Financial Policy Privacy Information (Hipaa Policy: Fill & Download for Free

Super common question for a lot of companies. I have included some best practice below to think about when creating a terms of service and privacy policy.We have a lot of founders and tech startups come to UpCounsel just for terms of service and privacy policies. Typically, companies can get a custom drafted TOS and PP on UpCounsel for $500 - $800 from lawyers that specialize in these type of agreements for tech companies. As you have probably guessed, I am the founder of this company :) If I can ever personally help, let me know!OK, now onto the best practices! In short, these agreements are important to have your users sign.1. DO HAVE USERS SIGN A TERMS OF USETOUs can cover a range of issues, including acceptable user behavior online, a company’s marketing policies, and copyright notices. Really great TOUs are drafted to meet the individual specifications of a website.Some of the major flaws in TOU agreements are related to the protections that people seek under the Digital Millennium Copyright Act (“DMCA”).Here is an example template for a Terms of Use for a web or mobile application that hosts user generated content. This is merely an example and is not intended to be used directly on your website unless it matches what you do. Use it only as a reference.Some major considerations for a TOULimit the site’s liability to users to some very small dollar amount (e.g., $10 or fees actually paid for services in the past 6 months);Have the user indemnify the site for any third party claims arising from their use of the site; andInclude an arbitration clauses to reduce class action suits.2. DO HAVE USERS COMPLY WITH A PRIVACY POLICYA privacy policy is a legal discloser that describes the ways a party gathers, uses, discloses and manages a customer’s “personal information.” Its purpose is to inform your users of how you collect and use their data – therefore, like your TOU, it is important that this is drafted to your particular application’s data usage features. Where companies get themselves into trouble is by making disclosures that are inaccurate regarding user’s data or do not maintain their TOUs over time. Privacy policies should be updated whenever there is a change in the way a company uses user’s customer information.In most cases, someone’s name, address, email address, and telephone number are considered personal information. Health information, sexual orientation information, location information, and financial information (among others) may be considered “sensitive information” as well as “personal information,” and may be subject to more stringent protections both in tort and by virtue of specific statutes such as the Health Insurance Accountability and Portability Protection Act (HIPAA) or the Fair Credit Reporting Act (FCRA).The FTC requires that websites that deal in users’ personal information have a “clear and concise” privacy policy that explains, in a digestible manner:What types of information the company or website collects;How the company or website uses that information;With whom the company or website shares that information; andHow the company or website secures that information.

The best approach would be to create a separate Privacy Policy for each of your apps. However, if all of your apps collect exactly the same information for the same purposes you could consider using a generic Privacy Policy for all of them.Let me explain why.What Does a Privacy Policy Cover?The main reason that they all need to be app-specific is that your Privacy Policy is important for disclosing what types of information your app collects, and why. If your apps collect any different information (e.g. one collects email addresses while another does not), they need different policies to disclose that.A Privacy Policy normally discloses the following information:Your identityContact detailsWhat user information you gatherThe purpose of your data collectionWho you share user information withData storage and security informationWhether you will transfer the data anywhereThe process by which users can update or delete information you hold on themYour policy’s effective dateYour response process for “Do Not Track” requestsWhether any third parties collect user information through your website or serviceIf any of your apps do any of these things in a different way to one another, they will need a separate policy.Another thing to consider is who your users are. Do you have some apps used primarily by people from the US, and other apps with people in the EU? Are any of your apps used by children? If any of these questions is answered with a “yes”, you will definitely need a different policy for each app.EU privacy laws are much stricter than US privacy laws, so if any of your apps collect data from EU citizens, the Privacy Policy will need to be broader in scope, and you may have greater restrictions on what you can do with the data collected through that app. Here’s an example of Google’s EU User Consent Policy that highlights some of these differences:Next, ask yourself whether any of your apps deal with financial or health data. If you are collecting health data (e.g. through a medical assistant app) or financial data, different privacy laws will apply to your data collection and use.For example, in the US the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA) applies to information that could identify an individual and relates to their health status, health care provision, or health care payments. If you have one app that collects health information but the others don’t, you will need to consider completely different privacy concerns for the health app.Result: Generic or Specific?If all your apps have the same user base, collect the same information, and you use the information for the same purposes and store it in the same way, you could write a generic Privacy Policy for all of them. In this case you would need to make sure that you change the app name and details in each document.If they have any differences at all in terms of the information they collect, what you do with it, or your user base, go for app-specific policies to make sure that you comply with relevant privacy laws.

Super common question for a lot of companies. I have included some best practice below to think about when creating a terms of service and privacy policy.We have a lot of founders and tech startups come to UpCounsel just for terms of service and privacy policies. Typically, companies can get a custom drafted TOS and PP on UpCounsel for $500 - $800 from lawyers that specialize in these type of agreements for tech companies. As you have probably guessed, I am the founder of this company :) If I can ever personally help, let me know!OK, now onto the best practices! In short, these documents are important.1. DO HAVE USERS SIGN A TERMS OF USETOUs can cover a range of issues, including acceptable user behavior online, a company’s marketing policies, and copyright notices. Really great TOUs are drafted to meet the individual specifications of a website.Some of the major flaws in TOU agreements are related to the protections that people seek under the Digital Millennium Copyright Act (“DMCA”).Here is an example template for a Terms of Use for a web or mobile application that hosts user generated content. This is merely an example and is not intended to be used directly on your website. Use it only as a reference for when you speak to an attorney.Some major considerations for a TOU – Contributed by Jessica Hubley, Esq.Limit the site’s liability to users to some very small dollar amount (e.g., $10 or fees actually paid for services in the past 6 months);Have the user indemnify the site for any third party claims arising from their use of the site; andInclude an arbitration clauses to reduce class action suits.2. DO HAVE USERS COMPLY WITH A PRIVACY POLICYA privacy policy is a legal discloser that describes the ways a party gathers, uses, discloses and manages a customer’s “personal information.” Its purpose is to inform your users of how you collect and use their data – therefore, like your TOU, it is important that this is drafted to your particular application’s data usage features. Where companies get themselves into trouble is by making disclosures that are inaccurate regarding user’s data or do not maintain their TOUs over time. Privacy policies should be updated whenever there is a change in the way a company uses user’s customer information.In most cases, someone’s name, address, email address, and telephone number are considered personal information. Health information, sexual orientation information, location information, and financial information (among others) may be considered “sensitive information” as well as “personal information,” and may be subject to more stringent protections both in tort and by virtue of specific statutes such as the Health Insurance Accountability and Portability Protection Act (HIPAA) or the Fair Credit Reporting Act (FCRA).The FTC requires that websites that deal in users’ personal information have a “clear and concise” privacy policy that explains, in a digestible manner:What types of information the company or website collects;How the company or website uses that information;With whom the company or website shares that information; andHow the company or website secures that information.