Website
The content of your website should be forward-looking. Build the website for the product you want to have in 6 months; your website will undergo many, many iterations over time. Aim to have a company website published in your first week or sooner. OCV will transfer any existing domain names to the founder.
The first version of your website may be a single page, but should include:
Headline and description. The headline should explain your company in a few words. The description should explain what you do in 1-2 sentences.
Value props and/or features. How does the product help its users, and what are the existing or planned features?
Pricing. The pricing page is often the most visited because it quickly tells visitors what the company offers. Even if you’re not sure what you are selling or for how much, it’s a good exercise to start thinking about. The first version may be an hourly rate for support and services.
Competitors. A simple and clear way to help people understand your business is to list the companies and technologies you replace. For example, GitLab’s Platform page lists each category it serves and which tools and technologies it replaces in each.
About us and contact us. Include the company vision and mission, details about the open source project, a contact form, and team bios. It’s important that founders are included on the website and share their specific expertise. Include the founder's role in the open source project (creator, maintainer, contributor).
Terms of Use. Use the template provided by OCV’s legal team.
Privacy Policy. Use the checklist provided by OCV’s legal team.
One website for the project and the company
For companies that can maintain the original project name, it’s best to keep the open source project and commercial company websites together rather than separate, if you can. Two different websites can confuse and require double the effort to maintain. Much of that effort will be duplicative.
Don’t worry about deprecating the existing open source project website. Instead, make the commercial company website a superset of the two. The commercial site should be the go-to destination for all communication and information. Eventually, the two websites may evolve into one, but that can happen over time. Doing everything all at once may alarm the community. It’s better if this is a gradual process that happens as the community gains trust in the commercial entity. People are a lot more receptive to change as long as the commercial company is consistently doing the right thing.
If combining the open source and company website isn’t an option, create a new website and include a link to the open source project repo in the website footer.
Terms of Use
Terms of Use, also known as Terms of Service, are a legal agreement between a company or website and its users that outlines the rules and guidelines for using the service. It's a legally binding agreement between the company or website and its users that protects both parties' interests.
Terms of Use Template
Provided by OCV’s legal counsel for OCV (open core) companies as of February 20, 2023. Companies must review and edit highlighted sections prior to releasing their Terms of Use.
Privacy Policy
A privacy policy tells visitors what information you collect from them and what you do with it. If you collect any personal information (emails, names, etc.), you need one. If should cover how you handle any personal information collected by the company from the website, products, and services. Not all privacy policies look the same—yours should match what your website actually does. Don't mention mobile apps if you don't have one, or talk about data collection of minors if your site isn't for kids.
With respect to the personal information that the privacy policy should cover:
Who does the personal information concern?
The relationship between the Company and the individuals whose personal information is collected. Is this personal information generally collected in a consumer context or in a business context?
How does the Company collect or receive the personal information?
For what purposes is the personal information collected, used, and shared?
List all categories of personal information that the Company collects.
Use the provided privacy policy template. Use the Coverage Checklist to determine which sections you need to include and which to eliminate.
Use this to figure out what your privacy policy needs to cover.
Does the Company receive any personal information from its business customers to process on their behalf (e.g., as a service provider)? If so, please describe the types of personal information received in this context, how the Company receives this information, and what the Company does with this information.
Will the Company be aggregating or anonymizing any personal information and using it for purposes outside of the product or service? If so, please describe.
Will the Company be using any personal information for R&D purposes? If so, please describe.
Does the Company have a mobile application?
Does the Company collect information from other third-party sources? This may include public records, data providers (e.g., data brokers), affiliate partners, and marketing partners.
Does the Company allow users to log into the service or platform through social media credentials (e.g., Facebook or Google authentication)?
Does the Company utilize (i) cookies (and if so, whether these are first-party or third-party cookies), (ii) local storage technologies, (iii) web beacons, and/or (iv) session replay technologies? If so, please describe.
Please confirm if users of the service can refer friends or other contacts to the service. If so, please describe the categories of personal information that are collected for this purpose.
Does the Company engage in email marketing? If so, how may users opt out?
Does the Company engage in text-based marketing or otherwise send text messages to individuals? If so, how does it obtain consent?
Does the Company engage in interest-based advertising on its website?
Please provide a list of categories of third parties with whom the Company may share personal information and the purposes for such sharing.
Will customers be able to make purchases via the website? If so, will the Company be using a payment processor?
Please describe what rights users are generally provided, if any (e.g., access their information, update their information, delete their information). If rights are provided, are these rights only provided to certain individuals (e.g., California residents) or to all individuals?
Is the website directed at children? Does the Company otherwise knowingly collect information from children under the age of 16? Please describe.
Confirm if the Company is subject to the CCPA.
Is the company governed by GDPR? Consider the employee base, customer base, and target market.
Location-Specific Requirements
If you have customers in these places, there are extra rules:
California (CCPA): Must let California residents request/delete their data
Europe (GDPR): Stricter rules - need explicit consent for cookies, data processing
Canada (PIPEDA): Similar to GDPR for Canadian customers
Simple rule: If you're unsure, give ALL users the right to access, update, and delete their data. It's good practice anyway.
Last updated
Was this helpful?