1.9 KiB
1.9 KiB
Legal Protection & Payments
Legal (Lean Approach)
What Pieter Levels Uses
Pieter Levels (maker of Nomad List, Remote OK, Photo AI) keeps it minimal:
- Simple Terms of Service page
- Simple Privacy Policy page
- Generated with free/cheap tools, not expensive services like Termly
Recommended Approach
- Terms of Service — Use a free generator (TermsFeed free tier, GetTerms.io) or write a simple one
- Privacy Policy — Required if collecting any user data. Free generators available
- Cookie Banner — Only needed if using analytics/tracking cookies
- Business Entity — LLC ($50-150 depending on state) for liability protection
- Don't over-engineer — Until you have paying users, simple legal pages are fine
When to Upgrade
- Taking payments → need proper ToS with refund policy
- Handling health data → HIPAA considerations
- EU users → GDPR compliance (data export, deletion rights)
- Enterprise clients → may need SOC 2, BAA agreements
Payments
Options (Easiest to Hardest)
| Service | Fees | Best For | Setup Time |
|---|---|---|---|
| Lemon Squeezy | 5% + $0.50 | Merchant of record, handles tax/VAT | 1 day |
| Paddle | 5% + $0.50 | Same as Lemon Squeezy, more established | 1 day |
| Stripe | 2.9% + $0.30 | Full control, most flexible | 2-3 days |
| Gumroad | 10% | Digital products, simplest | Hours |
Recommendation
- Start with Lemon Squeezy or Paddle — they handle sales tax, VAT, and act as merchant of record (you don't need a business entity)
- Move to Stripe when you need more control or lower fees at scale
- Both have simple JS SDKs and webhook integrations
Integration Pattern
User clicks "Subscribe" → Redirect to payment provider checkout
→ Provider handles payment → Webhook to your API
→ API updates user subscription status in DB
Keep payment logic out of your app. Let the provider handle checkout, invoicing, and tax.