Legal: Required Pages and Accessibility
all
Persona: legal-compliance
Touchpoint: /privacy, /terms, /refund-policy, /contact
Preconditions
- Legal pages created and accessible
- GDPR, CAN-SPAM, privacy regulations apply
Steps
| # | Action | Expected Result |
|---|---|---|
| 1 | Verify Privacy Policy page exists and is accessible | Page at /privacy. Contains privacy policy. Updated date shown. Covers data handling. |
| 2 | Verify Terms of Service page exists | Page at /terms (or /tos). Full terms visible. Not behind popup or hidden. |
| 3 | Verify Refund Policy page exists | Page at /refund-policy. Refund terms clear. Covers cancellation. |
| 4 | Check privacy policy covers key topics | Topics: data collection, use, sharing, retention, user rights, contact. All present. |
| 5 | Verify GDPR compliance language | Mentions data subject rights, withdrawal of consent, GDPR terminology. |
| 6 | Verify CAN-SPAM footer on marketing emails | Emails include company address, unsubscribe link, CAN-SPAM compliant. |
| 7 | Check cookie consent banner | Banner present on first visit. Explains cookie use. Accept/Reject buttons work. |
| 8 | Verify contact information | Contact page or footer has email and/or phone to reach company for questions. |
Known Failure Modes
- Missing privacy policy — GDPR violation, fines
- Outdated terms — customer challenge expected
- No unsubscribe option — CAN-SPAM violation
- No contact info — customer can't reach company
References
- Playwright spec:
e2e (compliance check) - Code files:
Notes
Legal compliance: Privacy Policy, Terms of Service, Refund Policy, GDPR compliance, CAN-SPAM compliance. These pages are not optional — violations result in fines (GDPR: up to 4% of annual revenue). Update whenever product terms change.