Privacy policy or terms of service linked
Why it matters
GDPR Article 13 requires informing users about data collection at the point of collection. CCPA §1798.100 grants California residents the right to know what data is collected and to opt out — both rights are only exercisable if users can find your privacy policy. Beyond legal requirements, major ad networks (Google, Meta), payment processors (Stripe, PayPal), and app stores (Apple, Google) require a linked privacy policy to approve accounts and maintain access. Launching without visible legal links exposes the business to regulatory fines, platform bans, and loss of payment processing — not just reputational risk.
Severity rationale
Critical because absent legal links constitute a regulatory compliance failure under GDPR and CCPA, and trigger automatic rejection or suspension by ad networks, app stores, and payment processors.
Remediation
Add privacy policy and terms of service links in your site footer, visible on every page:
<footer>
<a href="/privacy">Privacy Policy</a>
<a href="/terms">Terms of Service</a>
</footer>
In Next.js, create app/privacy/page.tsx and app/terms/page.tsx. Use a free generator (Termly, Iubenda, PrivacyPolicies.com) if you do not have legal documents yet — a generated policy is far better than none. Your privacy policy must cover at minimum: what personal data you collect, how you use it, who you share it with, and how users can request deletion. Links with href="#" or href="javascript:void(0)" do not satisfy this check — the links must point to actual pages.
Detection
-
ID:
legal-links -
Severity:
critical -
What to look for: Enumerate all anchor tags (
<a>) in the HTML whosehrefattribute or visible text content contains any of these 7 keywords (case-insensitive): "privacy", "terms", "legal", "tos", "cookie policy", "cookie notice", "gdpr". Count the total number of matching links found. For each match, note whether it links to an internal page or an external URL. -
Pass criteria: At least 1 anchor tag is found whose
hrefor visible text matches any of the 7 legal keywords listed above. The link must have a non-emptyhrefthat points to an actual page (nothref="#"orhref="javascript:void(0)"). Report the count of legal links found and their destinations. -
Fail criteria: 0 anchor tags match any of the 7 legal keywords in either their
hrefor visible text content. -
Skip (N/A) when: The response
Content-Typeis not HTML (e.g., JSON API endpoint). -
Error when: SPA detected.
-
Detail on fail:
"No privacy policy or terms of service link found — required for user trust and many ad networks" -
Remediation: Privacy policies and terms of service are legally required in many jurisdictions (GDPR, CCPA) and by most ad networks, payment processors, and app stores. Add links in your footer:
<footer> <a href="/privacy">Privacy Policy</a> <a href="/terms">Terms of Service</a> </footer>Free privacy policy generators: Termly, PrivacyPolicies.com, Iubenda. For Next.js, create
app/privacy/page.tsxandapp/terms/page.tsxwith your legal text. At minimum, cover: what data you collect, how you use it, and how users can request deletion.
External references
- gdpr · Art. 13 — Information to be provided where personal data are collected from the data subject
- ccpa · §1798.100 — Consumer Right to Know / Disclosure
Taxons
History
- 2026-04-18·v1.0.0·Initial import from site-health-check·automated