How To Grow Your Startup With Online Licensing Of Offline Brands

By | Business Contracts, Business Lawyer, Internet Lawyer | No Comments

online licensing brandsAs of October 1, 2017, Starbucks Corporation (SBUX) retrenched its brand by shutting down its online products store in order to drive customers to the company’s coffee shops instead. This type of brick-and-mortar focus by some retailers and wholesalers creates online licensing opportunities for entrepreneurs looking to rapidly grow their startups using others’ brands.

Getting Started With Online Licensing

If your startup is technically savvy and is proficient in direct response Internet marketing, research brands that complement your business model but lack a viable online presence. Rank these brands on what they can potentially do for your startup. Factors to consider include the expected return on your investment (ROI) of time, energy, and money.
Approach the owners of the top brands on your ranked list and express an interest in licensing their brand for the sale of products and/or services online.

Of course, not every brand owner will be interested in doing a deal. However, there will be some willing to discuss online licensing.

Putting Together The Online Licensing Deal

Among the business contracts and other legal documents that will paper the deal is the license between the brand owner as licensor and your startup as licensee.

Related Article: 7 Keys To Picking The Right Internet Lawyer For Your Business

Three important issues to address are:

  • Initial term and any renewal options;
  • Royalty payments; and
  • Scope of license (including any limitations and exclusions).

Plan For The Future In Your Current License

Smart licensees leave themselves an option to continue working in the same market as the brand owner after termination of the license. For example, you may want to form an online licensing deal with the brand owner’s competitor or even start your own competing brand for products and/or services to sell.

Related Article: Protect Your Brand With The Right License Agreement

If you want to have this option, the legal documents for the initial licensing deal must leave open the door for you to do so. For example, if the deal with the brand owner includes a covenant not to compete with the brand owner online for a period of two years after the license terminates, that will significantly impede your ability to license a competing brand or start your own.

Of course, if your startup’s investment in the original deal can be readily transferred to a product or service that does not compete with your licensor, having the option to compete post license termination becomes less important.

Need help putting together an online licensing agreement? Set up a telephone consultation with Internet Business Lawyer Mike Young today.

Privacy Policy 101: What Every Website Owner Should Know

By | Internet Lawyer, Website Lawyer, Website Legal Documents | No Comments

Privacy Policy 101: What Every Website Owner Should KnowHere are Internet Lawyer Mike Young’s answers to frequently asked questions (FAQs) about website privacy policy requirements. If you own a website, this is vital information for protecting yourself from lawsuits and government investigations.

General Information About Website Privacy Policies

Q: What is a website privacy policy?

A: It’s the legal document that describes the website owner’s policy with respect to the privacy rights of site visitors.

These rights may be multi-tiered.

For example, a website visitor may have different rights and responsibilities than a paying customer with access to a restricted membership area.

Related Article: 5 Warning Signs You’re Using The Wrong Website Legal Documents

In addition to the legal aspects, a good privacy policy builds trust between the site owner and visitors.

On the other hand, the lack of a policy (or a poorly drafted one) creates suspicion the website owner is dishonest or an amateur treating the site like a hobby.

5 Warning Signs You’re Using The Wrong Website Legal DocumentsQ: Are privacy policies required?

A: Although not all jurisdictions require websites to have privacy policies, some countries and states do.

The problem with this is that most sites do not restrict access by geographic location. This means that if you’ve got a site with visitors from another state that requires sites have privacy policies, you have potential liability issues even if the location(s) where your site is based and hosted do not have such requirements.

Even if you win, it’s costly to defend against a lawsuit by a state’s attorney general or a consumer protection lawyer who attempts to get a class action certified again you as site owner for violating privacy laws you may not have even known existed.

Q: Can I save money by writing my own policy from scratch?

get website legal protectionA: Probably not. Imagine you broke your arm with a compact fracture. The bone has pierced the skin.

Would you try to stop the bleeding, stitch up the wound, and set the bone at home with a do-it-yourself cast to save a trip to the emergency room? Chances are you’d end up spending a fortune later in medical bills trying to save the arm from amputation.

The same principle applies to legal issues like online privacy rights. It’s penny-wise and pound foolish to cut corners here pretending to be an experienced Internet business lawyer…

Q: What if I just “borrow” policy provisions I like from a big company’s website like Google or Amazon?

A: First, that’s intellectual property theft, which can lead to a copyright infringement lawsuit or at least a cease-and-desist demand letter from some unhappy corporate attorneys representing the owner you stole from.

Related Article: 7 Keys to Picking the Right Internet Lawyer

7 Keys to Picking the Right Internet LawyerThere was an entrepreneur about 10 years ago who decided to sell a website privacy policy without permission from the attorney who owned the copyright.

Although it’s unknown what the entrepreneur had to pay in addition to a very public apology, the lawyer went to website owners that bought the privacy policy and gave them an option. Each website owner could pay him several thousand dollars as a licensing fee or face a copyright infringement suit where the attorney could demand up to $150,000 per infringement.

Even if you have permission from the copyright owner to copy and paste from another website’s privacy policy, your business is not the same. In other words, what you must address on your site can be very different from another website even if the other site is owned by your competitor.

Different Kinds of Privacy Rights

Q: Why are there different types of privacy rights?

A: There are many legal variables at play in e-commerce. For example, the law treats website visitors very differently depending upon their ages.

Visitors who are at least 18 years old have minimal protection under the law because they’re generally treated as adults. Minors who are 13 to 17 years old have some legal safeguards under the law that are unavailable to adults.

Of course, the most protected privacy rights by law are those of children who are 12 years of age or younger. The federal Children’s Online Privacy Protection Act (COPPA) is a complex beast to comply with even you’re an experienced attorney.

Related Article: Amazon Associates’ Child Directed Policy, COPPA, and Your Website

Amazon Associates’ Child Directed Policy, COPPA, and Your WebsiteAnd it’s important to note your view of who your website visitors are may be different from that of the Federal Trade Commission (FTC) or a state attorney general’s consumer protection office when trying to protect minors.

There have been companies that thought their target market was college students only to learn the hard way website visitors supplying information were actually pre-teens. This is not the position you want to be in from a liability standpoint.

Q: Do the types of information collected by the website owner affect what should be included in a privacy policy?

A: Yes. For many websites, it’s not much of an issue because the information being collected is rather mundane, such as the length of a visit to a particular web page. A lot of this type of data is collected and reviewed in the aggregate rather than at the individual user level…
personally identifiable informationHowever, there is information collected that receives additional protection in the United States, Canada, and other countries. For instance, some personal information can be used to identify or track an individual visitor.

This class of personal data is commonly referred to as sensitive personal information (SPI) or personally identifiable information (PII). The additional requirements for PII often control collection, storage, and use of such data because of how easy it can be abused to commit identify fraud, stalk people, and other illegal purposes.

Q: Can you give me some examples of SPI/PII?

A: Sure. Although it varies by jurisdiction, data such as a visitor’s full name, credit card number, and home address are commonly protected sensitive personal information. However, there are truly gray areas where there’s no real consensus on whether the data should enjoy such protection. For example, a person’s gender, zip code, and criminal record may or may not be considered PII.

And sometimes it’s a combination of two different pieces of information that becomes SPI when each part by itself is not. For example, “J. Smith” by itself may not be personally identifiable information. However, if the website collects this data and the name of Smith’s employer, together the data may constitute PII.

Q: So as a website owner, I’ve got additional responsibilities for protecting sensitive personal information that can be used to identify individual visitors?

A: Yes. However, you also should consider how your visitors treat each other’s PII too.

Q: What do you mean by that?

A: If your site allows visitors to post information (such as blog comments or forum posts), invariably someone will reveal personally identifiable information about themselves in the content they post even though they really shouldn’t do so. You want to make it clear in your policy that other visitors who read such PII can’t abuse it. This means you’ll want to prohibit or severely limit the circumstances under which they can use such information without the proper consent(s) do to so…

hipaa compliant privacy policyQ: This sounds complicated. Are there more types of private information that gets protected?

A: Yes, primarily data pertaining to a visitor’s health. In the United States, there are complex rules affecting website privacy promulgated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH Act) of 2009. These laws and rules are particularly important to professional healthcare providers (e.g. doctors and dentists) when it comes to protecting patient privacy.

Why Transparency is Essential

Q: Okay, if I comply with all of these laws and rules, what do I have to disclose in my privacy policy? Shouldn’t compliance be enough?

A: Unfortunately, simply obeying the rules in collection isn’t sufficient. Your website’s privacy policy should be fully transparent about what is collected, how that information is used by you as the site owner, and, to the extent it is legal to do so, how the data is shared with third parties by individual visitor or in the aggregate.

Equally important for gaining visitor trust is to state what you are not doing with the information collected. For example, if you are not selling or otherwise sharing data with third parties, let visitors know that.

Related Article: 5 Business Website Disclosures And Disclaimers

5 Business Website Disclosures And Disclaimers For TransparencyQ: Why?

A: Because you want to give the visitor enough data to make an informed choice about using your site (or deciding not to use it). And for some jurisdictions, even that’s not enough.

For example, under some circumstances you may have to provide data to website visitors who are California residents if they request it pertaining to PII shared with third parties…and your privacy policy should make it easy for them to make that request…

website data retention and visitor privacyQ: How long should I retain visitor data I capture on my site?

A: The answer depends upon applicable law, the type of data collected, and your relationship with the visitor. For example, there’s certain information you’ll want to have that a customer provides you if there’s ever a breach of contract lawsuit regarding goods or services you provided.

The statute of limitations for bringing such a lawsuit may make it necessary for you to keep that information longer than you otherwise would if the same data was supplied to you by a visitor who is not a customer.

The key here (particularly with PII), is to keep the information only as long as you really need it.

Regardless of what you do, your site’s privacy policy should be clear and consistent with how your data retention actually works.

Information Security Risks

data security and hackingQ: Why not keep the data forever just in case you might need it someday?

A: The longer you keep such information, the greater the risk hackers or a government agency spying online will access and misuse the data. Keep it as long as needed for legitimate business and legal reasons but no longer.

You should also point out the inevitable risk of such hacking and spying in your privacy policy, how you attempt to protect data (without providing too much detail that actually enables hacking), and let the visitor make an informed decision on what information to provide you via your site with full knowledge of these dangers…
data tracking and online privacyHow do you handle do-not-track requests? Interest-based advertising from ads served on your site by third parties? Remarketing tags/pixels and tracking cookies?

What about opting out from such tracking and interest-based advertising? Will you provide visitors with options to do so within the policy itself by following simple instructions?

Site Log-in Information

If your site permits visitors or customers to log in for access to parts of the site restricted from the general public, how are user names and passwords to be handled? Who is responsible under you policy for protecting the privacy of this information?

Can more than one person use the same log-in credentials to access your site? If not, have you told visitors this in your privacy policy and terms of use?

Privacy and Email Marketing

privacy rights and email marketingIf a visitor can opt into an email list you have via your website, you should explain the privacy rights related to use of their email address.

Will you self-host the list or use a reputable third party autoresponder service?

Are you using co-registration? Co-reg means a visitor providing an email address is opting into multiple lists, and often these lists owned by more than just the website owner. This is particularly common in joint ventures and in lead generation (lead gen) marketing.

Will a visitor be required to confirm his subscription to the list or is simply entering an email address enough to join it? How can a subscriber unsubscribe from the list?

Related Article: How to Avoid Spamming with Your Emails

What if a visitor posts his email address on your site (e.g. in blog comments)? How should that email be treated by other site users? Should the information be protected? Is there a reasonable expectation of privacy? Or can others who see it email the person directly?

Privacy Policies Versus Other Website Legal Documents

terms of useQ: What about other legal documents on my website? How do they relate to the privacy policy?

A: That’s something you need to decide and make clear within the policy itself. For example, if there’s a conflict between your website’s terms of use and the privacy policy, which one controls?

What if a visitor becomes your customer? Is there a customer agreement that affects privacy? How? What if it conflicts with the privacy policy? Which provisions govern?

Q: Why should I have other legal documents? Can’t I lump the privacy policy, terms of use, refund policy, etc. all into one document?

A: Although it’s possible to lump them all together, as a practical matter standard practice for liability and other reasons is to split these out into separate documents linked to in your website’s footer.

Q: I don’t want visitors getting hung up on legalese and leaving my site because of it. I’ll just link to the privacy policy in tiny font that blends in with the color of the footer’s background.

A: That’s a bad idea if you want these legal documents to provide you with protection. Many visitors are also savvy enough to understand what you’re doing with fine print. It smacks of dishonesty.

Related Article: How to Make Effective Internet Advertising Disclosures

fine print as deceptive trade practicesThe FTC and other government agencies dislike what they consider to be deceptive trade practices. Consumer protection lawyers make a lot of money suing over such deception.

This includes things like hiding legalese in the fine print. As a practical matter, you’ll want the footer links to your privacy policy and other docs to be at least the same height as the main text in the body of the page…and you’ll want the color to contrast with the background rather than blending into it.

Look at how the major websites do it. Some of the most successful retailers online all link clearly to their privacy policies without it adversely affecting sales conversions.

Let’s be realistic. Most website visitors know these legal documents exist and probably are going to ignore them.

It’s unlikely more than 1% of your visitors are going to hang out and read all of the legalese. Yet you want it clearly available to everyone to read, including any government agencies employees who are checking up on how you do business online. Some of these government workers may even become your customers as part of investigating your business practices…

privacy policy updatesQ: What about making changes to a website’s privacy policy?

A: Your policy should address how updates will be made, when modifications will go into effect, and how users will be notified of these alterations. This gives them the opportunity to decide whether or not to continue using your site once the modifications are effective.

It’s common to email your subscribers and post a notice for a brief period of time on a site (e.g. a pop-up bar) to inform visitors the privacy policy has new terms with the opportunity to learn more about what’s different.

Related Professional Services Fees

Q: What if a website owner doesn’t have the budget for paying an experienced Internet lawyer to prepare a customized privacy policy?

A: As a practical matter, it’s usually a matter of misplaced priorities rather than a lack of funds. For example, it’s common for the Internet entrepreneur crying poverty when it comes to investing in legal protection to have bought the latest model cell phone, new computer, etc.

website legal protectionHowever, there are some website owners (e.g. bootstrapped startups) who are truly on a tight budget but need protection. One possible solution for many sites is Website Legal Forms Generator software.

I personally created and updated the privacy policy and other legal forms generated by this software that’s available through the Internet Attorneys Association.

Of course, if you have the funds, make the investment to get customized documents prepared by an experienced Internet lawyer. For example, our firm offers a Website Legal Protection Package for a flat fee.

Startup Funding – Where To Get Money For Starting A New Business

By | Business Lawyer, Internet Lawyer | No Comments

startup funding get money new businessNewbie entrepreneurs with their first “million dollar idea” for starting a new business are often cash-strapped. This frequently makes third party startup funding a misplaced top priority.

Pretotyping Not Payola

As a practical matter, the first issue should be validating whether or not your idea is worth pursuing.

For the aspiring entrepreneur with a limited budget, your first investment should be buying and reading “Pretotype It: Make sure you are building The Right It before you build It right” by Alberto Savoia.

Even if you’re convinced everyone needs what you plan to build, save your time, money, and energy by testing that theory through applying the tactics described in Savoia’s book at little or no cost.

According to Texas Business Lawyer Mike Young, if there’s no market ready, willing, and able to pay for what you have in mind, it’s time to regroup before trying to fundraise for a startup no one wants.

After you’ve proven there’s a sufficiently profitable market by pretotyping, only then is it time to consider how you’ll fund the next steps for your startup.

Your Own Money

Before approaching friends, family, or third parties to raise capital, look at your own assets. If you’re not willing to risk part of your assets, why should anyone else?

That being said, think twice before looting a retirement plan (e.g. IRA or 401k) for your new venture. This is particularly true the older you get with limited time to make up any losses before retirement.

If you can’t afford the down side of a 100% loss of the funds, you shouldn’t be using them in your business.

Don’t go into debt to fund your company. Mortgaging your house or running up credit cards rarely results in business success because it creates a sense of desperation that leads to very bad business decisions when debt payments come due but money is tight.

Business Bank Loans For Startup Funding

Unless you have significant assets to use as collateral or a proven track record of building successful companies, banks are unlikely to give you the time of day for a business loan. In other words, banks are rarely interested in loaning money for startups unless you really don’t need their money in the first place.

Friends and Family Startup Funding

Want to ruin a good friendship or having family members never speak to you again?

Borrow money from them or sell them equity in your new venture.

If you insist on doing it, make sure the loan is done in writing (e.g. promissory note), collateral given if requested, etc. And honor the repayment terms of the debt.

Be careful when fundraising from acquaintances, such as co-workers or friends of friends.


Because there are federal and state securities laws that must be obeyed if you’re offering equity in exchange for startup capital. The regulatory compliance costs often exceed the amount you’re able to raise by this method…and these people are likely to sue you if your company goes bust and they lose their money.

Angel Investors and Venture Capitalists

Although some angel investors are adrenaline junkies who invest primarily for the rush of being involved with a startup, you should assume both angel investors and venture capitalists are solely interested in a high monetary return on investment (ROI) with the ability to cash out on their terms.

If you are one of the “lucky” few to get this type of funding, understand there are many strings attached.

One of the primary strings invariably is control. To protect their investment, they will throw you out of your own company if you fail to deliver to expectations. These investors don’t assume every investment will pay off. However, they show little tolerance for founders who drop the ball through laziness, incompetence, etc.

Know thyself.

If your primary reason for starting a new company is to work for yourself, giving up a large chunk of equity and expecting to run things as directed by your investors is a recipe for disaster. You can’t fight those who control the purse strings and expect to win, particularly when they’re in the business of making money from your efforts.

Self-Funding Business

Despite the hype given in the media, your new venture is unlikely to become the next Google, Uber, Amazon, etc.

After testing the concept through pretotyping, if you decide to proceed, seriously consider a model where the business’ incoming revenues fund its growth rather than incurring debt or giving up equity.

And if your startup does have the potential to be the next billion dollar unicorn, investors will be knocking at your door rather than you begging for help when starting a new business.

Crowd Funding

What if you need a serious injection of capital for the startup because of the nature of your new widget is technology that requires hundreds of thousands or even a couple million dollars just to get off the ground?

If pretotyping shows there’s a hot demand for your idea, consider using a crowd funding site like Kickstarter or Indiegogo to get the money you need. Just understand there are strings attached to this startup funding too. Whatever you promise to those who crowd fund your company, be prepared to deliver.

Google Privacy Policy, the FTC, and Your Rights

By | Internet Lawyer | No Comments

According to the WaPo’s Craig Timberg (“Google facing FTC scrutiny over privacy — yet again”), Google has been accused in a consumer advocate complaint to the U.S. Federal Trade Commission (FTC) of engaging in deceptive trade practices by changing its privacy policy earlier this year to permit merging user profile data collected across the company’s various platforms.

Whether or not there is anything wrong with the Google privacy policy change remains to be seen. The FTC may even dismiss the claim on the merits.

What is clear is that the general rule of Internet free services applies. If you’re not paying for the service, you’re the product. It’s a Faustian bargain you enter into willingly with every online service that you use (from Facebook to Gmail).

Rule of Internet Free Services: You trade information about yourself and others in exchange for the service provider delivering what you want.

And if you don’t want to trade that information to be used for targeted advertising and other purposes, don’t use the “free” service. It’s really that simple.

Evernote Privacy Policy Change: Much Ado About Nothing

By | Internet Lawyer | No Comments

evernote privacy policy updateUpdateEvernote has rescinded its planned change to its privacy policy because of the backlash. Users must affirmatively opt in before the company’s employees will be reading the content of user notes as part of the machine learning process. This is somewhat silly because the same issue has been ignored for many years by Evernote users who also use “free” email services like Gmail and Yahoo mail.


Original Article

Evernote is updating its privacy policy to reflect that some company employees may view your content as part of overseeing the machine learning process.

There’s an uproar because some users (e.g. technologically-impaired journalists) naively think their information is stored online secure from prying eyes.

Here’s What You Should Know About the Evernote Privacy Policy Change

First, the general rule of thumb is that anything stored online is not secure. Just ask the celebrities whose naked selfies were exposed in “The Fappening.”

Second, many of those complaining about Evernote’s policy change think nothing about using Google Gmail, Yahoo Mail, and other email services where machine learning is also supplemented by company employees viewing user content.

Third, Evernote is doing the right thing by disclosing how the machine learning process actually works with the assistance of real people. If the company hid this information, you’d undoubtedly see shakedown lawsuits because of the lack of transparency (Tip – if you’ve got a website or an app, you should have your Internet lawyer make sure your privacy policy is consistent with your actual practices).

If you don’t want your stuff seen by third parties, don’t put it online. If you want to access everyday tools that make your life easier (like Evernote and Gmail), then understand there’s a trade-off that includes a loss of privacy.