Website Legal Pack: the full legal baseline for your website or app — aligned to Web3, payments and cross-border users.
- Web3 / crypto products: wallets, exchanges, launchpads, tokenization platforms.
- Fintech apps with payments, subscriptions or fiat rails.
- SaaS products with cross-border users and analytics/ads tooling.
- Projects preparing for partners, listings, investors or audits.
- Service description + user eligibility rules.
- Account, onboarding and KYC/verification logic (if any).
- Fees, payments, subscriptions, refunds (as applicable).
- Restrictions: geographies, user types, prohibited use.
- What data you collect and why (legal basis logic).
- Data sharing: vendors, analytics, hosting, PSPs.
- Cross-border transfers and retention policy baseline.
- User rights and how requests are handled.
- Cookies/trackers categories (essential, analytics, marketing).
- Consent posture baseline (where required).
- Vendor list approach and updates logic.
- Simple user-facing explanation for trust.
- Volatility, custody, smart contract, counterparty risks.
- Regulatory uncertainty and geographic restrictions.
- “Not investment advice” posture (where relevant).
- Placement logic (where users must see/accept).
- Subscription, renewals, chargebacks, refunds rules.
- PSP terms alignment and user obligations.
- Dispute handling and service interruption posture.
- Tax/VAT wording baseline (non-accounting).
- Controller/processor roles mapping.
- Security measures baseline and vendor controls.
- Subprocessors logic and notice rules.
- International transfers framework (baseline).
If your product is regulated (or close to it), we usually recommend pairing this pack with Compliance Pack.
Onboarding, payments, custody, restrictions, user types, geographies, vendors.
Risk posture, restricted markets, disclaimers, liability allocation and enforcement logic.
Terms + privacy + cookies; optional add-ons for Web3/payments; consistency check.
Placement guidance: where users accept terms, how disclosures show, update/version logic.
Output: documents your team can execute daily and explain to partners, auditors and users.
- What the product does (1–2 paragraphs).
- User types (retail/pro, B2C/B2B, age limits).
- Markets/geographies you target + where you exclude users.
- Whether you hold client funds/assets or delegate to third parties.
- Payments/PSP providers (if any), subscription/refund logic.
- Analytics/ads tools and key vendors (hosting, CRM, email).
- Data categories collected (basic profile, KYC, biometrics? etc.).
- Support/contact process and dispute handling expectations.
Can we use a template or generator instead?
Templates usually fail when you have Web3 features, payments, cross-border users, or restrictions. Partners and investors can spot “generic docs” quickly — and the mismatch creates legal risk.
Do you include GDPR compliance?
We draft a privacy posture aligned with GDPR-style expectations where relevant (especially if you target EU users), including data categories, vendor sharing and user rights logic. Full GDPR program implementation is separate.
Do you cover crypto-specific risks and disclaimers?
Yes. If your model involves tokens, custody, staking, RWA, or financial-like features, we add risk disclosures and the right “posture clauses” in the Terms (restrictions, disclaimers, responsibility matrix).
What about KYC / AML and onboarding flows?
We reflect your KYC/verification logic in user rules and processes. If you need full AML/KYC policies and procedures, that is covered by Compliance Pack.
- You are launching publicly and need a clean legal baseline.
- You use payments/subscriptions and need dispute-proof rules.
- You have Web3 features and need proper restrictions + disclosures.
- You are preparing for partners, listings, investors or audits.
We draft around real flows — that’s what makes documents defensible.