Every Minnesota business with a website has a Terms of Service problem. Either the terms are missing, copied from someone else’s site, or pulled from a free template that doesn’t account for Minnesota law. I see this constantly. A business owner will spend months building a website, then spend ten minutes on the legal terms that govern every interaction users have with it.

That’s a real liability gap. Your Terms of Service are a contract between your company and every person who uses your website. When they’re well-drafted, they cap your exposure, keep disputes in Minnesota courts, and protect your intellectual property. When they’re missing or generic, you’re unprotected exactly when it matters.

Minnesota has its own requirements that go beyond federal law, and the landscape shifted significantly when the Minnesota Consumer Data Privacy Act took effect in 2025. Here’s what you need to know.

Why Terms of Service Matter

Limit your liability. Without a limitation of liability clause, your company faces disproportionate exposure from a website malfunction, a content error, or a service failure. This is the single most important function of your ToS.

Establish dispute resolution. Would you rather resolve a customer dispute in a Minnesota court under Minnesota law, or get dragged into litigation in California? Your ToS determines the forum, the governing law, and whether disputes go to arbitration or court.

Protect your intellectual property. Your website content, branding, software, and proprietary processes have value. Your ToS defines ownership and restricts unauthorized use.

Set the rules for user conduct. If your site includes user accounts, submissions, reviews, or community features, your ToS gives you the authority to remove users or content that violates your standards.

Comply with Minnesota law. Several Minnesota statutes impose specific obligations on businesses operating websites. Your ToS is one of the primary vehicles for meeting those obligations.

Clickwrap vs. Browsewrap: The Enforceability Problem

None of this matters if your terms aren’t enforceable. And enforceability depends almost entirely on how you present your ToS to users.

Clickwrap Agreements

A clickwrap agreement requires the user to take an affirmative action—checking a box, clicking “I Agree,” or completing a similar step. Courts in the Eighth Circuit (which covers Minnesota) consistently enforce clickwrap agreements because the user clearly assented to the terms. This is the standard I recommend for any website that involves transactions, account creation, or data collection.

Browsewrap Agreements

A browsewrap agreement relies on a link at the bottom of the page—”By using this site, you agree to our Terms of Service”—without requiring any action from the user. Courts have repeatedly found these unenforceable, particularly when the link is inconspicuous or the user had no reason to know the terms existed.

I review website terms for clients regularly, and the most common setup I see is a small “Terms” link buried in the footer. That’s a browsewrap arrangement, and it may not protect you when you actually need it. If your site processes payments or collects user data, you need clickwrap. Period.

What Your ToS Should Include

1. Acceptance of Terms

Start with clear language establishing that using the website constitutes acceptance. If you use clickwrap (and you should for transactions), reference the specific action that constitutes acceptance—checking the box, clicking the button. Be explicit about what triggers the agreement: visiting the site, creating an account, making a purchase, or all of the above. This clarity matters if enforceability is ever challenged.

2. Limitation of Liability

This is the clause that saves you money. A limitation of liability caps the damages a user can recover from your company.

Minnesota courts generally enforce these clauses in commercial agreements, but the clause must be:

  • Conspicuous—bold text, capital letters, something that stands out
  • Clear and unambiguous—vague limitations get interpreted against you
  • Not unconscionable—eliminating all remedies entirely may get the clause struck down

Under Minnesota’s UCC provision (Minn. Stat. § 336.2-302), a court can refuse to enforce a clause it finds unconscionable. In practice, though, limitation of liability provisions between business parties are generally presumed conscionable.

Cap liability at the amount the user paid for services, or a defined dollar amount. Exclude consequential, incidental, and indirect damages. Make the limitation conspicuous in the document—don’t bury it in paragraph 47 of dense text.

3. Governing Law and Dispute Resolution

Specify that Minnesota law governs and that disputes will be resolved in Minnesota courts. This forum selection clause keeps you from litigating across the country.

There’s an important interaction here: courts are more likely to enforce a forum selection clause in a clickwrap agreement than in a browsewrap arrangement. If your terms are only accessible through an inconspicuous footer link, a court in another jurisdiction may refuse to honor your Minnesota forum selection clause. The consent mechanism and the substantive terms reinforce each other.

Some businesses include mandatory arbitration provisions. In Minnesota, arbitration clauses are generally enforceable under both the Federal Arbitration Act and the Minnesota Uniform Arbitration Act (Minn. Stat. Ch. 572B). Arbitration can be faster and less expensive than litigation, but it also limits class actions—which may be a strategic advantage depending on your business model.

4. Intellectual Property Protection

Your ToS should state that all website content is owned by your company (or licensed to it) and prohibit unauthorized reproduction, distribution, or modification. If users can post reviews, comments, or submissions, specify who owns that content and what license your company receives to use it. Include a DMCA takedown procedure if your site hosts user content.

5. User Conduct and Account Terms

If your website allows account creation, set clear expectations: prohibited activities (scraping, unauthorized access, misuse), your right to suspend or terminate accounts, password and security responsibilities, and age restrictions if applicable. Keep this section straightforward. You want the authority to act when someone abuses your platform.

6. Payment Terms and Refund Policies

If your website processes payments, state your pricing, billing cycles, and payment methods clearly. Describe your refund or cancellation policy. And pay attention to automatic renewals—Minnesota has specific disclosure requirements under Minn. Stat. § 325G.132, which I cover below.

One mistake I see often: a website’s marketing promises “hassle-free returns” while the ToS says “all sales final.” That contradiction creates both a legal problem under the Consumer Fraud Act and a trust problem with customers. Your ToS and your marketing need to tell the same story.

7. Disclaimers

If your site provides educational or informational content, disclaim that it does not constitute professional advice. Disclaim responsibility for linked third-party content. Include warranty disclaimers to the extent permitted by law, using conspicuous language. These disclaimers should be prominent, not hidden—courts look at whether a reasonable person would have noticed them.

This is where Minnesota businesses face obligations that generic templates don’t cover.

Minnesota Consumer Data Privacy Act (MCDPA)

The MCDPA took effect on July 31, 2025, and it’s one of the more comprehensive state privacy laws in the country. If you do business in Minnesota and collect personal data, you need to understand this statute.

Who it applies to: Businesses that conduct business in Minnesota or target products or services to Minnesota residents, and that during a calendar year either (a) control or process personal data of 100,000 or more consumers, or (b) control or process personal data of 25,000 or more consumers and derive more than 25% of gross revenue from the sale of personal data.

What it requires:

  • Privacy notices explaining what personal data you collect, how you use it, how long you retain it, and what rights consumers have
  • Consumer rights including the right to access, correct, delete, and obtain a copy of their personal data
  • Opt-out mechanisms for targeted advertising, sale of personal data, and profiling
  • Universal opt-out recognition—your website must recognize and honor opt-out signals sent through browser settings or extensions
  • Meaningful consent—consent must be “freely given, informed, and unambiguous.” Burying consent in broad Terms of Service language does not satisfy this requirement

Enforcement: The Minnesota Attorney General has enforcement authority. After January 31, 2026, the AG can pursue violations without first providing a 30-day cure period. That cure period grace is gone.

Here’s the practical takeaway: you need a standalone privacy policy. Not a privacy paragraph in your ToS. A separate, detailed document that addresses MCDPA requirements directly. Your ToS should reference and incorporate the privacy policy, but the two documents serve different functions. I’ve been advising clients to treat the privacy policy as a compliance document—not an afterthought—since the MCDPA was enacted.

Data Breach Notification (Minn. Stat. § 325E.61)

If your business collects personal information through your website—and nearly every business does—you have obligations under Minnesota’s data breach notification statute.

Key requirements:

  • If unencrypted personal information is breached, you must notify affected Minnesota residents “in the most expedient time possible and without unreasonable delay”
  • Personal information includes a name combined with Social Security number, driver’s license number, financial account numbers, or health information
  • If a breach affects more than 500 people, you must notify consumer reporting agencies within 48 hours
  • Encrypted information is generally exempt, provided the encryption key was not also compromised

If your site collects customer data—names, emails, payment information, account credentials—you should have a data security plan in place. Your privacy policy should address your data practices, and your ToS should include a provision covering what happens in the event of a breach.

Minnesota Consumer Fraud Act (Minn. Stat. § 325F.69)

The Consumer Fraud Act prohibits any “fraud, false pretense, false promise, misrepresentation, misleading statement or deceptive practice” in connection with the sale of merchandise. For your website, this means:

  • Product descriptions, pricing, service capabilities, and claims must be accurate
  • Bait-and-switch tactics, hidden fees, and misleading terms are prohibited
  • Practices that are “oppressive” or “unscrupulous” are actionable, even without outright fraud

The practical implication: your ToS must match the actual customer experience. If your ToS describes a refund process, follow it. If your website makes service promises, your terms can’t contradict them. Consistency between your marketing, your website, and your legal terms is a legal requirement under this statute.

Automatic Renewal Disclosures

Under Minn. Stat. § 325G.132, if your business offers subscriptions or memberships that automatically renew, you must clearly and conspicuously disclose the automatic renewal terms before the consumer subscribes, provide a simple mechanism for cancellation, and send a renewal reminder before each renewal period. If you charge recurring fees through your website, review your current renewal disclosures against these requirements.

Putting This Into Practice

The right approach starts with understanding what your website actually does. Audit every function: payment processing, data collection (contact forms count), user accounts, cookies and analytics, subscriptions, user-generated content. Each function creates specific legal obligations that your ToS need to address.

Your privacy policy should be a separate document—not a section of your ToS. The MCDPA requires specific disclosures that are distinct from your contractual terms, and a standalone privacy policy is easier for consumers to find, easier to update, and more likely to satisfy regulatory requirements. For any site that involves transactions, account creation, or data collection, implement clickwrap consent—a checkbox with a link to your full ToS and privacy policy before the user can proceed. And review everything annually. Minnesota law in this area is actively evolving, the MCDPA is still new, and your business operations change. Terms drafted three years ago almost certainly don’t reflect current requirements.

For Terms of Service tailored to your Minnesota business, contact my office.