Do terms of service and privacy policy need to be drafted by a lawyer?

I am trying to do a startup web app and I need a terms of service and privacy policy. Is there any way to do it without a lawyer? Why I ask is because I don't have that much money.

Privacy policies are pretty easy. Check out FreePrivacyPolicy.com or just plagarize from someone else's website.

As for your terms of service, it depends on whether it's a real contract or one of those "by visiting this website, you agree to" things. The latter is pretty pointless (and is almost certainly unenforcable), and you may as well just plagiarize that too.

But if your ToS is a real contract (e.g. "you will pay $20 and myWebApp.com will..."), then you should tread more carefully. If you do it without a lawyer, it could come back to bite you. Just make sure you have a "maximum absolute liability" clause that (provided it holds up) sets your liability to whatever they paid you. That should insulate you from a lot of problems.

Lawyers can certainly provide customized protections for you in your website’s terms of use and privacy policy, but if saving money is essential, you can try drafting them on your own. Keep in mind however, that you should get a good sampling of policies from companies that have similar operations as yours, as the terms vary among jurisdictions and industries. To begin with, it’s important to understand the differences between the two types of agreements.

A privacy policy is generally posted to provide assurances to your website’s visitors so that they know you will not mis-use any of their personal data. State legislatures have begun to take more seriously privacy concerns and have enacted laws to protect consumers. If you are based in California, California requires you to post a privacy policy if you collect personally identifiable information through your website for commercial purposes. (Many states do not mandate a privacy policy, but it is reassuring to your web-users if you post one.) Moreover, in California, you should identify in your privacy policy the categories of personally identifiable information that you may share with third parties. Connecticut, requires that if you collect a social security number, you must also have a privacy policy posted on your website indicating that you will protect the confidentiality of the number. You should also take care in writing your privacy policy because some states such as Nebraska and Pennsylvania prohibit making false and misleading statements. Also, if you are handling financial or health information, you may be subject to even greater regulations.

As for your website’s terms and conditions, your purpose in posting this is to protect your company. Clauses that you should include are those that protect your intellectual property rights, specifying the type of license you make available if any regarding the use of your intellectual property (your logo, pictures, articles, any written materials and images), ensuring that users are over 18, waiving liabilities regarding your website (in the event access to your website is interrupted for example), or disclaiming the remarks of third parties.

If you are selling products, your terms of use should provide details on shipping, warranties of the products being sold, or disclaimers of warranties, and a refund policy.

See: http://www.ncsl.org/default.aspx?tabid=13463 Note – this is not legal advice, and no attorney-client privilege is established.