You're running a business that handles client data and money. You need legal documents. Not having them is both unprofessional and risky.
Essential Documents
| Document | Purpose | Required By | |----------|---------|-------------| | Terms of Service | Contracts the client-host relationship | Business practice | | Privacy Policy | Explains data handling | GDPR (legal requirement in EU) | | Acceptable Use Policy | Defines forbidden activities | Business practice | | Service Level Agreement | Defines uptime guarantees | Premium plans | | Refund Policy | Defines refund terms | Consumer protection laws |
Terms of Service
Key Sections
| Section | What to Include | |---------|----------------| | Service description | What you provide (hosting, email, domains) | | Payment terms | Pricing, billing cycle, late fees | | Account responsibilities | Client's obligations | | Data and backups | What you back up, client's responsibility | | Support scope | What's included, response times | | Limitation of liability | Maximum liability limits | | Termination | How either party can end the relationship | | Dispute resolution | Governing law, jurisdiction |
Critical Clauses
Backup responsibility: "While we perform regular backups, the client is ultimately responsible for maintaining their own copies of data."
Uptime disclaimer: "We target 99.9% uptime but do not guarantee it unless covered by our SLA."
Content liability: "The client is responsible for all content hosted on their account. We are not liable for illegal or infringing content uploaded by the client."
Privacy Policy (GDPR Compliance)
For EU-based resellers, GDPR compliance is mandatory:
| Requirement | What to Document | |-------------|-----------------| | Data collected | Names, emails, addresses, payment info | | Purpose of processing | Service delivery, billing, support | | Legal basis | Contract performance, consent | | Data retention | How long you keep data | | Client rights | Access, rectification, deletion, portability | | Data processor info | Third-party services you use | | Data transfers | If data leaves the EU | | Breach notification | How you'll notify in case of a breach |
Third-Party Processors to Disclose
| Service | Data Shared | Purpose | |---------|------------|---------| | WHMCS | Client details, billing | Hosting management | | Payment gateway (Stripe, PayPal) | Payment details | Payment processing | | Email provider | Email address | Transactional emails | | Hosting provider | Account data | Infrastructure | | Analytics (if used) | Usage data | Website analytics |
Acceptable Use Policy
Clearly define what clients cannot host:
- Illegal content under applicable law
- Copyright-infringing material
- Malware or phishing pages
- Spam sending or bulk unsolicited email
- Mining cryptocurrency (if not permitted)
- Excessive resource usage affecting other clients
Service Level Agreement
SLAs are promises with consequences. Only offer them if you can back them up.
| Uptime Level | Monthly Downtime | Credit | |-------------|-----------------|--------| | 99.9% (promised) | < 43 minutes | No credit | | 99.5% - 99.9% | 43 min - 3.6 hours | 10% credit | | 99.0% - 99.5% | 3.6 - 7.2 hours | 25% credit | | Below 99.0% | > 7.2 hours | 50% credit |
Credits are against future invoices, not cash refunds.
Getting Legal Documents
| Option | Cost | Quality | |--------|------|---------| | Write yourself (with templates) | Free | Basic | | Online generators (TermsFeed, etc.) | $50-200 | Good | | Lawyer review | $500-2,000 | Professional |
For starting out, use online generators. Once you have 50+ clients and meaningful revenue, invest in lawyer review.
Display and Agreement
- Link ToS and Privacy Policy in your website footer
- Require checkbox acceptance during signup in WHMCS
- Keep versioned copies (date each version)
- Notify clients of significant changes 30 days in advance
Having proper legal documents builds trust with reseller hosting clients. It shows you're running a professional operation, not a hobby.
