This was going to my reply, as well. The provision of a legally-drafted contract is quite a service to the community. You'll want to modify it to fit your product, but it's a great place to start and hits all the high points.
1) Look around the web for the Terms and Policies from similar companies. (Since SeqCentral is SaaS provider, I looked at GitHub, 37 Signals, and our competitors.)
3) Draft your own terms such that if you were a user, that you would be comfortable with them. (I'm an idealist, and as such, the SeqCentral ToS centers around the right of the consumer rather than the tyranny of the provider.)
4) Iterate with a lawyer who will tell you what you need at a minimum. (e.g. Refunds, children (COPPA), health (HIPAA), EU or CA rules, etc.)
5) Sleep on it.
6) Post as a "draft", issue an RFC, and be ready to make changes as needed.
Take the following advice with a grain of salt as I am not a lawyer and I have not had the privacy/security/TOS for my startup[1] reviewed by a lawyer.
I don’t believe you’re required (by US law) to have a policy statement or legal page, although things may be different depending on where you are located. That said, I would suggest outlining your privacy policies (e.g. who can see their data under what circumstances, how long the data is stored, etc.) and establishing a jurisdiction for any legal issues at the very least; if you store sensitive data, I’d suggest talking a bit about what you do to keep the data secure. Depending on your site, this might be something that hardly anyone looks at or something that is important to users before they use the site.
http://automattic.com/privacy/