2

Most of applications, when you sign up, you must agree with some terms and conditions.

Should the information that the user agreed to those terms be saved in the database?

I asking this because I'm thinking, If the user breaks one of those terms, I will need some prove that the user agreed to it? Like have a flag on the database which will be set when the user creates it's account?

I'm also thinking about when the terms changes and the user needs to re-agree with the terms. Should I also save some information that the user agreed with the new terms?

vitxr
  • 103
Vencovsky
  • 371

3 Answers3

6

Regardless of any legal considerations:

  • you might need to track acceptance for new users
  • you will need to ask re-acceptance of changed terms and conditions for existing users.
  • you may have to ask for re-acceptance after a given time.

Moreover you may need to show evidence that the user subscribed to the terms. A simple flag is not sufficient in case of litigation (“I never accepted these terms"). So you need to keep track at least of the date and if possible also other elements ("yes you did on 22/11/2019 at 23:11:07 from an android device from the IP ... geolocalized in this country"). Having the date will also allow you to determine the version of terms and condition accepted, although it would be safer again to keep track of a version id and a language id if your app is multilingual.

Of course, all this depends on the respective responsibilities. A simple cookie can be sufficient in many cases, unless you may have to prove something (because you do not own the cookie that might be deleted by the user).

Phill W.
  • 13,093
Christophe
  • 81,699
5

Most services require the user to accept the terms of service in order to create an account. If you keep track of when the account was created and a revision history for the terms of service, you will be able to associate the account with the terms of service as they were when the account was created. If you also maintain a history of login times along with a revision history for the terms, you can link terms of service revisions with logins.

The need for re-accepting the terms of service is more of a question for legal or regulatory/compliance experts than software developers. If there is a need to re-accept the terms of service, take measures to track access or reading the terms, or track additional metadata about the acceptance of the terms, then that would drive the design and implementation of that functionality.

Thomas Owens
  • 85,641
  • 18
  • 207
  • 307
1

If you have multiple signup options, marketing opt ins, data protection opt outs, various versions of your TnCs etc etc then you will need to keep track of which user selected what.

This is fairly common. However, when it comes to terms and conditions you have to ask yourself what your risk is if the user breaks them.

Do you just cancel their account? Can you do that for any reason anyway? Is the legal onus on them to prove they have a licence? Then why do you need to prove they broke the TnCs?

If you have a more substantial agreement, where you have a risk, say you are insuring them for example. Then a simple check box TnC probably isn't good enough for you. You will probably want to save the version of their policy agreement and send them a copy which they will want to keep and or download at random times in the future.

Ewan
  • 83,178