As e-commerce expands, more states are trying to regulate online purchases, web subscriptions and even free downloads. Because apps can instantly go global, this creates huge headaches for developers who now need to be aware of laws in places they've never been.
There are three general categories of laws that might apply to your app.
Even if you're not selling a physical product, some states still impose a sales tax on intangible purchases or services.
Whether you're required to collect sales tax for a state depends on if you have a nexus in that state. Nexus means that you have a legal presence in the state such as the following.
- An office location.
- A warehouse or other storage or shipping facility.
- A retail location that you own or control.
- An affiliate marketer or other salesperson within the state who you pay commissions.
The exact requirements as well as which items or services are taxed depends on the laws of the state imposing the tax (typically where your customer is located).
It's important to understand that even seemingly innocuous information such as a customer name, email address or tracking code on an advertisement can fall under these laws.
Contract laws govern things like refund policies, automatic renewals and billing disputes. Some states impose limitations on contracts such as requiring you to send notice before automatically renewing a subscription or limiting the amount of advance notice you can require to cancel a subscription.
The good news is that contract law is often the most flexible because you can generally specify in the contract that your home state's law applies. However, some states may override this choice of law for contracts involving their residents, so you can't always rely on your state's law applying.
If everything depends on your customer's state, it may seem like your only choices are to limit downloads to your state only or to hire a lawyer in every state. The largest app developers actually do hire a legal team to track every state's laws, but for a small developer, this simply isn't feasible. You'll need to make a risk-reward tradeoff decision based on the following factors.
- What are your contacts with other states? For example, did someone in another state just happen to download your app, or did you target print, mail or online advertising to residents of the state?
- What is your risk in a data breach? Are you collecting highly sensitive information, such as health or financial data, or do you simply have a game or info app that collects little to no information?
- How much are you charging, and are you bringing in large profits? The more a consumer feels they have at stake, or a lawyer thinks they can sue you for, the more risk of a regulatory complaint or lawsuit being brought against you. There's also a huge difference in the risk of being shut down if your app is a hobby or your sole source of income.
With those things in mind, you can decide if you're comfortable doing more research on your own and relying on things like open source privacy policies or if you want to invest in hiring a lawyer to protect your app.