Free Refund Policy Generator for React Application — US Compliant

🇺🇸 Key US Requirements

The United States has a sectoral approach to data privacy — no single federal law covers all businesses, but multiple laws apply depending on your industry and the data you collect. Key federal laws include COPPA (children's data), HIPAA (health data), GLBA (financial data), and CAN-SPAM (email marketing). FTC enforcement can result in significant penalties for deceptive data practices.

• Privacy policy must accurately describe actual data practices (FTC Act Section 5)
• COPPA compliance required if your site knowingly collects data from children under 13
• CAN-SPAM compliance for all commercial email communications
• State laws may apply: California (CCPA), Virginia (VCDPA), Colorado (CPA), and others
• "CalOPPA" requires a privacy policy for any site accessible to California residents
• HIPAA Business Associate Agreements required if handling health data

React Application — Specific Considerations

React applications are client-side rendered apps that often integrate with backend APIs, authentication providers, and third-party services. The data collected depends entirely on the app's functionality, but React apps frequently use authentication (Auth0, Firebase, Supabase), analytics (Segment, Amplitude), and feature flags — each collecting user data that must be disclosed. If your React app uses local storage or IndexedDB, this must also be disclosed.

Data typically collected by React Application businesses: user account data via authentication provider, usage analytics and events, feature flag exposure data, local storage and session storage data, API request logs, error tracking data

• Authentication provider data processing (Auth0, Firebase, Clerk)
• Client-side analytics and event tracking disclosure
• Local storage and browser storage disclosure
• Error monitoring service data (Sentry, LogRocket)
• Third-party API data sharing disclosure