7 Legal Pages Every E-Commerce Store Needs (And How to Create Them Free)
If you're running an e-commerce store — whether on Shopify, WooCommerce, Etsy, or your own platform — you're handling customer names, email addresses, shipping addresses, and payment information. Under the EU's General Data Protection Regulation (GDPR), processing that information makes you a data controller with legal duties attached, and consumer-protection and accessibility laws across the US, UK and EU add their own requirements on top.
The good news: most of those duties are met by publishing a handful of clear, accurate policy pages and wiring up consent properly. Here are the 7 legal pages most online stores need, what the law actually requires, who each rule applies to, and how to create them in minutes — for free.
One thing first: this article is general information, not legal advice, and it does not create a lawyer–client relationship. Laws differ by country, state, and product category, and they change. For your specific situation, consult a qualified lawyer.
1. Privacy Policy
Why you need it: You collect customer data at checkout and through analytics, so transparency is a legal obligation. Where the GDPR applies, Article 13 requires you to tell people — at the time you collect their data — who you are, why you're processing it, the legal basis, who receives it, how long you keep it, and what rights they have (GDPR, Art. 13, EUR-Lex). A privacy policy is the standard way to deliver that information. Getting it wrong is expensive: breaches of the GDPR's core principles and data-subject rights sit in the top fine tier of up to €20 million or 4% of total worldwide annual turnover, whichever is higher (GDPR, Art. 83(5)). Major payment processors and platforms also require a published privacy policy in their terms of service.
Who it applies to: Any store offering goods or services to people in the EU/UK, regardless of where it's based, plus US stores covered by state laws such as the California Consumer Privacy Act.
Solution: Generate your Privacy Policy — specify what data you collect, which payment processors and analytics tools you use, and how you handle customer data.
2. Terms & Conditions
Why you need it: Your Terms & Conditions are the contract between you and the buyer — when an order is accepted, payment terms, who pays for return shipping, limitations of liability, and how disputes are handled. When a customer disputes a charge, claims a description was misleading, or places a fraudulent order, agreed terms put you on far firmer ground and make your refund and shipping rules enforceable rather than ad hoc.
Who it applies to: Every store. There's no jurisdiction where a written contract with your customers hurts you.
Solution: Generate your Terms & Conditions — covers order acceptance, payment terms, product accuracy disclaimers, and dispute resolution.
3. Refund / Returns Policy
Why you need it: In the EU, this isn't optional. Under the Consumer Rights Directive (2011/83/EU), consumers buying online have a 14-day right of withdrawal and can cancel the order without giving any reason; for goods, the period generally runs from the day the consumer takes physical possession (Directive 2011/83/EU, Art. 9, EUR-Lex). The directive also requires you to inform customers about this right before they buy. Certain items are exempt under Article 16 — including goods made to the consumer's specifications or clearly personalised, goods liable to deteriorate or expire rapidly, and sealed goods unsuitable for return on health-protection or hygiene grounds once unsealed — which is exactly why a written policy spelling out the exceptions matters (Directive 2011/83/EU, Art. 16, EUR-Lex).
Who it applies to: Any store selling to consumers in the EU (and, under related rules, the UK). US stores aren't bound by the 14-day rule, but a clear posted policy still reduces disputes and chargebacks.
Solution: Generate your Refund Policy — define return windows, condition requirements, refund methods, and non-refundable items, including the statutory cooling-off period where it applies.
4. Cookie Policy + Consent Banner
Why you need it: Your store almost certainly loads Google Analytics, an advertising pixel, retargeting tags, and session cookies. Under the GDPR, valid consent must be a "freely given, specific, informed and unambiguous" indication of the user's wishes (GDPR, Art. 4(11)), which rules out pre-ticked boxes and "by browsing you accept" banners. In practice, non-essential cookies (analytics and advertising) need genuine opt-in consent before they fire, while strictly necessary cookies — such as the ones that keep items in a cart — do not. Because this links back to the same GDPR principles on consent, getting it wrong carries the same top-tier penalties noted above (GDPR, Art. 83(5)).
Who it applies to: Any store with visitors in the EU/UK. US privacy laws increasingly expect a recognised opt-out signal too, so a configurable banner is the safe default everywhere.
Solution: Generate your Cookie Policy and Cookie Consent Banner — with customizable colors, position, and accept/decline buttons of equal prominence that match your store's branding.
5. Disclaimer
Why you need it: Product photos and descriptions can't perfectly represent a physical item, and some categories — supplements, cosmetics, anything health-adjacent — carry real liability. A disclaimer sets expectations and limits liability for things outside your control. It does not override consumers' statutory rights, though (such as the EU withdrawal right above or rights regarding faulty goods) — no disclaimer can waive protections the law grants buyers. Treat it as a clarification of scope, not an escape hatch.
Who it applies to: Every store, and especially any that sells health, safety, or performance-sensitive products.
Solution: Generate your Disclaimer — covers product accuracy, health/safety disclaimers, and limitation of liability.
6. Accessibility Statement
Why you need it: The Department of Justice treats the websites of businesses open to the public as covered by Title III of the Americans with Disabilities Act (ADA). The DOJ's official guidance states that "the ADA's requirements apply to all the goods, services, privileges, or activities offered by public accommodations, including those offered on the web," and points to the Web Content Accessibility Guidelines (WCAG) as a helpful technical standard (DOJ, "Guidance on Web Accessibility and the ADA," ada.gov). Web-accessibility lawsuits against retailers are filed in large numbers every year. A statement won't substitute for an actually accessible site, but it documents your commitment to WCAG and gives users a way to report barriers.
Who it applies to: US stores that qualify as public accommodations (most consumer-facing retailers). The EU's European Accessibility Act adds similar obligations for many e-commerce services.
Solution: Generate your Accessibility Statement — demonstrates your commitment to WCAG conformance and provides a contact point for accessibility concerns.
7. Affiliate Disclosure (If Applicable)
Why you need it: If influencers or partners promote your products with affiliate links, the relationship has to be disclosed. The FTC's Endorsement rule requires that when there is "a connection between the endorser and the seller of the advertised product that might materially affect the weight or credibility of the endorsement" — a payment, free product, or affiliate commission — and the audience wouldn't reasonably expect it, that connection "must be disclosed clearly and conspicuously" (16 CFR § 255.5). Crucially, advertisers — not just the influencer — can be on the hook when endorsers they engage fail to disclose. A ready-made disclosure protects everyone.
Who it applies to: US-facing brands that work with affiliates, ambassadors, or paid creators. Similar disclosure rules exist in the UK and EU.
Solution: Generate an Affiliate Disclosure template that your partners can use. Protect both your brand and your affiliates.
How they fit together
These pages overlap by design. Your Privacy Policy and Cookie Policy handle the data side (GDPR and equivalent laws); your Terms, Refund Policy, and Disclaimer govern the transaction; and your Accessibility Statement and Affiliate Disclosure address two high-litigation risk areas in the US. Most online stores reach customers in multiple jurisdictions whether they intend to or not, which is why this list errs toward completeness.
Total Cost: $0. Total Time: ~25 Minutes.
Hiring a lawyer to draft a full set of e-commerce policies can run into the thousands of dollars. Our generators create professional, customized starting documents in minutes — completely free. Start with the Privacy Policy Generator and work through the list, tailoring each one to the data you collect, the products you sell, and the countries you ship to.
Already have legal pages? Use our Compliance Checker to scan them for missing clauses and gaps.
This article is provided for general informational purposes only and does not constitute legal advice. Reading it does not create a lawyer–client relationship. Laws vary by jurisdiction and change over time; for advice on your specific circumstances, consult a qualified attorney.