Refund or cancellation policy exists and accessible before purchase

Why it matters

The EU Consumer Rights Directive (EU-CRD-2011/83/EU) requires that refund and cancellation terms be disclosed clearly before any purchase is completed. In the US, the FTC ROSCA Act mandates that negative option offers — including subscriptions — clearly disclose cancellation terms upfront. Accepting payment without disclosing your refund and cancellation policy puts you at risk of chargebacks, payment processor disputes, and regulatory action from the FTC or EU consumer protection authorities. A payment processor who sees elevated chargeback rates due to undisclosed terms may terminate your merchant account entirely.

Remediation

Add a refund policy as a standalone page at /refund-policy or as a clearly labeled section in your Terms of Service. Link to it from your pricing page and any checkout flow.

// app/pricing/page.tsx — add near pricing cards or CTA
<p className="text-xs text-muted-foreground text-center mt-4">
  All plans include a 30-day money-back guarantee.{' '}
  <a href="/refund-policy" className="underline">See refund policy.</a>
</p>

The policy must specify: the refund eligibility window, what is not refundable (renewals, consumed add-ons), how to request a refund (email address, response time), and what happens to the account after cancellation (access through end of period vs. immediate termination).

Detection

ID: legal-pages-compliance.required-pages.refund-policy-exists
Severity: high
What to look for: Enumerate every relevant item. Check whether the application has any payment or subscription features. If it does, look for a refund or cancellation policy. It may be a standalone page (/refund, /refund-policy, /cancellation, /cancellation-policy) or a clearly labeled section within the Terms of Service. Check the checkout and pricing pages for a link or inline reference to the refund policy — users should be able to find it before completing a purchase. Verify the policy describes: the refund eligibility window (e.g., 30-day money-back guarantee), the refund process (how to request), any non-refundable conditions, and what happens to the account upon cancellation (data retention, grace period).
Pass criteria: At least 1 of the following conditions is met. A refund or cancellation policy exists (standalone page or ToS section). It is accessible without authentication. It is linked from or summarized on the pricing page and/or checkout flow. The policy specifies the refund window, process, and cancellation terms.
Fail criteria: Application accepts payments but has no refund or cancellation policy. Policy exists but is not accessible from the pricing page or checkout. Policy exists but contains no specific terms — only "contact us for refund requests" with no criteria.
Skip (N/A) when: The application has no payment features — no subscriptions, no one-time purchases, no premium tiers. Detection signal: no Stripe, LemonSqueezy, Paddle, or payment provider dependencies found in package.json, and no checkout or billing routes in the project.
Cross-reference: For broader data handling practices, the Data Protection audit covers data lifecycle management.
Detail on fail: Specify the issue. Example: "Stripe integration found (checkout route, subscription management). No refund policy page or section found anywhere in the project." or "Refund policy exists in ToS but pricing page (/pricing) has no link or reference to it — users cannot find terms before purchasing." or "Policy found but states only 'Contact us' with no criteria or timeline for refund eligibility.".

Remediation: Add a refund policy — either as a standalone page or as a section in your Terms of Service — and link to it from your pricing and checkout pages.

Example refund policy structure:

Refund and Cancellation Policy

Refund Eligibility
We offer a [X]-day money-back guarantee for all new subscriptions. If you are not satisfied
with [Product Name] within [X] days of your initial purchase, contact us at
support@example.com and we will issue a full refund, no questions asked.

Refunds are not available for:
- Renewals after the initial subscription period
- Partial months of service
- Add-on purchases used or consumed

Cancellation
You can cancel your subscription at any time from your account settings page.
Cancellation takes effect at the end of your current billing period. You will retain
access to paid features until then. We do not issue prorated refunds for cancellations
mid-period unless within the money-back guarantee window.

How to Request a Refund
Email support@example.com with subject "Refund Request" and include your account email
and the reason for your request. We process refund requests within 5 business days.

Link from pricing page:

// app/pricing/page.tsx — add near the CTA or pricing cards
<p className="text-xs text-muted-foreground text-center mt-4">
  All plans include a 30-day money-back guarantee.{' '}
  <a href="/refund-policy" className="underline">See refund policy.</a>
</p>

Why it matters

Remediation

Add a refund policy as a standalone page at /refund-policy or as a clearly labeled section in your Terms of Service. Link to it from your pricing page and any checkout flow.

// app/pricing/page.tsx — add near pricing cards or CTA
<p className="text-xs text-muted-foreground text-center mt-4">
  All plans include a 30-day money-back guarantee.{' '}
  <a href="/refund-policy" className="underline">See refund policy.</a>
</p>

Detection

ID: legal-pages-compliance.required-pages.refund-policy-exists
Severity: high
What to look for: Enumerate every relevant item. Check whether the application has any payment or subscription features. If it does, look for a refund or cancellation policy. It may be a standalone page (/refund, /refund-policy, /cancellation, /cancellation-policy) or a clearly labeled section within the Terms of Service. Check the checkout and pricing pages for a link or inline reference to the refund policy — users should be able to find it before completing a purchase. Verify the policy describes: the refund eligibility window (e.g., 30-day money-back guarantee), the refund process (how to request), any non-refundable conditions, and what happens to the account upon cancellation (data retention, grace period).
Pass criteria: At least 1 of the following conditions is met. A refund or cancellation policy exists (standalone page or ToS section). It is accessible without authentication. It is linked from or summarized on the pricing page and/or checkout flow. The policy specifies the refund window, process, and cancellation terms.
Fail criteria: Application accepts payments but has no refund or cancellation policy. Policy exists but is not accessible from the pricing page or checkout. Policy exists but contains no specific terms — only "contact us for refund requests" with no criteria.
Skip (N/A) when: The application has no payment features — no subscriptions, no one-time purchases, no premium tiers. Detection signal: no Stripe, LemonSqueezy, Paddle, or payment provider dependencies found in package.json, and no checkout or billing routes in the project.
Cross-reference: For broader data handling practices, the Data Protection audit covers data lifecycle management.
Detail on fail: Specify the issue. Example: "Stripe integration found (checkout route, subscription management). No refund policy page or section found anywhere in the project." or "Refund policy exists in ToS but pricing page (/pricing) has no link or reference to it — users cannot find terms before purchasing." or "Policy found but states only 'Contact us' with no criteria or timeline for refund eligibility.".

Remediation: Add a refund policy — either as a standalone page or as a section in your Terms of Service — and link to it from your pricing and checkout pages.

Example refund policy structure:

Refund and Cancellation Policy

Refund Eligibility
We offer a [X]-day money-back guarantee for all new subscriptions. If you are not satisfied
with [Product Name] within [X] days of your initial purchase, contact us at
support@example.com and we will issue a full refund, no questions asked.

Refunds are not available for:
- Renewals after the initial subscription period
- Partial months of service
- Add-on purchases used or consumed

Cancellation
You can cancel your subscription at any time from your account settings page.
Cancellation takes effect at the end of your current billing period. You will retain
access to paid features until then. We do not issue prorated refunds for cancellations
mid-period unless within the money-back guarantee window.

How to Request a Refund
Email support@example.com with subject "Refund Request" and include your account email
and the reason for your request. We process refund requests within 5 business days.

Link from pricing page:

// app/pricing/page.tsx — add near the CTA or pricing cards
<p className="text-xs text-muted-foreground text-center mt-4">
  All plans include a 30-day money-back guarantee.{' '}
  <a href="/refund-policy" className="underline">See refund policy.</a>
</p>

Refund or cancellation policy exists and accessible before purchase

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History

Refund or cancellation policy exists and accessible before purchase

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History