What Should I Review First?

Phoenix
, , , ,
1

What Do I Review First?

Last Update: 2026/05/29

Disclaimers

  • This may not apply to every service you review, so apply this on a case-by-case basis.
  • This is subject to change, see the replies from Staff/Curators.

Priority List

When reviewing a Service, review the Documents in the following order (if available):

  1. Terms of Service / EULA / License Agreement
  2. Privacy Policy
  3. Cookie Policy
  4. Community Guidelines / Acceptable Use Policy / Rules
  5. GDPR/CCPA Notices
  6. Copyright Notice

Reasoning

When reviewing Services, sometimes we get conflicting stuff arising between Documents. This usually happens because some policies give specific information away, which may or may not entail different wordings for the same topic.

The purposes of the two main agreements (ToS and Privacy Policy) are clear[1][2]:

  • ToS - A contract between you and the service. Should protect the rights of the service provider and yours aswell.
  • Privacy Policy - Protects, informs and gives the ability to complain about handling of personal information for the user. More often than not, this is done in a way that is convenient for the service provider.

“Subpolicies”

The term “subpolicies” is an ad-hoc term I’m using to refer to documents that are not the two main (ToS and Privacy Policy), but can be thought as extensions of each, respectively.

Here are some common “subpolicies” that you might encounter while reviewing, but keep in mind that this is in no way a comprehensive list:

“Subpolicy” Terms of Service Privacy Policy
License Agreement :white_check_mark: :cross_mark:
Community Guidelines :white_check_mark: :cross_mark:
Acceptable Use Policy :white_check_mark: :cross_mark:
Copyright Notice :white_check_mark: :cross_mark:
Cookie Policy :cross_mark: :white_check_mark:
Subprocessors :cross_mark: :white_check_mark:
GDPR/CCPA/LDPR (or “Do Not Sell My Data”) :cross_mark: :white_check_mark:
Targeted Ads :cross_mark: :white_check_mark:

You might encounter other types of documents not mentioned here, but this should give you an idea of what it talks about.

Conclusion

That being said, the reason why it is important to get the ToS straight before anything else is due to compliance with the law.

Understanding what you can and cannot sue a company for will make you understand how truthful they may or may not be/why they are (not) so vague/dismissive on the rest of the documents! (Among other stuff)

The ToS are, in general and in practice, the baseline for all legal proceedings, including Data Processing.

Of course this is up to debate, and I would like your opinions on this, as I’m not a legal expert.

I will be looking forward to your answers!

  1. Privacy Policy vs Terms and Conditions: Key Differences ↩︎

  2. https://www.privacypolicies.com/blog/privacy-policies-vs-terms-conditions/ ↩︎

6

Its a contract first and for most, it should protect both.

I would move privacy policy to place two.

7

@shadowwwind I have reworded this in a manner I believe to be more proper. Honestly this is a very old post that I’m rebuilding.