Skip Navigation

Does a FOSS App need TOS and Privacy Policy?

I'm currently working on a FOSS Discord bot. When I host an official instance of said bot, do I need a TOS and or Privacy Policy, or is a link to the license (in my case GPLv3) enough?

I live in Germany, if that makes a difference.

19 comments
  • Definitely take this all with a grain of salt—I am by no means a legal expert, this is just my advice.

    Privacy Policy

    Required by law in Germany if you are collecting any sort of data about your users (even if it is being collected by a third party through your app, or if it is entirely anonymous data).

    Data Processing Agreement

    Required by law in Germany for the same reasons as the Privacy Policy. This agreement makes it clear how your users’ data is used.

    Cookie Policy

    Required by law in Germany if your application uses cookies of any kind (mostly applies to web app and web technologies)

    Terms of Service

    Highly recommended. This may protect you immensely if and when you end up in a legal situation down the road.

    Other

    Otherwise, you should look into these as well if applicable:

    • EULA (if distributing your app to be run on someone else’s device)
    • DCMA Policy (if you host and share any user-generated content)
    • Return Policy (if you are selling anything)

    These documents matter most if (1) there is money involved or (2) when you are receiving, processing, storing, or sharing user-submitted content or any data about your users. This is because you are less likely to end up in a legal mess if you’re not taking people’s money or data.

    Starting out, you can find templates for these online. A template will be better than nothing at all. Then, if you are able down the road, you can hire a legal professional to write and review your documents for you. A legal professional might recommend more specific documents or different versions of the same document as well.

    Not sure about Germany, but in the United States it’s fairly inexpensive to start an LLC. You can then put legal documents under that new entity instead of your own personal name. This can protect you and your own belongings from any unfortunate financial or legal situations.

    Again, if you’re not receiving money or any user data, you don’t have to worry quite as much. However, it never hurts to play it safe. Mistakes happen and anyone can get sued.

  • Code is not a human/lawyer readable policy, so if you access any sort of user data (and being a Discord bot that people interact with, you do), you'll likely need one. At least for Discord's legal purposes when you register the bot, I would assume.

    Play Store also requires one even if it's open-source. They just blanket require one even if it literally says "this app is a wallpaper and it doesn't even have internet access nor collect any data".

    Big companies just can't understand or picture that some apps are well behaved and don't scrape every bit of data they can get their hands on.

    • Can confirm Discord requires a public-facing privacy policy at least for public bots. Can't remember at what point I had to make one, but it is required for at least some cases.

  • IANAL, and a bit unsure about the following information, but I think you do need a privacy policy if you process someones elses data(like for example their login data, private messages, etc) You may also need an Impressum when hosting the official website for the bot(germany specific, maybe look it up if you actually need to do this)

    I dont think you need a TOS.

    • I do not need an imprint, since I do not make any money from my bot. (Imprint is only required, if the website / service has a profit intensive. Atleast thats the case in Gemany). You are probably right about the privacy policy though.

      Tyvm for your comment

19 comments