You're running a business that handles client data and money. You need legal documents. Not having them is both unprofessional and risky.
Essential Documents
| Document | Purpose | Required By |
|---|---|---|
| Terms of Service | Contracts the client-host relationship | Business practice |
| Privacy Policy | Explains data handling | GDPR (legal requirement in EU) |
| Acceptable Use Policy | Defines forbidden activities | Business practice |
| Service Level Agreement | Defines uptime guarantees | Premium plans |
| Refund Policy | Defines refund terms | Consumer protection laws |
Terms of Service
Key Sections
| Section | What to Include |
|---|---|
| Service description | What you provide (hosting, email, domains) |
| Payment terms | Pricing, billing cycle, late fees |
| Account responsibilities | Client's obligations |
| Data and backups | What you back up, client's responsibility |
| Support scope | What's included, response times |
| Limitation of liability | Maximum liability limits |
| Termination | How either party can end the relationship |
| Dispute resolution | Governing law, jurisdiction |
Critical Clauses
Backup responsibility: "While we perform regular backups, the client is ultimately responsible for maintaining their own copies of data."
Uptime disclaimer: "We target 99.9% uptime but do not guarantee it unless covered by our SLA."
Content liability: "The client is responsible for all content hosted on their account. We are not liable for illegal or infringing content uploaded by the client."
Privacy Policy (GDPR Compliance)
For EU-based resellers, GDPR compliance is mandatory:
| Requirement | What to Document |
|---|---|
| Data collected | Names, emails, addresses, payment info |
| Purpose of processing | Service delivery, billing, support |
| Legal basis | Contract performance, consent |
| Data retention | How long you keep data |
| Client rights | Access, rectification, deletion, portability |
| Data processor info | Third-party services you use |
| Data transfers | If data leaves the EU |
| Breach notification | How you'll notify in case of a breach |
Third-Party Processors to Disclose
| Service | Data Shared | Purpose |
|---|---|---|
| WHMCS | Client details, billing | Hosting management |
| Payment gateway (Stripe, PayPal) | Payment details | Payment processing |
| Email provider | Email address | Transactional emails |
| Hosting provider | Account data | Infrastructure |
| Analytics (if used) | Usage data | Website analytics |
Acceptable Use Policy
Clearly define what clients cannot host:
- Illegal content under applicable law
- Copyright-infringing material
- Malware or phishing pages
- Spam sending or bulk unsolicited email
- Mining cryptocurrency (if not permitted)
- Excessive resource usage affecting other clients
Service Level Agreement
SLAs are promises with consequences. Only offer them if you can back them up.
| Uptime Level | Monthly Downtime | Credit |
|---|---|---|
| 99.9% (promised) | < 43 minutes | No credit |
| 99.5% - 99.9% | 43 min - 3.6 hours | 10% credit |
| 99.0% - 99.5% | 3.6 - 7.2 hours | 25% credit |
| Below 99.0% | > 7.2 hours | 50% credit |
Credits are against future invoices, not cash refunds.
Getting Legal Documents
| Option | Cost | Quality |
|---|---|---|
| Write yourself (with templates) | Free | Basic |
| Online generators (TermsFeed, etc.) | $50-200 | Good |
| Lawyer review | $500-2,000 | Professional |
For starting out, use online generators. Once you have 50+ clients and meaningful revenue, invest in lawyer review.
Display and Agreement
- Link ToS and Privacy Policy in your website footer
- Require checkbox acceptance during signup in WHMCS
- Keep versioned copies (date each version)
- Notify clients of significant changes 30 days in advance
Having proper legal documents builds trust with reseller hosting clients. It shows you're running a professional operation, not a hobby.
