WEBAIE UK SaaS Compliance Stack
- Terms & Conditions (T&Cs)
Purpose: Govern the contractual relationship between WEBAIE and users.
Key Sections:
- Acceptance of Terms
- Service description (AI CX Engine, Web LLM)
- Account obligations & security
- Intellectual property
- Communication services & user submissions
- Liability disclaimers
- Termination & access restriction
- Governing law & dispute resolution
- Payments & Subscription Terms (UK SaaS-specific) ✅
- Changes to terms
- Contact information
Implementation Notes:
- Link from footer and sign-up pages
- Ensure clear language for consumers
- Privacy Policy
Purpose: Explain personal data collection, use, and rights under UK GDPR.
Key Sections:
- Data collected (identity, contact, usage, technical, marketing)
- Lawful bases for processing (contract, consent, legitimate interests, legal obligation)
- AI transparency (processing of inputs, logging, DPIA reference)
- User rights under UK GDPR (access, erasure, objection, portability)
- International data transfers (SCCs, adequacy)
- Data retention & security
- Marketing & DMA compliance
- Cookies & tracking summary (links to Cookie Policy)
- Complaints & ICO contact
Implementation Notes:
- Link prominently from footer, cookie banner, and checkout pages
- Cookie Policy
Purpose: Comply with PECR & ICO cookie guidance.
Key Sections:
- Types of cookies: Strictly Necessary, Performance/Analytics, Functionality, Marketing
- Third-party cookies
- How cookies are used
- Consent management and withdrawal
- Retention periods
Implementation Notes:
- Integrate with cookie consent banner (prior consent required)
- Provide “Manage Preferences” link in footer
- Cookie Consent Banner + Preferences
Purpose: Collect user consent in compliance with PECR & UK GDPR.
Key Elements:
- Banner: Accept All / Reject All / Manage Preferences
- Preferences panel: toggles for each cookie type
- Non-essential cookies blocked until consent
- Consent stored auditable (date, time, categories)
Implementation Notes:
- Visible on first visit
- Footer link to manage preferences anytime
- AI Transparency Notice
Purpose: Comply with ICO AI guidance (transparency, explainability, human oversight).
Key Elements:
- Clearly state AI interaction
- Limitations: machine-generated, may be inaccurate
- Advise against sharing sensitive info
- Human support contact info
- Reference Privacy Policy
Implementation Notes:
- Display above chatbot or in header/footer link
- Data Protection Impact Assessment (DPIA)
Purpose: Identify and mitigate risks of high-risk AI processing.
Key Sections:
- System description, data flows, users, purpose
- Lawful basis for processing
- Risks to individuals (bias, automated decisions, breaches)
- Mitigations (security, human oversight, DPIA review)
- Residual risks and decision
- Review schedule
Implementation Notes:
- Keep on file as evidence for ICO
- Review annually or after major AI updates
- Payments & Subscription Terms (SaaS)
Purpose: Define pricing, billing, renewals, refunds, and cancellation rights.
Key Elements:
- Subscription plans and pricing
- Free trial (if offered)
- Payment methods & currency
- Automatic renewal
- Cancellations & refunds (align with UK 14-day consumer cooling-off)
- Failed payments, upgrades, downgrades, fair usage
Implementation Notes:
- Link in T&Cs, checkout pages, subscription management
- Refunds & Cancellations Policy
Purpose: Provide clear consumer rights in plain English.
Key Elements:
- 14-day cooling-off period for UK consumers
- Refund eligibility rules
- Cancellation process & effectivity
- Upgrades/downgrades handling
- Contact info for billing inquiries
Implementation Notes:
- Link from checkout, footer, and subscription pages
- Checkbox at checkout confirming users have read and accept policy
- Implementation Checklist
Task | Status |
|---|---|
Add T&Cs link in footer & sign-up pages | ✅ |
Add Privacy Policy link in footer, chatbot, cookie banner | ✅ |
Add Cookie Policy + Consent Banner | ✅ |
AI Transparency Notice above chatbot | ✅ |
DPIA completed and stored | ✅ |
Payments & Subscription Terms added to T&Cs | ✅ |
Refunds & Cancellations Policy linked on checkout | ✅ |
Cookie consent storage & audit logging | ✅ |
Marketing opt-in & unsubscribe mechanisms | ✅ |
Human oversight of automated AI decisions | ✅ |
This stack fully integrates all UK compliance requirements for a SaaS AI platform: GDPR, PECR, ICO AI guidance, DMA Code, and UK consumer law.