All articles
What is GDPR and does it apply to my online business?
The General Data Protection Regulation applies to far more businesses than most people realise. Here's what you need to know — and why it matters even if you're a small operator.
What to include in a GDPR-compliant privacy policy
A compliant privacy policy is more than boilerplate copied from another site. Here's every section regulators expect to see — and what each one needs to say.
Legitimate interests vs consent: which legal basis do you actually need?
Choosing the wrong lawful basis is one of the most common GDPR mistakes small businesses make. Here's how to tell the difference and get it right.
Cookie consent 101: what you actually need on your website
Cookie banners are everywhere, but most of them are non-compliant. This guide explains what the law actually requires — and what it does not.
The difference between essential and non-essential cookies
Not all cookies need consent. Understanding which cookies are strictly necessary changes how you build your consent experience and what you need to disclose.
CCPA for small businesses: who needs to comply?
California's privacy law has strict thresholds. Most small businesses are exempt — but here's how to check whether you're one of them, and what to do if you're not.
Privacy policy vs terms of service: what's the difference?
Both are legal documents, but they serve completely different purposes. Here's what each one needs to do — and why you need both on your website.
How to write a privacy policy for a membership site
Membership sites collect more personal data than a standard website — and need a more detailed privacy policy as a result. Here's what yours needs to cover.
What is a Data Subject Access Request (DSAR) — and what must you do when you receive one?
A DSAR gives any individual the right to see all personal data you hold about them. Here is what triggers the obligation, what you must provide, and how Trust Center handles DSAR intake and tracking for your business.
What are data sub-processors and do you need to list them?
If you use Stripe, Mailchimp, or Kajabi, you already have sub-processors. Here's what that means legally and what you are required to disclose.
What is a Trust Center and why does your business need one?
A Trust Center is a single, public-facing hub for all your compliance documents. Here's why forward-thinking businesses are building one — and why it matters more than a standard privacy page.
ePrivacy vs GDPR: understanding the cookie law distinction
GDPR and ePrivacy are two separate laws that both apply to cookies. Understanding the difference prevents a common compliance mistake that many online businesses make.
5 signs your compliance setup is putting you at legal risk
Most small businesses have at least one of these. Here's how to spot each risk, what it means legally, and what to do about it.
How to handle user data across multiple tools and platforms
Every SaaS tool you use becomes a data processor the moment it touches user data. Here's how to stay compliant when your tech stack spans 10 or more services.
What regulators actually look for when auditing a small business
ICO enforcement notices and GDPR regulatory actions reveal clear patterns. Here's what regulators prioritise — and how to make sure your business is in a low-risk position.
What legal pages does a US website need?
Operating a website in the United States means navigating federal and state-level requirements. Here's the complete list of legal documents every US online business should have.
US state privacy laws: a guide for online businesses in 2026
The US privacy landscape has shifted dramatically. With 20+ state laws now in force or pending, online businesses can no longer treat CCPA as the only benchmark.
ADA website accessibility: what US online businesses must know
US courts have consistently ruled that the Americans with Disabilities Act applies to websites. Here's what that means for your online business and how to avoid enforcement risk.
What legal pages does a Canadian website need?
Canada has both federal and provincial privacy laws, an anti-spam regime stricter than most, and emerging accessibility obligations. Here's what every Canadian website needs.
PIPEDA and Canadian privacy law: a guide for online businesses
Canada's federal privacy law applies to almost every online business that collects personal data from Canadians. Here's what PIPEDA requires — and what's changing with upcoming reforms.
CASL: Canada's anti-spam law and what it means for your email marketing
CASL is one of the world's strictest anti-spam laws — and it applies to any business sending commercial messages to Canadian recipients, regardless of where you are based.
What legal pages does an Australian website need?
Australian websites are subject to the Privacy Act, the Spam Act, the Australian Consumer Law, and accessibility requirements under the Disability Discrimination Act. Here's what you need.
The Australian Privacy Act: what online businesses need to know
The Privacy Act 1988 and the Australian Privacy Principles govern how organisations handle personal data. Here's what the law requires — and what the 2025 reforms changed.
Website accessibility in Australia: the DDA and WCAG explained
The Disability Discrimination Act 1992 creates potential liability for inaccessible websites in Australia. Here's what the law requires and the WCAG standard you should build to.
What legal pages does an EU website need?
EU websites face a dense regulatory stack: GDPR, the ePrivacy Directive, the European Accessibility Act, and — for larger platforms — the Digital Services Act. Here's everything you need.
The European Accessibility Act: what online businesses must do
The European Accessibility Act came into force in June 2025. It requires e-commerce, banking, media, and digital service providers to meet accessibility standards. Here's who it applies to and what it requires.
The Digital Services Act: what it means for your online platform
The EU's Digital Services Act creates a tiered set of obligations for online platforms. Most small businesses are lightly affected — but you need to know which category you fall into.
What legal pages does a UK website need?
Post-Brexit, UK websites operate under UK GDPR, PECR, the Equality Act 2010, and ICO registration requirements. Here's the complete checklist of what every UK website needs.
UK GDPR explained: data protection law after Brexit
UK GDPR is the retained version of EU GDPR with UK-specific modifications. Here's what it means for UK businesses — and what has actually changed since Brexit.
The Equality Act 2010: website accessibility obligations in the UK
The Equality Act 2010 requires UK service providers to make reasonable adjustments for disabled people. Here's how this applies to websites and what standard UK businesses are expected to meet.
WCAG explained: the global standard for website accessibility
WCAG — the Web Content Accessibility Guidelines — is the international benchmark for website accessibility. Here's what the guidelines require and why AA conformance is the target for most businesses.
Website accessibility laws by country: USA, UK, EU, Canada, and Australia
Every major English-speaking market now has some form of website accessibility obligation. Here's a country-by-country comparison of what the law requires and the WCAG level that satisfies it.
Add a trust center to any website — just one DNS record
Trust Center connects to your website via a single DNS CNAME record. No code to install, no plugin, no developer required — it works on any platform.
Setting up Trust Center on Shopify
Add your Trust Center to a Shopify store using a CNAME DNS record — no apps, no theme edits, no developer needed.
Setting up Trust Center on WordPress
Connect Trust Center to your WordPress site with a single CNAME DNS record — no plugin, no code, no PHP required.
Setting up Trust Center on Wix
Add Trust Center to your Wix website using a CNAME DNS record — no Velo code, no apps, no site editor changes needed.
Setting up Trust Center on Squarespace
Connect Trust Center to your Squarespace website with a CNAME record — no code injection, no developer, works with any Squarespace template.
Setting up Trust Center on Webflow
Add Trust Center to your Webflow project using a CNAME DNS record — no custom code, no CMS collections, works on any Webflow plan.
Do I need a privacy policy for my website?
Almost every website collects some personal data — even just an IP address. Here is when a privacy policy is legally required and what happens if you don't have one.
Do I need a cookie banner on my website?
Cookie banners are required by law in many jurisdictions, but the rules differ significantly by region. Here's when you need one and what it must include.
Do I need terms and conditions on my website?
Terms and conditions are not legally required in most countries, but operating without them leaves you legally exposed. Here is what you need to know.
What should a privacy policy include?
A compliant privacy policy must cover specific information required by GDPR, UK GDPR, CCPA, and other privacy laws. Here is every section your privacy policy needs.
Cookie policy vs privacy policy — what is the difference?
A cookie policy and a privacy policy serve different legal purposes. Here is what each one covers, when you need both, and whether you can combine them.
Legal requirements for online stores — what every eCommerce site needs
Selling online means meeting legal requirements that go beyond a standard website. Here is what your online store must have to comply across the US, UK, EU, Canada, and Australia.
GDPR compliance for online shops — a practical guide for SMBs
If you sell to EU or UK customers, GDPR applies to your online store regardless of where you are based. Here is what you need to do.
What you must show at checkout — legal requirements for online stores
Consumer law across the EU, UK, USA, and Australia requires specific disclosures at checkout. Here is exactly what must appear before a customer completes their purchase.
GDPR compliance checklist for small businesses
A practical GDPR compliance checklist for small and medium businesses — covering data mapping, privacy notices, consent, security, and ongoing obligations.
Website launch legal checklist — what you need before you go live
Before launching your website, these are the legal requirements you must have in place. Missing any of these can expose you to fines, complaints, or liability.
UK data protection compliance checklist for small businesses
A practical checklist for UK businesses to meet ICO requirements under UK GDPR and the Data Protection Act 2018.
What to do if your website is hacked — a data breach response guide
If your website is hacked or customer data is exposed, you have legal obligations that must be met within hours. Here is what to do and in what order.
GDPR 72-hour breach notification — what it means and how to comply
GDPR requires you to notify your data protection authority within 72 hours of a breach. Here is exactly what triggers the obligation, what to report, and how to meet the deadline.
HIPAA basics for small businesses — do you need to comply?
HIPAA applies to healthcare providers, health plans, and their business associates. Here is how to know if it applies to your business and what the key obligations are.
COPPA compliance — what website operators need to know about children's data
COPPA restricts how websites collect data from children under 13. Here is when it applies, what it requires, and how the rules are enforced.
What is a Data Protection Officer — and does your business need one?
A Data Protection Officer (DPO) is a legally mandated role under GDPR for some organisations and strongly recommended for all. Here is what they do, when you need one, and how Trust Center provides this function for SMBs.
Setting up Trust Center on Framer
Add Trust Center to your Framer site with a CNAME DNS record — no custom code components, no overrides, works with any Framer template.
Setting up Trust Center on Kajabi
Add Trust Center to your Kajabi site using a CNAME DNS record — no theme code changes, no custom code blocks, works with all Kajabi plans.
Setting up Trust Center on ClickFunnels
Add Trust Center to your ClickFunnels account with a CNAME DNS record — no funnel editing, no custom HTML blocks, works with ClickFunnels 2.0 and Classic.
Setting up Trust Center on GoHighLevel
Add Trust Center to your GoHighLevel website or funnel using a CNAME DNS record — works across GHL sites, funnels, and sub-accounts.
Setting up Trust Center on Ghost
Add Trust Center to your Ghost publication with a CNAME DNS record — works with Ghost Pro hosting and self-hosted Ghost installations.
Setting up Trust Center on Carrd
Add Trust Center to your Carrd site with a CNAME DNS record — works with Carrd Pro plans that support custom domains.
Setting up Trust Center on BigCommerce
Add Trust Center to your BigCommerce store with a CNAME DNS record — no theme edits, no app installation, works with all BigCommerce plans.
Setting up Trust Center on WooCommerce
Add Trust Center to your WooCommerce store with a CNAME DNS record — works independently of your WordPress installation, no plugin conflicts.
Setting up Trust Center on Bubble
Add Trust Center to your Bubble app with a CNAME DNS record — no Bubble workflows, no plugins, works on any Bubble plan with a custom domain.
Setting up Trust Center on Duda
Add Trust Center to your Duda website with a CNAME DNS record — ideal for agencies managing compliance across multiple client sites.
Setting up Trust Center on Showit
Add Trust Center to your Showit website with a CNAME DNS record — perfect for photographers and creatives who want compliance without touching their design.
Setting up Trust Center on GoDaddy Website Builder
Add Trust Center to your GoDaddy website using a CNAME DNS record in the GoDaddy DNS Manager — takes under 5 minutes.
Setting up Trust Center on HubSpot CMS
Add Trust Center to your HubSpot CMS website with a CNAME DNS record — no HubSpot module development, works with all HubSpot CMS plans.
Setting up Trust Center on Weebly
Add Trust Center to your Weebly website with a CNAME DNS record — works with Weebly sites and Square Online stores built on Weebly.