[rendezvouscp]

Take the following advice with a grain of salt as I am not a lawyer and I have not had the privacy/security/TOS for my startup[1] reviewed by a lawyer.

I don’t believe you’re required (by US law) to have a policy statement or legal page, although things may be different depending on where you are located. That said, I would suggest outlining your privacy policies (e.g. who can see their data under what circumstances, how long the data is stored, etc.) and establishing a jurisdiction for any legal issues at the very least; if you store sensitive data, I’d suggest talking a bit about what you do to keep the data secure. Depending on your site, this might be something that hardly anyone looks at or something that is important to users before they use the site.

[1] Iron Money: https://ironmoney.com/