide an Acceptable Use Policy. However, that doesn't make them any less valuable. Why? Because Acceptable Use Policies form a binding legal contract between you and your customers.
It's good practice to emphasise the Policy's legal status to your customers. Tim Hortons, for example, specifically states that it's a legal contract, so people should only use the services if they agree to the terms:
A legal contract like this gives you important rights. In other words, you can enforce the terms of your Policy against your customers, if need be.
So, for example, if a customer violates your copyright or posts harmful spam on your website, you can take legal action against them, or simply delete their account immediately.
Why Should I Have an Acceptable Use Policy?
An Acceptable Use Policy doesn't just give you valuable legal rights. It has other benefits, too:
- It makes your business more professional and trustworthy
- You can control what you're liable for if something goes wrong on your website
- It makes it much easier to simply withdraw your services, or close someone's account
In other words, an Acceptable Use Policy makes everything easier for both you and your customers. You might not need one, legally speaking, but it makes sense to have one.
One final point here: If you draft an Acceptable Use Policy, make sure it's actually enforceable. To enforce a contract like an Acceptable Use Policy, it needs to be:
- Fair to both parties
- Easy to understand
You also need the clear consent of both parties before you can enforce the contract terms. In other words, if one party never agrees to the contract, you can't enforce it against them.
Arguably, if you don't tell customers that it's a contract, they can say they didn't realise what they were signing up to. That's why the clause we just looked at from Tim Hortons is so useful. There's no mistaking that it's a legal agreement.
So, you know you need an Acceptable Use Policy and you want to draft one now. Where do you start? Let's take a look.
Acceptable Use Policies: Key Clauses
At a minimum, these are the clauses that should be included in every Acceptable Use Policy. We'll break them down, one by one.
Always start with the date your Acceptable Use Policy came into force.
You can also include a statement like "last modified" or "last updated" if you amend the document at any time. That way, if someone read your Policy before you made any changes, they'll know it's a good idea to read it again.
Here's an example from Amazon Web Services:
Purpose of the Policy
Set out what the document actually is i.e. the rules and conditions for using your website or platform.
Introduce your agreement so people know what to expect when they're reading it. Here's an example from Marks and Spencer:
Other Key Agreements
Why should you link to other agreements? Because customers should agree to them all before they can use your services, so it makes sense to have links all in the one place.
The Governing Laws
Determine which territorial, state, or national laws apply to your contractual agreement. This means that both you and your customers know which laws to apply if there's ever a legal dispute.
It's simplest just to apply the laws for the country or territory where you have your main place of business.
Here's an example from Topshop's U.S. store. Although it's targeting U.S. customers, English law applies:
The Acceptable Use Rules
One of the main reasons you should have an Acceptable Use Policy is so you can outline how you expect people to behave on your website or platform. For example, you don't want people posting abusive messages in your forums, and you don't want people stealing or copying your designs.
So, you should:
- Set out rules of conduct
- Explain what you'll do if someone violates these rules
Use generalized language so far as possible. This means you can exercise more discretion over what you deem harmful or unacceptable.
As an example, Marks and Spencer tells people they shouldn't use "inappropriate language" or do anything that's possible considered harassment:
And the company will remove posts that don't comply with the rules:
There are some things you should never allow customers or users to do on your website. In other words, there are some activities you should expressly ban because they can do real damage to your business.
Again, it's good to keep the language you use as broad as possible so you can take action against a wider range of unacceptable behavior. Examples of prohibited behavior might include:
- Tampering with your website
- Infecting your programs with malware and other viruses
- Using your platform to conduct illegal activities
AWS, for example, bans people from accessing its internal IT systems without permission:
And Tim Hortons bans any activity that could potentially harm the business or break laws:
The language is just broad enough to cover a wide range of activities without being so broad that it's unclear and unenforceable.
Your Right of Termination
Make it clear that you can end your services at any time, without giving notice or warning to your customers. This prevents them from taking action against you if you stop services without explanation.
As you can see from Disney here, you should also be clear that you can make changes to the Acceptable Use Policy whenever necessary:
Limits on Contractual Liability
Sometimes things go wrong, and you don't want to be held responsible every time they do. So, you need to limit your liability under contract. Aim to curtail your liability for things like:
- Service downtime
- Viruses or malware
- Errors, omissions, and other inaccuracies
If it's something you can't legally restrict liability for, you still want to set a cap for how much you're willing to pay in compensation.
Here's an example from Disney. The company states it isn't liable for damages or compensation when something happens that's outside of foreseeable control. In any case, customers can't sue for more than $1000:
You shouldn't be held responsible if a customer doesn't enjoy your product or it's unsuitable for whatever special purpose they bought it for. So, you need a disclaimer stating that services are offered "as is" and you can't make any promises.
Again, Disney has a good example for this:
Your Contact Details
People must be able to contact you if they have any questions. So, you need to include at least one, but preferably 2, ways to contact your business. At least one option should be free to use, like email.
Tim Hortons provides an email address for customers:
Once you've drafted your Acceptable Use Policy, where do you put it, and how do you ensure customers have actually consented to it? Here's what you should know.
Getting Consent to Your Acceptable Use Policy
There are 2 final points you need to be aware of:
- You should get express and fully-informed consent to your Acceptable Use Policy where possible.
- To get consent, you need to display your Acceptable Use Policy somewhere obvious before you enter into any other contracts with the customer e.g. a contract of sale.
These 2 points link together. Why? Because it's possible to get consent at the point where you display the Policy. Let's look at some examples to show what we mean.
You want customers to understand that your Acceptable Use Policy is only one of the contracts they need to agree to before they do business with you. So, link to the Acceptable Use Policy through your other agreements.
Here's an example from Calastone:
You don't need to try to get consent at this point. It's just good for people to be able to easily access your Policy from the moment they land on your site.
On the other hand, you should confirm that users agree to your Acceptable Use Policy before they register for an account. Here's what to do:
- Draw attention to your Acceptable Use Policy the moment someone signs up for an account
- Have users click a checkbox to confirm they've read and agreed to the Policy before you open an account for them
Tim Hortons clearly links to its core legal policies on the account signup screen. As you can see, users must click the box to show they've read these policies before they can proceed:
Checkout or Download Screen
The same idea applies at the download or checkout screen. Before someone enters a contract of sale with your business, they should have the clear opportunity to read and assent to your Acceptable Use Policy.
So, you can get implied consent to an Acceptable Use Policy, but really, it's far better to use a checkbox and get express consent.
Express consent is also the only standard of consent recognized by EU Member States when it comes to data protection, so if you're selling to EU citizens, it's a good idea to just always use checkboxes.
An Acceptable Use Policy tells people what they can expect from your platform, and what you need from them in return.
At minimum, include the following clauses:
- Legal status of agreement
- Date and introduction
- Contact details
- Acceptable use rules
- Banned behavior
- Termination rights
Always provide links to your other main agreements. Link to your Acceptable Use Policy somewhere obvious like your footer or at a checkout screen, and always get express consent to the Policy where possible.