Missing terms of service or user agreement
A terms of service document, sometimes called a user agreement or terms of use, is the contract between your app and its users. It defines what they can do, what you owe them, and what happens when something breaks.
#What goes wrong
Many founders ship without one because the legalese feels overwhelming. Others copy a template, leave placeholder text in it, and forget to link it anywhere on the site. Stripe, Apple, and Google all reject apps that lack a real ToS during review.
#Why it matters
Without a ToS, you have no defined liability cap, no defined refund policy, and no defined ownership of the content users create. A single dispute can become expensive fast. The document also has to be discoverable. A perfect ToS hidden behind no link is treated as if it does not exist.
#How Heimdall checks for this
Heimdall looks for any file or route with terms, tos, tou, or legal in the path. It checks the content for placeholder tokens like [INSERT NAME] or example.com, and verifies the document is linked from your global layout or footer.
#How to fix it
Generate a ToS through a service like Termly or iubenda, customize the fields, and link it next to your privacy policy in the footer. If you charge money, add a clear refund clause. If users create content, define who owns what.
Frequently asked questions
Do I need both a ToS and a privacy policy?
What is the difference between terms of service and terms of use?
Should I require users to click to accept the ToS?
Run this check on your own repo
Heimdall scans your GitHub repo for this and 16 other issues in under a minute.