Terms of Service Auditor
When launching a new product, onboarding a new client, or conducting a periodic legal audit of website terms.
A website's Terms of Service is the contract every user accepts, yet it is often copied from a template and never revisited as the business, its data practices, and the law evolve. A periodic audit checks whether the acceptance mechanism is actually enforceable, whether the arbitration and liability clauses survive consumer-protection scrutiny, and whether required provisions for the company's specific model are present rather than assumed.
This kind of structured, clause-by-clause review is a natural fit for Claude. Feed it the existing terms along with the business type, target users, jurisdictions, and data collected, and it returns a findings report that flags enforceability gaps, missing provisions, and risky language, with suggested fixes and the legal rationale for each. It turns a tedious read-through into a focused worklist you can act on, freeing your time for the judgment calls.
Treat the audit as an issue-spotting first pass, not a compliance opinion. Claude can miss jurisdiction-specific rules and will not know your client's full risk posture, so verify every finding against current authority and tailor the recommendations before relying on them. The output is attorney work product to refine, not legal advice and not a finished set of terms to publish.
The Prompt
Audit the following Terms of Service for legal compliance and enforceability: Business type: [e.g., SaaS, e-commerce, marketplace, social media] Target users: [e.g., consumers, businesses, both] Jurisdictions: [WHERE USERS ARE LOCATED] Data collection: [WHAT DATA IS COLLECTED] Review for: 1. Formation — is acceptance mechanism enforceable (clickwrap vs. browsewrap)? 2. Arbitration clause — is it enforceable? Does it comply with state-specific requirements? 3. Limitation of liability — is the cap reasonable and enforceable for consumer agreements? 4. User content — are IP rights properly licensed? Is the license scope appropriate? 5. Termination — are grounds clear? Is there adequate notice? 6. Privacy integration — does it properly reference the privacy policy? 7. DMCA/copyright provisions — are safe harbor requirements met? 8. Consumer protection — does it comply with applicable consumer protection statutes? 9. International compliance — GDPR, UK Consumer Rights Act if applicable 10. Missing provisions for this business type For each issue, cite the relevant legal authority and provide fix language. Terms of Service: [PASTE TOS TEXT]
Example Output
An audit report with compliance findings, enforceability assessment for key provisions, and recommended revisions.
Illustrative example — names, figures, and facts are fictional.
TERMS OF SERVICE AUDIT — Northstar Marketplace, Inc. Business type: consumer-facing marketplace (US + EU users) | Reviewed: v3.1 FINDING 1 — Formation / Acceptance [SEVERITY: HIGH] Language: "By using the Site you agree to these Terms." Issue: This is browsewrap. Courts increasingly decline to enforce browsewrap against consumers absent clear notice and affirmative assent. Fix: Implement clickwrap — an unchecked checkbox at signup reading "I agree to the Terms of Service and Privacy Policy," with both linked. Retain a timestamped record of each user's accepted version. FINDING 2 — Arbitration Clause [SEVERITY: MEDIUM] Issue: Clause requires arbitration but omits a class-action waiver and a clear opt-out, and does not address the state-specific notice some jurisdictions require for consumer arbitration. Fix: Add a conspicuous class-waiver and a 30-day opt-out; confirm enforceability in each consumer's home state. FINDING 3 — Limitation of Liability [SEVERITY: MEDIUM] Issue: Caps all liability at $0. A zero cap may be deemed unconscionable in consumer agreements in several states. Fix: Cap at fees paid in the prior 12 months and carve out claims that cannot be waived by law. FINDING 4 — User Content License [SEVERITY: LOW] Issue: License grant is "perpetual, irrevocable, worldwide" — broader than the service requires. Fix: Narrow to the scope needed to operate and promote the service. MISSING PROVISIONS: DMCA designated-agent notice; EU/UK consumer-rights disclosures; governing-law and venue clause. Note: Verify all state and EU/UK requirements against current law before publishing.
Tips
- •Clickwrap (checkbox) is far more enforceable than browsewrap (continued use = acceptance).
- •Check state-specific consumer arbitration rules — several states restrict mandatory arbitration for consumers.
- •Ensure the TOS is versioned and you retain records of which version each user accepted.
Frequently Asked Questions
When should I run a Terms of Service audit?
Audit terms before a product launches, when onboarding a client whose terms you have not reviewed, after the business changes its data practices or adds a new revenue model, and on a periodic cadence as consumer-protection and privacy law shift. The prompt asks for business type, jurisdictions, and data collected so the review reflects the company's actual exposure rather than a generic checklist.
Can I publish the audited terms exactly as Claude returns them?
No. The output is an issue-spotting first pass, not finished terms or a compliance opinion. Verify every flagged provision against current authority in each relevant jurisdiction, confirm Claude has not missed state-specific rules, and tailor the suggested language to the client's risk tolerance. The attorney remains responsible for the terms that go live.
How do I get the most useful audit?
Be specific about the business model, where users are located, whether they are consumers or businesses, and exactly what data is collected. Paste the full terms rather than a summary. Ask Claude to rate each issue by severity and to flag where it is uncertain about current law, so you can prioritize verification on the highest-risk items.
Is it ethical to run client terms through an AI tool?
Generally yes, with appropriate care. ABA Formal Opinion 512 permits AI use where the lawyer supervises the output, verifies accuracy, and protects client confidentiality under Model Rule 1.6. Public terms are usually not confidential, but avoid pasting nonpublic business details or client identifiers into consumer tools without suitable data protections, and review every finding before relying on it.
Related Prompts
Get New Prompts Like This Every Week
Join the free Claude for Lawyers newsletter — weekly prompts, tutorials, and practice-specific guides.