Are you ready to leave Etsy, Facebook Marketplace, or another third-party platform behind and launch your own e-commerce website? Then this post is for you! Below, we cover what’s involved in legally launching an e-commerce website. So you can confidently launching knowing all your legal ducks are in a row

The seven steps to legally launching an e-commerce website

• Make sure the “bare minimum” legal tasks are done
• Learn how to navigate the sales tax minefield
• Determine if California’s Proposition 65 applies to your products
• Create a privacy policy
• Create a terms of service
• Decide if you need a cookie pop-up
• Create a process to use reviews and testimonials

#1: Make sure the “bare minimum” legal tasks are done

There are six must-do tasks for every creative business. These tasks aren’t outlined below, because we are operating under the assumption that you’ve already knocked them out. These include: 

• a business bank account
• an EIN from the IRS
• a business license
• doing business as (DBA) or fictitious business name (FBN)–where required
• business liability insurance

You’ll need to do these tasks to accomplish some of the items below. So if you don’t have these, make sure you grab my book where I hold your hand and walk you step-by-step through getting all six of these must-do legal tasks done.

#2: Learn how to navigate the sales tax minefield

Before 2017, figuring out if you did or didn’t have to collect sales tax on an online order was straightforward. You collected sales tax on an online order if you answered yes to any of these questions:

• Was the product being shipped to someone in your state?
• Was the product being shipped to someone in the state where your warehouse/drop shipper was located?
• Was the product being shipped to someone in the state where your employee was located?
• Was the product being shipped to someone in the state where your affiliate was located?

These questions are all aimed at deciding if you have a “physical” presence in a state.

And since most creative business owners only had a physical presence in one state, it was simple. 

However, this all changed in 2017 when the Supreme Court handed down its decision in South Dakota v. Wayfair.

This decision said that states could require online sellers to remit sales tax if they had a physical presence in the state OR significant economic ties.

Since this ruling 46 states, the District of Columbia, and Puerto Rico have passed laws outlining what significant economic ties mean. And when these thresholds are met, online sellers are required to collect (and remit) sales tax for all sales made in that location.

You can reach these thresholds either by selling:

• A specific dollar amount within the state (ranges from $10,000 to $500,000)
• A specific number of transactions within the state (ranges from 100 to 200 transactions)

This means there now is a crazy matrix of laws that you have to consider to decide if you need to collect sales tax on an online order. (You can see all the current laws here.)

What do you have to do to navigate this minefield?

1. Verify if your products/services are taxable in each state.
2. Decide which states you have a physical presence in.
3. Decide where you meet the economic thresholds for states where you don’t have a physical presence.
4. Register for a sales tax permit in those states.
5. Collect sales tax for all sales made to those states.
6. Report and file sales tax returns for those states.

Verify if your products/services are taxable in each state

Not all products and services are subject to sales tax and each state is different on what is and isn’t taxable.

For example, in: 

• California e-books aren’t taxed, but they are in Colorado.
• California clothing isn’t taxed, but it is in New York if it costs more than $110.
• In Massachusetts shipping isn’t taxable, but it is in New York.

So your first step is to determine which states your products or services would be subject to sales tax. Because if it’s not subject to a sales tax, then you’ll never need to comply with that state’s rules.

Decide which states you have a physical presence in

You are required to collect sales tax for any state where you have a physical presence.

This includes:

• the state where your studio/office is
• the state where your employees live
• the state where your warehouse is located

Additionally, when you attend craft shows or other in-person events, you might be required to collect sales tax and remit it to that state, even if you are only temporarily selling there.

For example, if you sell at Renegade in both San Francisco and Chicago and don’t live in either of those states, you are required to register for a permit in both California and Illinois to collect sales tax on sales made at these events.

You can see the list of which states require you to collect sales tax for events here.

So you’ll need to collect sales tax whenever you sell an eligible product and you have physical ties to that state.

Decide which states you have significant economic ties in

Since Wayfair, you are now subject to sales tax on those eligible products and services in states where you both have a physical presence and have significant economic ties.

This means you need to set up a system to track both the sales volume and dollar amount of sales to each state.

Your bookkeeping or POS system will easily be able to spit out these reports. If not, it might be time to consider upgrading.

Of course, this isn’t a one-and-done situation. It’s something you’ll regularly have to monitor because it will change over time. 

In some states, you only need to determine this on a calendar year basis, but other states require you to calculate this based on sales over the previous several months.

These reports will allow you to determine which states you meet the sales tax thresholds for and are required to collect (and remit) sales tax.

You can see the list of each state’s thresholds here.

Register for a sales tax permit in those states

Now that you know which states you have both physical and economic ties to, you need to register with each state so that you can remit the sales tax you collect.

Once again, states don’t make this easy! Each state has a slightly differently named tax agency (often the Department of Revenue) and process.

The good news is that there is a streamlined process in 24 states to make it easier for you to get, collect, and report sales tax. You can learn more about the streamlined process here.

To obtain a sales tax permit you’ll likely need:

• Your business contact information
• Your EIN
• Your business type
• Your NAICS code (you should be able to find this on your tax return!)

Collect sales tax for all sales made to those states

Now that you know where sales tax must be collected and you have the permit, you have to collect it. To do this, you’ll need to set up your shopping cart to collect sales tax on all sales made to those states.

Report and file sales tax returns for those states

Finally, you’ll have to report and file your sales tax returns in all the states you are collecting sales tax.

#3: Determine if California’s Proposition 65 applies to your products

California requires that businesses warn consumers if their products contain chemicals that could cause cancer or birth defects.

While California recently changed the requirements around what the warning label must look like, they did not change the exemption for businesses with less than 10 employees.

So as long as your business has 9 or fewer employees, you do not have to comply with this law.

Once you cross this threshold, you’ll be required to provide a warning meeting the requirements for all products that contain chemicals that are on the current list of Prop. 65 hazardous chemicals.

#4: Create a privacy policy

A privacy policy is just a simple way to build trust and transparency with your online visitors. And don’t worry it doesn’t have to be that legal jargon-stuffed, terrible, long thing that you might be picturing in your head.

Here in the United States, there isn’t a nationwide privacy law, instead, you’ll have to comply with the privacy laws of several states. Additionally, your online shop might need to comply with the stricter privacy laws of other countries.

This means if you plan on shipping your products to a country (or accept another country’s currency) then you’ll also need to comply with the privacy laws of that country.

Here are the nine questions your privacy policy should answer:

1. Who is collecting the data? (You and what third-party partners?)
2. What information is collected based on the actions I take? (For example, purchase information or email list signup.)
3. What information is collected automatically? (For example, analytics or advertising information.)
4. How do you share the information collected? (And the answer isn’t, “You never share the information with anyone.”)
5. How do you use the information collected?
6. How do you protect your visitors and customers’ information?
7. How does collecting this information help your visitors and customers?
8. How can I learn what information you have about me?
9. How can I opt out?

You can answer these questions to create a simple privacy policy (or you can grab my Mad Libs template here.)

#5: Create a terms of service

Now you’ll turn to handling the second website policy that you might want, and that’s the terms of service.

Terms of service is just a fancy name for a contract. It’s a contract that we have with our website visitors, with our website purchasers, that says these are the ground rules of what our relationship looks like. That’s all we do with the terms of service. 

And the reason a terms of service is great is that it can help us when we’re dealing with somebody who’s maybe a little unreasonable and we want to have enforceable policies that we can use to say, “Unfortunately, based on the contract, based on our terms of service, you can’t have what you want but this is what I can offer in return.” So a terms of service is there to be our backup, to be our little stick, if and when we’re dealing with an unreasonable customer. 

Why can’t you just have shop policies?

Shop policies are great, but shop policies are just policies. And to make your shop policies enforceable, you have to turn them into a contract.

The short version of why shop policies aren’t an enforceable contract is that you can’t prove that your website visitor agreed to your terms.

This is why every time you sign up for a new service, they make you check that “I agree to your terms” checkbox. That little checkbox turns shop policies into an enforceable contract. 

So what you’re going to do is go ahead and create your policies and then you’re going to institute a process where they check that little box during checkout. And then all of a sudden you’ve got enforceable terms of service that you can use against that unreasonable customer.

How to write your terms of service

Unlike your privacy policy, you probably have a lot of your terms of service already written.

Because you are just going to pull from your existing policies. This might be your:

• e-commerce shop policies
• wholesale policies
• custom work policies
• returns and exchange policies

All of those policies that go along with purchasing your product or service. And policies (or rules) you want to make enforceable, you’ll put in your terms of service.

If you don’t have policies, one way to create them is to sit down and think about the process from start to finish. What’s the step-by-step process from someone landing on your website to becoming a repeat purchaser? What common kinks or snafus happen and how do you deal with them?

And then you’ll write out those rules and post them on your website.

#6: Decide if you need a cookie pop-up

Currently, the UK and the EU are the only places that require cookie notifications.

California’s version of GDPR, called CCPA, requires you to give website visitors the option to opt out of non-essential cookies. However, because of the functionality of the most widely available tools, it’s often easier to accomplish this by providing a cookie pop-up. 

However, CCPA rarely applies to small businesses because it requires that you either have more than $25 million in revenue, earn 50% or more of your revenue from selling personal data, or receive the personal information of more than 50,000 California residents.

So if you are targeting customers or ship products to the EU or the UK, or accept the Euro or the Pound sterling, then you will need at minimum a cookie consent for all UK and EU website visitors.

The EU cookie rules (called PECR) require that you get clear consent for any non-essential cookies.

Cookies that are considered “essential” include those things required to make your website visitor’s experience easier, like:

• cookies that your website installs to remember what a visitor has added to the shopping cart
• cookies that your website installs to remember that a visitor has logged into his/her account
• cookies that cache a page so that it can load quicker

But the following are “non-essential” cookies and you must get permission for them:

• analytics cookies or cookies that track which pages visitors visit
• email marketing cookies or cookies that track if they’ve clicked on links in your emails
• ad cookies or cookies that track if you’ve visited a website to deliver an ad

If you need to comply, then like always, it’s great to turn to see how major brands handle things! (Because they have in-house legal teams to make sure they are compliant!)

So go to your favorite EU e-commerce site and view the UK version (not the US version). And see what their pop-up says.

I’ve also found the resources from the UK’s Information Commissioner’s Office incredibly helpful and easy to understand.

#7: Create a process to use reviews and testimonials

The final step to legally launching an e-commerce website that I want to address is how to use the stories of your happy clients or customers to generate more online sales.

Typically, there are two kinds of feedback that businesses use as proof that they have a product or service worth buying: reviews and testimonials.

What’s the difference between the two?

Both are used to encourage sales and might be used in your marketing materials, but who is in control of the content is the main difference.

Reviews express the experiences of both satisfied and unsatisfied customers. Reviews are often hosted on a third-party website and businesses don’t have the opportunity to delete bad reviews, only respond to them. So in the case of reviews, the customer is in control of the content.

Testimonials, on the other hand, are curated by you, the business owner. Sometimes, they are solicited by you, but testimonials are hand-picked nuggets of goodness from your very best, most satisfied customers. So with testimonials, you are in control of the content.

Because reviews and testimonials are generally short, copyright isn’t the primary issue you should be concerned about when it comes to using them.

Instead, you need to be concerned about a little-known law called Right of Publicity.

Right of Publicity says that we as individuals have the right to control how our name, likeness, photograph, or the like is used to sell someone else’s products or services.

Now, of course, this makes sense when it comes to celebrities. I can’t just slap Kim Kardashian’s name on something. Because people will buy it because they say, “I love everything associated with Kim Kardashian. I’m gonna buy that product.”

But the same thing happens when you see someone that you have a business crush on as a testimonial on someone’s web page. The same thing happens when you see a review from a mom in your child’s class about how she’s using this product with her child. 

While on a smaller scale, they still help sell your products or services.

And because of that, in most states, I have the right to control how you use me to sell your products or services.

Where this right of publicity thing gets a little bit complicated, is that it is controlled on a state-by-state basis.

Not every state says that it exists. And every state that does say it exists, interprets it just a little bit differently.

To add a layer of complexity, it’s not about where your business is based. But about where the person who said it lives.

So the easiest way to avoid figuring out if the person who said it lives in a state with a law, is to get permission.

Because every single one of these laws says it’s not an issue if the person has granted permission.

How to get permission to add reviews to your website

If you’ve installed a plug-in or tool to your website that allows customers to leave reviews, then by leaving the review you have implied permission to post it on your website. (Because that’s why they are leaving it!)

However, if you want to include some of your awesome reviews every few weeks on Instagram, then you’ll need permission. Because you don’t have implied permission to do anything else with it other than have it appear on your website.

Luckily, this is an easy fix. All you need to do is include how else you want to use these reviews in your terms of service and have them agree to it as part of the review process.

A final note, they are only truly reviews if you don’t hide, delete, or filter out the less-than-stellar reviews. You can respond to the negative reviews and try to solve the issue, but making it so that some appear while others don’t mean you aren’t really allowing reviews.

How to get permission to add testimonials to your website

If someone sends you an email, sends you an Instagram Message, or leaves a comment on your social media account that would make a good testimonial, then you need to get permission to use it!

But all you need to do is come up with a canned response that you can send off asking for permission.

Here’s mine…

Hey [NAME], thanks so much for that love note! You totally made my day by telling me how much [WHAT THING] impacted you. 

The law is a scary subject for creative business owners and sharing successful experiences, like yours, of tackling the legal aspects is a really powerful motivator to encourage others to do it as well. 

So based on what you said I crafted this little blurb and I would love to [HOW I WANT TO USE IT]. Would that be okay?

[INSERT BLURB]

-kiff

That’s all you need to do. It doesn’t need to be something long and complex. You don’t need them to sign a contract.

You just need to:

• tell her how you’d like to use it
• tell her what you’d like to use
• ask her if she’s okay with that

If she never responds to your email, you just won’t put it up.

If she responds, which she probably will, and says yes, then go ahead and use it.

Checklist to legally launching an e-commerce website

Whew! I know that there’s a lot to legally launching an e-commerce website. So here’s a summary of the items we discussed above.

• Grab a copy of my book to make sure you’ve covered the bare minimum legal tasks
• Get your sales tax ducks in a row
  • If you make a physical product that you charge sales tax for, get a sales tax certificate for your state
  • Go through the six steps to decide which states you must collect and remit sales tax to
  • Get a sales tax certificate for any other state you need to collect sales tax in
• If you have 10 or more employees, create a warning label for all products that must be Proposition 65 compliant.
• Create website policies
  • Grab a copy of the Website Policies Mad Libs template.
  • Open your website dashboard so you can poke around and get ideas about what services, plug-ins, and partners you use to run your business.
  • Play Mad Libs and fill in the blanks to create your privacy policy!
  • Open your website dashboard so you can poke around and get ideas about what topics your terms should cover.
  • Play Mad Libs and fill in the blanks to create your terms of service!
• If you target those in the UK or the EU, create a pop-up that obtains consent for the cookies on your website.
• Create a process to collect and use testimonials and reviews.