In addition to what others have said - I always record their IP address that they were using at the time. This usually only come in handy if your legitimate users start flagging no-spam emails as spam in their AOL accounts. We have this happen all the time. A user signs up, checks yes to receive emails, creates a saved search that emails them when houses come on the market that match their search criteria and then flag it as spam. It's sort of a tripple opt in and they still managed to black list us at AOL. Only after we provided enough proof to AOL and showed them all the steps a user needs to go through to get emailed and then showed them the IP address the users were using when the signed up did AOL change us to the white list and figured out thier users were getting what tehy asked for.
I can see other times for CYA purposes if you have to prove the end user computer was the one that was really used at time of agreement. Of course this does not work so well with proxies and dynamic IP's, but RIAA seems to have no problem with that part. ;-) In addition, leagally required really depends on the business your conducting. Retail sales maybe not as much is needed. An online bank would have piles of legal regulations to fulfill. If the terms of agreement are the same for every type of user then I don't see a need to store a copy for every user as one person said they did at one job. If the terms are different per user or user type then saving a copy becomes more important. Again this is business specific. Your best bet would be to contact your company lawyer (if they have one) and find out what they think would be required for the type of business your conducting. Wil Genovese Sr. Web Application Developer On Thu, Jun 11, 2009 at 10:03 AM, Justin Scott <[email protected] > wrote: > > > Does anyone know how it is best legally to record that > > a user clicked the check box "I agree to the terms and > > privacy policy of this web site"? > > I think you're over-complicating it. I mean, look at PayPal. When you > sign > up, there is a checkbox that says "I agree to the terms." You can't create > an account without checking it, so if they have an account, logically, they > must have agreed to the terms. Just make a note of the time when the > account was created. > > As for updates to the terms, I've never had to "re-agree" to their terms. > The terms have a clause that say where updates will be posted, and how they > will notify me (usually by a notice on their web site). As the user, it is > my responsibility to keep up-to-date with the terms after they have > "notified" me about a change. If I continue using the site after the new > terms go into affect, then I implicitly agree to the updates. > > I once worked on a site once where they made this into a huge issue. A > full > copy of the terms were stored with every account, and any time they made > any > changes, the user had to be shown a new copy, agree to the new terms, have > another full copy stored, etc. Instead of a checkbox, they had to type > their name into a text box that was placed within a line that said > something > like, "I, [text field], agree to the terms of service as listed above, > yadda > yadda..." It was a nightmare and the users complained about it regularly. > > Don't make it more complicated than it needs to be unless you have a really > compelling legal reason to do so (like, your site handles nuclear waste > shipments or something). > > > -Justin > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323400 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
