Legal Documents
How to create and publish Terms of Service, Privacy Policy, and other legal pages for Lumifeed.
Legal Documents
Lumifeed needs three public legal pages. Many platforms (Google OAuth consent screen, Stripe, Razorpay, app stores) require links to these before you can go live.
Deferred — complete this before launch, not during active development. Generating policies now and then adding features (new third-party services, new data types) means you'll have to regenerate and re-review everything. Do this once the feature set is stable.
Saved context for Termly questionnaire:
- Account: support@lumifeed.app
- Website: lumifeed.app
- Type: SaaS, B2B, collects email/payments, India-based
- App description: "Lumifeed is an AI-powered feedback management platform for software teams. It provides an embeddable widget that collects user feedback on websites and web applications. Collected feedback is analyzed using AI to generate summaries, detect sentiment, identify duplicate submissions, and surface insights. Users can manage feedback through a dashboard, create public roadmaps, publish changelogs, and set up automated workflows. The platform supports user authentication via Google and GitHub OAuth, and processes payments for subscription plans. Feedback data may be processed by third-party AI services for analysis and embedding generation."
- Cookie consent banner: already built at
components/cookie-consent.tsx— just needs/privacypage to exist
Target URLs:
| Document | URL |
|---|---|
| Privacy Policy | https://lumifeed.app/privacy |
| Terms of Service | https://lumifeed.app/terms |
| Cookie Policy (optional) | https://lumifeed.app/cookies |
What You Need
Privacy Policy
Required if you collect any personal data — email, name, IP address, cookies, analytics. Lumifeed collects all of these, so this is mandatory.
Must cover (for GDPR + Indian PDPB compliance):
- What data you collect and why
- How long you keep it
- Third parties you share it with (Google, GitHub, Stripe, Razorpay, Anthropic, Sentry, Vercel, Neon)
- User rights (access, delete, export)
- How to contact you (support@lumifeed.app)
- Cookie usage
Terms of Service
Governs the contract between Lumifeed and users. Must cover:
- Acceptable use / prohibited conduct
- Account termination
- Payment terms, refunds (link to Stripe/Razorpay policy)
- Limitation of liability
- Governing law and jurisdiction — India (Karnataka) recommended for India-first SaaS
Cookie Policy (optional but good practice)
Short page listing cookies set by Lumifeed (session, analytics, etc.). Can be merged into Privacy Policy.
Recommended Approach: Generator + Review
For a bootstrapped SaaS, use a generator to get a solid first draft, then read and adapt it.
Option A — Termly (recommended)
termly.io — free tier covers Privacy Policy + ToS.
- Sign up with support@lumifeed.app
- Add website:
lumifeed.app - Answer the questionnaire (SaaS, B2B, collects email/payments, India-based)
- Download/copy the generated documents
- Host them as Next.js pages (see below)
Termly also provides a cookie consent banner widget if you need GDPR-compliant cookie consent.
Option B — iubenda
iubenda.com — more legally detailed, better for GDPR. Free tier gives you the policy but adds an iubenda badge. Paid (€27/yr) removes the badge.
Option C — getterms.io / Docracy templates
Open-source / free templates. Less tailored but faster. Good starting point if you want full control.
Option D — Lawyer
For a funded or high-revenue product. For a bootstrapped indie SaaS at launch, a generator is fine — update with a lawyer when you raise or hit meaningful MRR.
Hosting the Pages in Next.js
Create two static pages in the marketing route group:
app/(marketing)/privacy/page.tsx
app/(marketing)/terms/page.tsxSimplest approach — paste the generated text as a styled page:
// app/(marketing)/privacy/page.tsx
export default function PrivacyPage() {
return (
<main className="max-w-3xl mx-auto px-6 py-16 prose prose-invert">
<h1>Privacy Policy</h1>
<p className="text-muted-foreground text-sm">Last updated: March 2026</p>
{/* paste generated content here as JSX, or use MDX */}
</main>
);
}Or use MDX files in content/legal/privacy.mdx + content/legal/terms.mdx if you want easy editing without touching code.
Where to Add the Links
Once pages are live, add links in these places:
| Location | What to link |
|---|---|
| Google OAuth consent screen | Privacy Policy URL |
| Stripe Dashboard → Business settings | Privacy Policy + Terms of Service |
| Razorpay Dashboard → Business profile | Privacy Policy + Terms of Service |
| Lumifeed marketing footer | Privacy, Terms (both) |
| Lumifeed sign-up page | "By signing up, you agree to our [Terms] and [Privacy Policy]" |
| Widget Setup page (branding) | Privacy Policy URL (what you're seeing now) |
Minimum Viable Steps to Unblock OAuth / Branding
If you just need URLs to paste into a form right now:
Go to termly.io, create free account, generate Privacy Policy for lumifeed.app (takes ~10 min).
Create app/(marketing)/privacy/page.tsx — paste the content. Deploy to main.
Repeat for Terms of Service → app/(marketing)/terms/page.tsx.
Paste https://lumifeed.app/privacy and https://lumifeed.app/terms into whatever form is asking for them.
Key Disclosures for Lumifeed Specifically
Make sure whichever template you use mentions these third-party services in the Privacy Policy:
- Google / GitHub — OAuth login, may share name + email
- Anthropic — feedback text sent for AI analysis
- Voyage AI — feedback text sent for embedding generation
- Stripe / Razorpay — payment processing, handles card data directly
- Neon — database hosting (AWS ap-southeast-1 / Singapore)
- Vercel — application hosting, logs IP addresses
- Sentry — error tracking, may capture user context
- Trigger.dev — background job processing
Status Tracker
Pre-requisite: Feature set must be stable before starting this checklist.
| Task | Done? |
|---|---|
| Generate Privacy Policy on Termly (use saved description above) | ☐ |
| Generate Terms of Service on Termly | ☐ |
Create app/(marketing)/privacy/page.tsx with generated content | ☐ |
Create app/(marketing)/terms/page.tsx with generated content | ☐ |
Verify cookie consent banner (components/cookie-consent.tsx) links to /privacy | ☐ |
| Marketing footer links added (Privacy + Terms) | ☐ |
| Sign-up page disclaimer added | ☐ |
| Google OAuth consent screen updated | ☐ |
| Stripe business settings updated | ☐ |
| Razorpay business profile updated | ☐ |