.svg)
.webp)
Running an online store involves more than great products and smooth checkout systems. Whether you're selling handmade goods through Shopify, digital downloads from your own platform, or subscription boxes through WooCommerce, you have legal obligations covering customer data, refund rights, and how you communicate your commercial terms.
Getting your legal foundations right protects your business from disputes, supports compliance with Australian Consumer Law, and builds customer confidence in your brand. Let's work through what you actually need and how to implement it properly for your online store.
Your e-commerce legal requirements depend on what and how you sell. Physical products have different refund obligations than digital downloads. Subscription models require clear recurring billing terms. International sales add complexity around applicable consumer protection laws. Your legal documents need to reflect your actual business model and operational reality.
Australian Consumer Law applies regardless of your platform or business size. If you're selling to Australian customers, consumer guarantees apply. This means certain rights can't be excluded even if your terms say otherwise. Refund policies must comply with mandatory consumer rights for goods and services, and you can't contract out of these obligations.
Your automated systems must align with your legal terms. Order confirmation emails, payment processor messages, and platform-generated receipts often contradict website terms. If your Stripe confirmation says "no refunds" but your Terms of Sale allow refunds within 14 days, you've created confusion and potential compliance problems.
Privacy compliance isn't optional if you collect customer information. Taking names, email addresses, delivery details, or payment information means you're collecting personal information under Australian privacy law. You need a privacy policy that accurately describes how you handle this data, and it needs to be accessible before customers provide their information.
Missing or unclear terms create vulnerability to disputes and chargebacks. When shipping times aren't specified, refund processes aren't clear, or digital product access limits aren't defined, you're exposed to customer complaints and payment disputes. Clear terms set expectations and give you something to refer to when issues arise.
Your legal documents should work together as a system. Terms of Sale, Privacy Policy, Refund Policy, and Website Terms need to be consistent with each other and with how you actually operate. Contradictions between documents create confusion and weaken your legal position if disputes escalate.
Work with your lawyer to ensure your legal documents reflect how you actually run your store. Review your customer journey from product page through to post-purchase communication, checking that legal terms are accessible and consistent throughout. Pay particular attention to the alignment between your platform's automated messages and your own terms. Focus on clarity around refunds, delivery timeframes, and what happens if something goes wrong. If you're selling digital products, subscription services, or internationally, make sure your terms address the specific considerations these models require. Your goal is legal documents that protect your business while supporting customer confidence and operational clarity.
Online transactions carry specific legal risks that physical retail doesn't face in the same way. You're handling digital payments, collecting personal information, making delivery commitments, and managing refunds and returns without face-to-face customer interaction. When terms aren't clear or are missing entirely, you're exposed to disputes, chargebacks, and potential breaches of consumer protection laws.
Strong legal foundations do more than keep you compliant. They set clear expectations with customers, provide guidance for your team when issues arise, and demonstrate professionalism that builds trust with your market. In working with e-commerce businesses, I've seen how the right legal structure makes operations smoother and disputes easier to resolve.
Australian Consumer Law establishes mandatory consumer guarantees that apply to all sales to Australian customers, regardless of what your terms say. These include guarantees that goods are of acceptable quality, fit for purpose, and match their description. Services must be provided with due care and skill.
For e-commerce businesses, this means several practical considerations. You can't exclude these consumer guarantees in your Terms of Sale. Your refund policy needs to accommodate mandatory refund rights when consumer guarantees aren't met. Statements like "no refunds" or "all sales final" don't override these legal obligations.
The Australian Competition and Consumer Commission enforces these requirements and can take action against businesses with misleading terms or practices. This applies whether you're a sole trader running a small Etsy store or a larger operation with your own platform.
Your choice of e-commerce platform affects your legal requirements in practical ways. Shopify, WooCommerce, BigCommerce, and custom platforms each have their own terms of service that impose obligations on you as a store owner. You need to ensure your legal documents don't conflict with platform requirements.
Many platforms require you to have specific policies in place. Payment processors like Stripe and PayPal have their own compliance expectations, particularly around refund and dispute handling. If you're using third-party apps for reviews, shipping, or customer service, those integrations may have additional legal implications for data handling and customer communications.
It's worth reviewing your platform's merchant terms alongside your own legal documents to check for inconsistencies or gaps. Sometimes platform requirements are more stringent than what you'd otherwise need, and your terms should reflect the actual obligations you're operating under.
Your Terms of Sale establish the commercial relationship with customers. This document covers pricing, payment methods, when a sale is actually formed, delivery processes, and what happens with refunds or cancellations. It should reflect how you actually operate and include clear processes for resolving disputes.
Key elements include:
Order acceptance and contract formation. Clarify when a binding contract is formed—typically when you confirm the order rather than when the customer clicks "buy." This matters if you need to cancel orders due to pricing errors or stock issues.
Pricing and payment terms. Specify whether prices include GST, what payment methods you accept, and when payment is processed. If you use currency conversion for international sales, explain how exchange rates are applied.
Delivery timeframes and responsibilities. Set clear expectations about shipping times, who bears the risk during transit, and what happens if items are damaged or lost. If you use third-party couriers, clarify responsibility for delivery failures.
Refund and cancellation rights. Your policy must comply with Australian Consumer Law while also addressing your operational reality. Different rules may apply to change-of-mind returns versus faulty goods. Digital products often have different refund considerations than physical goods.
Dispute resolution. Include a clear process for handling complaints, specify which jurisdiction's laws apply, and consider whether you'll use alternative dispute resolution before litigation.
If you collect any personal information—and you do if you take names, emails, addresses, or payment details—Australian privacy law requires you to have a privacy policy. This document must accurately describe how you collect, use, store, and disclose personal information.
Your privacy policy needs to cover:
What information you collect. Include both information customers provide directly (names, addresses, payment details) and information collected automatically (IP addresses, browsing behaviour, cookies).
How you use customer information. Common uses include processing orders, sending receipts, managing customer accounts, marketing communications, and improving your website. Be specific about your actual practices.
Who you share information with. This typically includes payment processors, shipping providers, email marketing platforms, and analytics services. Name the types of third parties rather than trying to list every specific provider.
How customers can access or correct their information. Explain the process for customers who want to review or update their personal details, or request deletion of their data.
Data security measures. Describe how you protect customer information, including encryption for payment data, secure storage practices, and access controls.
Cookie usage and tracking. If you use cookies for analytics, retargeting, or functionality, explain what's being collected and allow customers to manage their preferences where practical.
Your privacy policy should be accessible before checkout, typically linked in your website footer and near any information collection points.
Website Terms of Use govern how people interact with your site beyond making purchases. This becomes especially important if you have customer accounts, user-generated content, downloadable resources, or any interactive features.
These terms typically address:
Acceptable use of your website. What users can and can't do with your content, restrictions on automated access or scraping, and prohibitions on misuse.
Intellectual property rights. Clarify that your website content, product images, and branding remain your property. If you allow users to post reviews or content, address who owns that material and what rights you have to use it.
Account security and responsibilities. If customers create accounts, set out their obligations to keep login details secure and your rights to suspend or terminate accounts for misuse.
Liability limitations. Within legal boundaries, limit your liability for website downtime, inaccuracies in content, or issues arising from third-party integrations.
Links to third-party sites. If you link to other websites or integrate third-party tools, clarify that you're not responsible for their content or practices.
This policy requires particular care because it directly affects customer expectations and your Australian Consumer Law obligations. It needs to be visible before purchase and written in clear language customers actually understand.
Refunds for faulty goods. Australian Consumer Law gives customers refund rights when products are faulty, don't match their description, or aren't fit for purpose. Your policy can't override these rights but should explain how customers access them.
Change of mind returns. You're not legally required to accept change-of-mind returns unless you've offered to, but many businesses do. If you offer this, specify timeframes (common practice is 14-30 days), condition requirements (unworn, with tags, in original packaging), and whether you charge restocking fees.
Shipping and delivery terms. Set clear expectations about delivery timeframes, shipping costs, and who bears the risk if items are lost or damaged in transit. If you ship internationally, address customs charges and import duties.
Digital products. Refunds for digital products are complex under Australian Consumer Law. You can limit refund rights in some circumstances, but you need to be clear about access limits, download restrictions, and what happens if the product is defective.
Process for requesting refunds. Explain exactly how customers initiate returns—who they contact, what information they need to provide, and what timeframe they can expect for resolution.
Make sure your automated order confirmations and receipts don't contradict this policy. If your policy allows refunds within 14 days but your Shopify confirmation email says "no refunds," you've created legal inconsistency and customer confusion.
If your site displays customer reviews or testimonials, you're responsible for ensuring they're genuine and not misleading. Australian Consumer Law prohibits selectively showing only positive reviews or editing out negative feedback in ways that mislead potential customers.
If you moderate reviews, be transparent about your process. Have clear, consistent criteria for what you remove (such as abusive language or spam) versus legitimate criticism. Don't remove negative reviews simply because they're negative—that can constitute misleading conduct.
If you incentivise reviews (offering discounts for reviews, for example), disclose this clearly. Reviews collected through incentives should be marked as such to avoid misleading potential customers about their independence.
Third-party review platforms (like Trustpilot or Google Reviews) have their own policies, but you're still responsible for how you use and display that content on your own site.
Consider an online homeware business selling through Shopify. Their website Terms of Sale stated they accepted refunds within 30 days for change of mind. Their Refund Policy said items must be in original condition with tags attached.
However, their automated Shopify order confirmation emails included a line saying "all sales are final" because they'd used a default template. When a customer tried to return an item within the 30-day window, the business initially refused, pointing to the "sales are final" message.
The customer filed a chargeback with their bank, citing the contradiction between the order confirmation and the website terms. The business had to accept the return and lost the chargeback fee because their systems weren't aligned.
After reviewing their setup, we updated their email templates to match their actual refund policy, added the refund terms to their checkout page, and ensured consistency across all customer touchpoints. This kind of alignment between automated systems and legal terms prevents disputes and supports smooth operations when issues do arise.
Getting your e-commerce legal foundations right involves several practical steps you can work through systematically.
Review your complete customer journey. Look at every touchpoint where customers interact with your terms—product pages, shopping cart, checkout, order confirmations, delivery notifications. Check that legal documents are accessible and that messaging is consistent across all these touchpoints.
Align your automated systems with your terms. Review every automated email your store sends—order confirmations, shipping notifications, delivery confirmations, review requests. Make sure none of these contradict your legal documents. Update email templates to match your actual policies.
Check platform and payment processor requirements. Review your Shopify, WooCommerce, or other platform's merchant terms. Read your payment processor's policies. Ensure your terms don't conflict with obligations these platforms impose on you.
Make legal documents easily accessible. Link to your Terms of Sale, Privacy Policy, and Refund Policy in your website footer, on your checkout page, and near any information collection points. Don't hide them away where customers can't find them.
Document your processes for handling issues. Have clear internal procedures for processing refunds, handling complaints, and managing disputes. Your team should know what your terms say and how to apply them consistently.
Watch for these red flags:
If any of these apply to your store, that's something to address. These gaps create vulnerability to disputes, chargebacks, and compliance problems.
This is manageable with the right approach. Let's make sure your online store has the legal foundations it needs to operate confidently and handle issues smoothly when they arise.
Running an online store requires solid legal documentation that reflects how you actually operate. I work with e-commerce businesses to put the right terms, policies, and processes in place—from Terms of Sale and refund policies to privacy compliance and dispute resolution procedures.
If your online store is live and your legal documents need proper review, or if you're setting up a new e-commerce business and want to start with strong foundations, I can help you work through what you need for your specific business model.
Let's discuss how to get your legal documentation aligned with your operations and properly protecting your business.
Yes, digital products require different refund and access provisions. Physical goods have straightforward return processes—customers send items back. Digital products can't be "returned" once downloaded or accessed. Your terms should address how you handle refunds for digital products, what access limits apply, and what happens if the product is defective. Australian Consumer Law allows some flexibility for digital products, but you need to be clear and fair in how you apply these provisions.
Your Privacy Policy specifically addresses how you collect, use, store, and share personal information. It's required under Australian privacy law if you handle personal data. Website Terms of Use govern broader interactions with your site—intellectual property, acceptable use, account terms, and general conditions. Both documents serve different purposes and you need both for a comprehensive legal framework.
This rarely works well. Terms from US or UK websites are written for different legal systems and don't address Australian Consumer Law requirements. They often try to exclude rights that can't be excluded in Australia, or include provisions that aren't enforceable here. It's better to have terms written for Australian law that reflect your actual business practices. We can work together to create terms that properly protect your business within the applicable legal framework.
Review your documents whenever your business model changes—adding new products, changing refund policies, moving to a new platform, or starting international sales. Also review when Australian Consumer Law or privacy legislation changes. At minimum, do an annual review to ensure your terms still match your operational reality. Terms that don't reflect how you actually operate create legal risk rather than reducing it.
Best practice is to require customers to actively accept your terms before completing checkout—typically through a checkbox they must tick. This creates clearer evidence that they've agreed to your terms. At minimum, your terms must be easily accessible before purchase and customers should be clearly notified that their purchase constitutes acceptance. The more clearly customers are made aware of and accept your terms, the stronger your legal position if disputes arise.
Your terms need to work within the framework of your payment processor's requirements. Stripe, PayPal, and other processors have their own dispute resolution procedures and refund handling policies that you're bound by when you use their services. Review your processor's merchant terms alongside your own documents and ensure you're not making commitments you can't honour given the processor's requirements. If conflicts exist, you may need to adjust your terms or your choice of payment processor.
.webp)
.webp)
