Drafting Terms of Use for Websites and Mobile Apps: A Guide for 2025

Julia B. Jacobson | Squire Patton Boggs

A significant portion of Julia’s practice is devoted to advising clients on an array of privacy, cybersecurity, data breach and data governance matters. She assists clients with the design and development of privacy sensitive policies for the collection and use of personal data. Julia regularly advises businesses on the privacy and cybersecurity aspects of environmental, social and governance (ESG) programs, ethical data use, machine learning and artificial intelligence, vendor contracting and management and business sales, combinations and acquisitions.

She has helped her clients design, develop and implement compliance programs to meet the challenges of the evolving privacy and cybersecurity law landscape, including the California Consumer Privacy Act and other US state privacy and cybersecurity laws, the EU’s General Data Protection Regulation, the UK Data Protection Act 2018, cross-border personal data transfers and New York Department of Financial Services Cybersecurity Regulations, as well as to align with industry standards, including the National Institute of Standards and Technology (NIST) cybersecurity and privacy frameworks, and ESG standards and frameworks. Julia also serves as the data breach coach for several national and international clients.

Kyle R. | Squire Patton Boggs

Kyle Dull is a senior associate in the Data Privacy, Cybersecurity & Digital Assets Practice. Using his experience as a former enforcement lawyer, he provides strategic and pragmatic counsel to industry-leading companies, mid-market organizations and startups navigating the complex landscape of domestic and international privacy laws, consumer protection laws, advertising and marketing laws, regulations and best practices.

Committed to fostering a balance between business growth and consumer protection to reduce risk, Kyle empowers clients to achieve their privacy governance and advertising goals while maintaining ethical standards.
Kyle’s deep understanding of regulatory enforcement is invaluable in defending and resolving high-stakes disputes with government agencies and tailoring privacy and marketing compliance programs to reduce the risk of such actions. His tenure at the Florida attorney general’s Consumer Protection Division equips him to proactively identify and mitigate privacy and advertising risks for clients. While at the attorney general’s office, Kyle launched key investigations concerning unfair and deceptive data practices, geolocation tracking and claim substantiation, as well as matters involving children’s privacy and marketing claims. With a proven track record in investigating and litigating complex matters, he offers unparalleled insights into compliance strategies and enforcement actions.

Beyond regulatory advice, Kyle is a trusted adviser for retail and e-tail businesses, counseling clients on novel marketing strategies to ensure that they align with legal requirements and best practices. He seamlessly integrates technology, data privacy, security, intellectual property and advertising considerations into his advice to help create innovative solutions to complex situations. Kyle’s expertise extends to drafting and negotiating a wide range of contracts, including licensing, joint venture and data sharing agreements, ensuring alignment with business objectives and legal requirements.

He is a former member of the Florida Bar Association’s Consumer Protection Law Committee and Data Privacy & Cybersecurity Subcommittee, and a two-term adviser to Law360’s Consumer Protection Committee, staying at the forefront of industry developments and best practices. Kyle is a certified information privacy professional (IAPP CIPP/US).

I. Terms of use for digital platforms | 2:00pm – 2:15pm

• What are terms of use and why they matter
• How formation and other key contracting principles apply in a digital environment
• Geographic restrictions

II. Drafting for compliance and enforceability | 2:15pm – 3:00pm

• Privacy & cybersecurity laws
  • Incorporation of privacy policy/notice
  • Data use provisions in terms of use
  • IP issues
  • Regulated industries
  • Privacy and checkout
  • Privacy rights, agents and verification processes
  • Age-appropriate design
• Intellectual property and content
  • DMCA
  • CDA
• Consumer protection laws
• • Transparency and dark patterns
  • Subscriptions / negative options / auto renewal terms
  • Consumer warranties, e.g., new jersey’s truth-in-consumer contract, warranty, and notice act
  • Accessibility considerations
  • Children
  • Regulated industries
• AI laws
  • Chatbots and generative AI
  • Copyright issues
  • Specialized disclosure requirements for ai use
• Special considerations for mobile devices
  • Adapting to app platform requirements and in-app purchase policies
  • Apps vs. Mobile web

Break | 3:00pm – 3:10pm

III. Key provisions for terms of use | 3:10pm – 3:20pm

• Acceptance and enforceability of clickwrap vs. Browse wrap formation
• User content – responsibility & liability
  • Developing effective content moderation policies
• Prohibited uses and user conduct
• Suppliers and ‘upstream’/’downstream’ requirements
• Limitations of liability
• Indemnities
• Warranties and disclaimers
• Dispute resolution
• Enforceability of limitation clauses in the context of consumer  protection laws
• Amendments

IV. Practical tips, pitfalls, and best practices | 3:20pm – 3:40pm

• Best practices for acceptance and consent
• Common traps
• Monitoring for and managing changes