Privacy Policy exists, linked from footer and registration, last-updated date

A missing or unlinked Privacy Policy violates GDPR Art. 13 and Art. 14 (which require informing users about data collection at the point of collection), CCPA §1798.100 and §1798.130(a)(5) (which require a publicly accessible privacy policy before collecting personal data), and COPPA §312.4 if your service may be used by children. Collecting email addresses, using analytics, or requiring account creation without a linked Privacy Policy means every data point you hold is potentially unlawfully collected — exposing you to regulatory fines (GDPR: up to 4% of global turnover), class-action suits, and FTC enforcement. The privacy policy must be visible before users submit personal data, not buried in settings post-signup.

Create app/privacy/page.tsx with actual policy content and a hardcoded LAST_UPDATED constant. Link it from your footer and from registration forms before the submit button.

// app/privacy/page.tsx
const LAST_UPDATED = 'February 15, 2026'

export default function PrivacyPolicyPage() {
  return (
    <main className="max-w-3xl mx-auto px-4 py-12 prose">
      <h1>Privacy Policy</h1>
      <p className="text-sm text-muted-foreground">Last updated: {LAST_UPDATED}</p>
      {/* policy content */}
    </main>
  )
}

On your registration form, add before the submit button:

<p className="text-sm text-muted-foreground">
  By creating an account, you agree to our{' '}
  <a href="/terms">Terms of Service</a> and acknowledge our{' '}
  <a href="/privacy">Privacy Policy</a>.
</p>

ID: legal-pages-compliance.required-pages.privacy-policy-exists
Severity: critical
What to look for: Enumerate every relevant item. Search for a Privacy Policy page. Common routes: /privacy, /privacy-policy, /legal/privacy. Verify the page renders actual content (not a placeholder). Check the footer component for a "Privacy Policy" or "Privacy" link pointing to a valid route. Check signup, registration, and account creation forms for a link to the Privacy Policy — users should see the privacy policy before they create an account or submit personal data. Check whether the page displays a "Last updated" or "Effective date" in the heading. Note: this check focuses on existence and linking — detailed privacy policy content quality is covered by the Data Protection Audit.
Pass criteria: At least 1 of the following conditions is met. A Privacy Policy page exists at a dedicated route, renders actual content, displays a "Last updated" or effective date, is linked from the site footer, and is linked from or referenced on the signup/registration flow. Before evaluating, extract and quote the relevant configuration or code patterns found. Report the count of items checked even on pass.
Fail criteria: No Privacy Policy page exists. The page is a placeholder. The footer has no Privacy Policy link. The registration flow has no reference to the privacy policy. No last-updated date is visible on the page.
Do NOT pass when: The item exists only as a placeholder, stub, or TODO comment — partial implementation does not count as passing.
Skip (N/A) when: This check is not skippable. Privacy policies are legally required under GDPR, CCPA, COPPA, and most other privacy regulations for any application that collects personal data — which includes any application with user authentication or analytics.
Cross-reference: For deployment and infrastructure concerns, the Deployment Readiness audit covers production configuration.
Detail on fail: Specify what is missing. Example: "No Privacy Policy page found at /privacy or any equivalent route. No footer link." or "Privacy Policy exists but is not linked from the signup form. Users provide their email without seeing the privacy policy." or "Privacy Policy page found but shows 'Last updated: [DATE]' — placeholder date was never replaced.".

Remediation: Create or complete a Privacy Policy page and link it correctly throughout the application.

For linking from a Next.js registration form:

// app/register/page.tsx — add privacy policy reference near the submit button
<p className="text-sm text-muted-foreground">
  By creating an account, you agree to our{' '}
  <a href="/terms" className="underline">Terms of Service</a>{' '}
  and acknowledge our{' '}
  <a href="/privacy" className="underline">Privacy Policy</a>.
</p>

For the last-updated date, use a constant in the page so it is easy to update:

// app/privacy/page.tsx
const LAST_UPDATED = 'February 15, 2026'

export default function PrivacyPolicyPage() {
  return (
    <main className="max-w-3xl mx-auto px-4 py-12 prose">
      <h1>Privacy Policy</h1>
      <p className="text-sm text-muted-foreground">Last updated: {LAST_UPDATED}</p>
      {/* policy content */}
    </main>
  )
}

For content quality — what your Privacy Policy should say — see the AuditBuffet Data Protection Audit, which covers required privacy policy sections in detail.

Create app/privacy/page.tsx with actual policy content and a hardcoded LAST_UPDATED constant. Link it from your footer and from registration forms before the submit button.

// app/privacy/page.tsx
const LAST_UPDATED = 'February 15, 2026'

export default function PrivacyPolicyPage() {
  return (
    <main className="max-w-3xl mx-auto px-4 py-12 prose">
      <h1>Privacy Policy</h1>
      <p className="text-sm text-muted-foreground">Last updated: {LAST_UPDATED}</p>
      {/* policy content */}
    </main>
  )
}

On your registration form, add before the submit button:

<p className="text-sm text-muted-foreground">
  By creating an account, you agree to our{' '}
  <a href="/terms">Terms of Service</a> and acknowledge our{' '}
  <a href="/privacy">Privacy Policy</a>.
</p>

ID: legal-pages-compliance.required-pages.privacy-policy-exists
Severity: critical
What to look for: Enumerate every relevant item. Search for a Privacy Policy page. Common routes: /privacy, /privacy-policy, /legal/privacy. Verify the page renders actual content (not a placeholder). Check the footer component for a "Privacy Policy" or "Privacy" link pointing to a valid route. Check signup, registration, and account creation forms for a link to the Privacy Policy — users should see the privacy policy before they create an account or submit personal data. Check whether the page displays a "Last updated" or "Effective date" in the heading. Note: this check focuses on existence and linking — detailed privacy policy content quality is covered by the Data Protection Audit.
Pass criteria: At least 1 of the following conditions is met. A Privacy Policy page exists at a dedicated route, renders actual content, displays a "Last updated" or effective date, is linked from the site footer, and is linked from or referenced on the signup/registration flow. Before evaluating, extract and quote the relevant configuration or code patterns found. Report the count of items checked even on pass.
Fail criteria: No Privacy Policy page exists. The page is a placeholder. The footer has no Privacy Policy link. The registration flow has no reference to the privacy policy. No last-updated date is visible on the page.
Do NOT pass when: The item exists only as a placeholder, stub, or TODO comment — partial implementation does not count as passing.
Skip (N/A) when: This check is not skippable. Privacy policies are legally required under GDPR, CCPA, COPPA, and most other privacy regulations for any application that collects personal data — which includes any application with user authentication or analytics.
Cross-reference: For deployment and infrastructure concerns, the Deployment Readiness audit covers production configuration.
Detail on fail: Specify what is missing. Example: "No Privacy Policy page found at /privacy or any equivalent route. No footer link." or "Privacy Policy exists but is not linked from the signup form. Users provide their email without seeing the privacy policy." or "Privacy Policy page found but shows 'Last updated: [DATE]' — placeholder date was never replaced.".

Remediation: Create or complete a Privacy Policy page and link it correctly throughout the application.

For linking from a Next.js registration form:

// app/register/page.tsx — add privacy policy reference near the submit button
<p className="text-sm text-muted-foreground">
  By creating an account, you agree to our{' '}
  <a href="/terms" className="underline">Terms of Service</a>{' '}
  and acknowledge our{' '}
  <a href="/privacy" className="underline">Privacy Policy</a>.
</p>

For the last-updated date, use a constant in the page so it is easy to update:

// app/privacy/page.tsx
const LAST_UPDATED = 'February 15, 2026'

export default function PrivacyPolicyPage() {
  return (
    <main className="max-w-3xl mx-auto px-4 py-12 prose">
      <h1>Privacy Policy</h1>
      <p className="text-sm text-muted-foreground">Last updated: {LAST_UPDATED}</p>
      {/* policy content */}
    </main>
  )
}

For content quality — what your Privacy Policy should say — see the AuditBuffet Data Protection Audit, which covers required privacy policy sections in detail.

Privacy Policy exists, linked from footer and registration, last-updated date

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History

Privacy Policy exists, linked from footer and registration, last-updated date

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History