​

Legal Documentation - TODO List

​

Document Status Overview

​

✅ Completed Documents

1. Privacy Policy (privacy-policy.mdx)
   • Status: Complete
   • Last Updated: November 4, 2025
   • Covers: GDPR, CCPA/CPRA compliance, data collection, usage, retention
2. Acceptable Use Policy (acceptable-use-policy.mdx)
   • Status: Complete
   • Last Updated: November 4, 2025
   • Covers: Prohibited activities, enforcement rights, reporting
3. Terms and Conditions (terms-and-conditions.mdx)
   • Status: Complete
   • Last Updated: November 4, 2025
   • Covers: Service terms, billing, IP rights, liability, dispute resolution
4. Data Processing Addendum (data-processing-addendum.mdx)
   • Status: Complete
   • Last Updated: November 4, 2025
   • Covers: GDPR Article 28, EU SCCs, UK Addendum, CCPA/CPRA terms
5. Cookie Policy (cookie-policy.mdx)
   • Status: Complete
   • Last Updated: November 4, 2025
   • Covers: Cookie categories, GDPR/ePrivacy consent, GPC support, third-party cookies, cookie inventory

​

📋 Missing Documents (Priority Order)

​

High Priority

​

1. Cookie Policy

• Status: ✅ Complete (cookie-policy.mdx)
• Last Updated: November 4, 2025
• Completed sections:
  • Types of cookies (essential, analytics, marketing, advertising)
  • Third-party cookies and subprocessors
  • Cookie management and opt-out options (Cookie Settings)
  • Consent mechanism details (GDPR/ePrivacy compliance)
  • Cookie lifespan information (session vs persistent)
  • GPC (Global Privacy Control) support
  • Example cookie inventory table

​

2. Security & Trust Page

• Status: ❌ Missing
• Referenced in: Privacy Policy (line 121)
• Purpose: Provide transparency about security measures and compliance
• Required sections:
  • Infrastructure security architecture
  • Data encryption (in transit and at rest)
  • Access controls and authentication (MFA)
  • Security certifications (SOC 2, ISO 27001, etc.)
  • Penetration testing and audits
  • Incident response procedures
  • Vulnerability disclosure program
  • Compliance certifications overview
  • Security team contact information

​

3. Subprocessors List Page

• Status: ❌ Missing
• Referenced in: DPA (Section 6.2, Schedule E)
• URL: Should be at /legal/subprocessors
• Purpose: List all third-party subprocessors handling customer data
• Required information:
  • Subprocessor name and purpose
  • Location/jurisdiction
  • Data processing activities
  • Last updated date
  • Email subscription for updates
  • 10-day notice period for new subprocessors

​

Medium Priority

​

4. Service Level Agreement (SLA)

• Status: ❌ Missing
• Referenced in: Terms and Conditions (Section 8.3 notes absence)
• Purpose: Define uptime guarantees and service commitments
• Required sections:
  • Uptime guarantees (currently targeting 99.5%)
  • Response time commitments by plan tier
  • Incident escalation procedures
  • Service credits for downtime
  • Exclusions and force majeure
  • Performance metrics and reporting

​

5. Refund Policy

• Status: ⚠️ Partial (mentioned in Terms Section 5.4)
• Purpose: Detailed refund procedures and eligibility
• Required sections:
  • 7-day money-back guarantee details
  • Prorated refund calculations for annual plans
  • Refund request process
  • Processing timeframes (currently 10 business days)
  • Non-refundable items (overage charges)
  • Payment method-specific procedures
  • Dispute resolution for refund requests

​

6. API Terms of Service

• Status: ❌ Missing
• Purpose: Specific terms for API usage separate from general terms
• Required sections:
  • Rate limiting policies
  • API key management and security
  • Acceptable API usage patterns
  • Prohibited API activities
  • Deprecation and versioning policies
  • API-specific SLA and availability
  • Data extraction responsibilities
  • Third-party platform compliance

​

Low Priority (Future Enhancements)

​

7. Vulnerability Disclosure Policy

• Status: ❌ Missing
• Purpose: Guide security researchers on responsible disclosure
• Required sections:
  • Scope of covered systems
  • Reporting procedures
  • Response timeline commitments
  • Safe harbor provisions
  • Recognition program (if applicable)
  • Out-of-scope vulnerabilities
  • Contact information (security@anysite.io)

​

8. Trademark and Brand Usage Guidelines

• Status: ❌ Missing
• Purpose: Guidelines for using Anysite branding and trademarks
• Required sections:
  • Approved logo usage
  • Color specifications
  • Prohibited uses
  • Attribution requirements
  • Partnership badge guidelines
  • Request process for brand materials

​

9. Copyright and DMCA Policy

• Status: ❌ Missing
• Purpose: Copyright infringement reporting and DMCA compliance
• Required sections:
  • DMCA agent contact information
  • Notice requirements
  • Counter-notice procedures
  • Repeat infringer policy
  • Good faith requirement

​

10. Third-Party Licenses

• Status: ❌ Missing
• Purpose: Attribution for open-source and third-party components
• Required sections:
  • List of third-party software
  • License types (MIT, Apache, GPL, etc.)
  • Attribution requirements
  • Links to full license texts

​

Implementation Notes

​

Cross-Reference Requirements

1. Cookie Policy should be linked from:
   • Privacy Policy (Section: “Personal Data we collect automatically”)
   • Terms and Conditions (if cookies are used for authentication)
2. Security & Trust Page should be linked from:
   • Privacy Policy (Section: “How We Protect Your Personal Data”)
   • DPA (Schedule D - Security Measures)
   • Homepage/About section
3. Subprocessors List should be linked from:
   • DPA (Section 6.2 and Schedule E)
   • Privacy Policy (Section: “How We Disclose Your Personal Data”)
4. SLA should be linked from:
   • Terms and Conditions (Section 8)
   • Pricing/Plans page
   • API Documentation

​

Navigation Updates

{
  "group": "Legal",
  "pages": [
    "legal/privacy-policy",
    "legal/terms-and-conditions",
    "legal/acceptable-use-policy",
    "legal/data-processing-addendum",
    "legal/cookie-policy",           // NEW
    "legal/security-trust",          // NEW
    "legal/subprocessors",           // NEW
    "legal/sla",                     // NEW
    "legal/refund-policy",           // NEW
    "legal/api-terms"                // NEW
  ]
}

​

Document Templates

---
title: 'Document Title'
description: 'Brief description of the document'
icon: 'appropriate-icon'
---

# Document Title

Last Updated: [Date]

[Content here]

---

## Related Documents

- [Link to related doc 1](/legal/doc1)
- [Link to related doc 2](/legal/doc2)

---

## Contact Us

For questions about this [Document Name], contact us at:
- **Email**: legal@anysite.io or appropriate@anysite.io
- **Website**: [https://anysite.io](https://anysite.io)

​

Maintenance Schedule

• Quarterly Review: Review all legal documents for accuracy and compliance
• Annual Update: Update all “Last Updated” dates and review for legal changes
• On Change: Update immediately when:
  • New regulations take effect (GDPR updates, new state privacy laws)
  • Service offerings change significantly
  • Company structure changes (acquisition, merger)
  • New subprocessors are added
  • Security certifications are obtained

​

Compliance Checklist

​

GDPR Compliance

• Privacy Policy with GDPR language
• Data Processing Addendum (DPA)
• EU Standard Contractual Clauses (SCCs)
• UK International Data Transfer Addendum (IDTA)
• Cookie Policy with consent mechanism
• Subprocessors list with notification system
• DPIA templates (if needed)

​

CCPA/CPRA Compliance

• Privacy Policy with California-specific terms
• Service Provider terms in DPA
• “Do Not Sell or Share” disclosures
• Consumer rights request portal
• GPC signal handling documentation

​

Other Jurisdictions

• Canadian PIPEDA compliance review
• Australian Privacy Act compliance
• Brazilian LGPD compliance review
• Additional state privacy laws (Virginia, Colorado, etc.)

​

Legal Review Status

​

Contact for Legal Documentation Updates

• Legal Team: legal@anysite.io
• Privacy/DPO: privacy@anysite.io
• Security: security@anysite.io
• Documentation: docs@anysite.io