What Do I Review First?
Last Update: 2026/04/25
Disclaimer
This may not apply to every service you review, so apply this on a case-by-case basis.
Priority List
When reviewing a Service, review the Documents in the following order (if available):
- Terms of Service / EULA / License Agreement
- Community Guidelines / Acceptable Use Policy / Rules
- Cookie Policy
- Privacy Policy
- GDPR/CCPA Notices
- Copyright Notice
- …
Reasoning
When reviewing Services, sometimes we get conflicting stuff arising between Documents. This usually happens because some policies give specific information away, which may or may not entail different wordings for the same topic.
The purposes of the two main agreements (ToS and Privacy Policy) are clear[1][2]:
- ToS - Protects the Service.
- Privacy Policy - Protects and informs the user, usually in a way that is convenient to the service.
Subpolicies
The term “subpolicies” is an ad-hoc term I’m using to refer to documents that are not the two main (ToS and Privacy Policy), but can be thought as extensions of each, respectively.
Here are some common “subpolicies” that you may find, and
| “Subpolicy” | Terms of Service | Privacy Policy |
|---|---|---|
| License Agreement |  |
 |
| Community Guidelines | |
|
| Acceptable Use Policy | |
|
| Copyright Notice | |
|
| Cookie Policy | |
|
| Subprocessors | |
|
| GDPR/CCPA/LDPR (or “Do Not Sell My Data”) | |
|
| Targeted Ads | |
|
That being said, the reason why it is important to get the ToS straight before anything else is due to compliance with the law.
Understanding what you can and cannot sue a company for will make you understand how truthful they may or may not be/why they are (not) so vague/dismissive on the rest of the documents! (Among other stuff)
The ToS are, in general and in practice, the baseline for all legal proceedings, including Data Processing.
Of course this is up to debate, and I would like your opinions on this, as I’m not a legal expert.
I will be looking forward to your answers!