Operating a web application without Terms of Service exposes you to unlimited liability for user disputes, leaves your intellectual property unprotected, and violates GDPR Art. 13 and CCPA §1798.100 obligations to inform users of how their data is used. Without a ToS, users have no binding agreement on acceptable use, dispute resolution, or liability limits — meaning any user can bring an uncapped claim against you in any jurisdiction they choose. FTC endorsement guides also require disclosure of material terms before users engage with commercial services. A missing or placeholder ToS is not a paperwork gap; it is an enforceable legal exposure that grows with every user who signs up.
Critical because the absence of a Terms of Service leaves the business with no contractual basis to limit liability, terminate abusive accounts, or enforce any usage rules.
Create an app/terms/page.tsx route that renders actual terms content — not a stub — and link it from your footer. Use a legal template generator (Termly, Terms.io, privacypolicies.com) as a starting point, then have a lawyer review the liability, dispute resolution, and jurisdiction sections before launch.
// app/terms/page.tsx
import type { Metadata } from 'next'
export const metadata: Metadata = {
title: 'Terms of Service',
description: 'The terms and conditions governing use of our service.',
}
export default function TermsPage() {
return (
<main className="max-w-3xl mx-auto px-4 py-12 prose">
<h1>Terms of Service</h1>
<p className="text-sm text-muted-foreground">Last updated: February 2026</p>
{/* Actual terms content — not a placeholder */}
</main>
)
}
Add to your footer component: <a href="/terms">Terms of Service</a>. The page must be publicly accessible without authentication.
ID: legal-pages-compliance.required-pages.tos-exists
Severity: critical
What to look for: Enumerate every relevant item. Search the project for a Terms of Service or Terms of Use page. Common routes: /terms, /terms-of-service, /terms-of-use, /tos, /legal/terms. In Next.js App Router, look for app/terms/page.tsx, app/terms-of-service/page.tsx, app/legal/terms/page.tsx. In Pages Router, pages/terms.tsx or similar. For MDX-based sites, content/terms.mdx or similar. Check footer components for a "Terms," "Terms of Service," or "Terms of Use" link and verify it points to a real route (not / or a # anchor). Open the page component: does it render actual terms content, or is it a blank page, a TODO, a redirect to an external document, or a simple "Coming soon" placeholder?
Pass criteria: At least 1 of the following conditions is met. A Terms of Service or Terms of Use page exists at a dedicated route, renders actual terms content (not a placeholder or stub), is linked from the site footer and/or header, and is accessible without logging in or creating an account. Before evaluating, extract and quote the relevant configuration or code patterns found. Report the count of items checked even on pass.
Fail criteria: No Terms of Service page exists anywhere in the project. A route exists but renders no content or only a placeholder. A link in the footer points to a missing or 404 route. The ToS is only available after login.
Do NOT pass when: The item exists only as a placeholder, stub, or TODO comment — partial implementation does not count as passing.
Skip (N/A) when: This check is not skippable. Every web application that users can access requires Terms of Service. There are no conditions under which this check is N/A.
Cross-reference: For related security patterns, the Security Headers audit covers server-side hardening.
Detail on fail: Specify what is missing or incorrect. Example: "No /terms route or equivalent found. Footer has no Terms link. Application has no Terms of Service." or "app/terms/page.tsx exists but renders placeholder text ('Terms coming soon'). No actual terms content." or "Footer links to /terms but route returns 404.".
Remediation: Create a Terms of Service page. Use a legal template generator (Termly, Terms.io, GetTerms.io, or the free generators at privacypolicies.com) as a starting point, then have a lawyer review it — especially sections around liability, dispute resolution, and jurisdiction.
At minimum, your Terms of Service page should address these structural sections:
Recommended ToS structure:
1. Acceptance of Terms — how users agree (by using the service, by checking a box, etc.)
2. Description of Service — what the product does and who it is for
3. User Accounts — registration requirements, account security, who is responsible for the account
4. Acceptable Use — what users can and cannot do (link to or include your AUP)
5. Intellectual Property — who owns what (your IP, user content ownership)
6. User Content — if applicable: licensing terms for content users submit
7. Payment Terms — if applicable: billing, refunds, subscription changes
8. Disclaimer of Warranties — service provided "as is"
9. Limitation of Liability — cap on damages you owe users
10. Dispute Resolution — arbitration, mediation, or litigation; jurisdiction
11. Governing Law — which state/country's laws apply
12. Changes to Terms — how you notify users of updates
13. Contact Information — how to reach you with questions
Wire up the page in Next.js App Router:
// app/terms/page.tsx
import type { Metadata } from 'next'
export const metadata: Metadata = {
title: 'Terms of Service',
description: 'The terms and conditions governing use of our service.',
}
export default function TermsPage() {
return (
<main className="max-w-3xl mx-auto px-4 py-12 prose">
<h1>Terms of Service</h1>
<p className="text-sm text-muted-foreground">Last updated: February 2026</p>
{/* Your terms content here */}
</main>
)
}
Add to your footer component:
// components/Footer.tsx
<nav aria-label="Legal">
<a href="/terms">Terms of Service</a>
<a href="/privacy">Privacy Policy</a>
</nav>