legal
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
Chinese<tool_restrictions>
<tool_restrictions>
MANDATORY Tool Restrictions
强制工具限制
BANNED TOOLS — calling these is a skill violation:
禁用工具 — 调用这些工具属于技能违规:
- — BANNED. Do NOT call this tool. This skill has its own multi-step process. Execute the steps below directly.
EnterPlanMode - — BANNED. You are never in plan mode. </tool_restrictions>
ExitPlanMode
<progress_context>
Use Read tool: (first 50 lines)
docs/progress.mdCheck for recent feature work that might affect data collection scope.
</progress_context>
- — 禁用。请勿调用此工具。本技能有独立的多步骤流程,请直接执行以下步骤。
EnterPlanMode - — 禁用。你永远不会处于计划模式。 </tool_restrictions>
ExitPlanMode
<progress_context>
使用Read工具: (前50行)
docs/progress.md检查可能影响数据收集范围的近期功能开发内容。
</progress_context>
Legal Pages Workflow
法律页面工作流
Generate comprehensive legal pages (Privacy Policy, Terms of Service, Cookie Policy) through a guided, interactive process. Combines automatic project detection with user questions to create tailored documents.
These are starting points that MUST be reviewed by a qualified lawyer before publishing.
通过引导式互动流程生成全面的法律页面(隐私政策、服务条款、Cookie政策)。结合自动项目检测与用户问答,创建量身定制的文档。
请注意:这些是初始文档,发布前必须由合格律师审核。
Process Overview
流程概述
Step 1: Disclaimer & Scope → Set expectations
Step 2: Project Detection → Scan codebase for data collection
Step 3: Guided Questions → Interactive Q&A to fill gaps (5 rounds)
Step 4: Generate Documents → Create tailored legal pages
Step 5: Implementation → Add to project with proper routing
Step 6: Next Steps → Cookie consent, lawyer review, etc.步骤1:免责声明与范围 → 设定预期
步骤2:项目检测 → 扫描代码库查找数据收集相关内容
步骤3:引导式问答 → 交互式问答填补信息空白(5轮)
步骤4:生成文档 → 创建定制化法律页面
步骤5:实施 → 将页面添加到项目并配置正确路由
步骤6:后续步骤 → Cookie同意、律师审核等Step 1: Disclaimer & Scope
步骤1:免责声明与范围
Always start with this disclaimer:
⚠️ Important: These are template documents, not legal advice.I'll generate comprehensive legal pages based on your project and answers, but:
- I am not a lawyer and this is not legal advice
- These templates should be reviewed by a qualified attorney
- Laws vary by jurisdiction and change frequently
- Regulated industries (healthcare, finance, children) have special requirements
These documents will give you a solid starting point that covers common requirements under GDPR, CCPA, and general best practices.
Ask: "Do you want to proceed with generating legal pages for this project?"
必须从以下免责声明开始:
⚠️ 重要提示:这些是模板文档,并非法律建议。我会根据你的项目和回答生成全面的法律页面,但:
- 我并非律师,提供的内容不构成法律建议
- 这些模板需由合格律师审核
- 法律规定因司法管辖区而异,且会频繁变更
- 受监管行业(医疗、金融)及面向儿童的服务有特殊要求
这些文档将为你提供符合GDPR、CCPA及通用最佳实践的可靠起点。
询问用户:“你是否要继续为该项目生成法律页面?”
Step 2: Project Detection
步骤2:项目检测
Perform comprehensive codebase scan for data collection signals.
对代码库进行全面扫描,查找数据收集相关信号。
Detection Checklist
检测清单
Search for and report on:
AUTHENTICATION
├── next-auth / NextAuth.js → OAuth providers, session strategy
├── clerk → User profiles, organizations
├── supabase auth → Email, OAuth, phone auth
├── firebase auth → Multiple auth methods
├── lucia → Session-based auth
├── auth0 → Enterprise SSO, social login
├── passport.js → Strategy-based auth
└── Custom auth → JWT, session cookies
ANALYTICS & TRACKING
├── Google Analytics (gtag, GA4)
│ └── Cookies: _ga (2 years), _gid (24h), _gat (1 min)
├── Google Tag Manager → Container for multiple tags
├── Plausible → Privacy-focused, no cookies
├── Fathom → Privacy-focused, no cookies
├── PostHog → Product analytics, session recording
├── Mixpanel → Event tracking, user profiles
├── Amplitude → Product analytics
├── Heap → Auto-capture analytics
├── Hotjar/FullStory → Session recording, heatmaps
├── Vercel Analytics → Privacy-focused, no cookies
└── Segment → Customer data platform
PAYMENTS & BILLING
├── Stripe
│ └── You store: customer_id, subscription status
│ └── Stripe stores: payment methods, card details
│ └── Cookies: __stripe_mid, __stripe_sid
├── Paddle → Merchant of record model
├── LemonSqueezy → Merchant of record model
├── PayPal → Payment processor
└── Custom billing → Invoice data, payment history
EMAIL SERVICES
├── Resend → Transactional email
├── SendGrid → Email delivery
├── Postmark → Transactional email
├── Mailchimp/ConvertKit → Marketing email, subscriber lists
├── Customer.io → Marketing automation
└── AWS SES → Email infrastructure
ERROR TRACKING & MONITORING
├── Sentry → Error tracking, may capture user context
├── LogRocket → Session replay, error tracking
├── Bugsnag → Error monitoring
├── Datadog → APM, logging, traces
└── New Relic → Application monitoring
CUSTOMER SUPPORT
├── Intercom → Chat, user data, conversation history
├── Crisp → Live chat
├── Zendesk → Support tickets
├── HelpScout → Customer support
└── Freshdesk → Support platform
DATABASE & STORAGE
├── PostgreSQL/MySQL → User data storage
├── MongoDB → Document storage
├── Prisma → ORM (check schema for PII)
├── Drizzle → ORM
├── Supabase → Database + auth + storage
├── PlanetScale → MySQL platform
├── Neon → Serverless Postgres
├── Cloudinary → Image/video storage
├── Uploadthing → File uploads
├── AWS S3 → Object storage
└── Vercel Blob → File storage
HOSTING & INFRASTRUCTURE
├── Vercel → Logs IP addresses, request data
├── Netlify → Similar logging
├── AWS → CloudFront logs, ALB logs
├── Cloudflare → CDN, may set cookies
└── Railway/Render → Platform logs
MARKETING & ADS
├── Facebook Pixel → Conversion tracking
│ └── Cookies: _fbp, fr
├── Google Ads → Conversion tracking
│ └── Cookies: _gcl_au, _gcl_aw
├── LinkedIn Insight Tag → B2B tracking
├── Twitter/X Pixel → Conversion tracking
├── TikTok Pixel → Conversion tracking
└── Pinterest Tag → Conversion tracking
CMS & CONTENT
├── Sanity → Content management
├── Contentful → Headless CMS
├── Payload → Headless CMS
├── Strapi → Headless CMS
└── WordPress API → Content source
FORMS & DATA COLLECTION
├── Contact forms → Name, email, message
├── Newsletter signup → Email address
├── User profiles → Various PII
├── File uploads → User-generated content
├── Surveys/feedback → User responses
└── Job applications → Resumes, personal info搜索并报告以下内容:
身份验证
├── next-auth / NextAuth.js → OAuth提供商、会话策略
├── clerk → 用户资料、组织
├── supabase auth → 邮箱、OAuth、手机号验证
├── firebase auth → 多种验证方式
├── lucia → 基于会话的验证
├── auth0 → 企业单点登录、社交登录
├── passport.js → 基于策略的验证
└── 自定义验证 → JWT、会话Cookie
分析与追踪
├── Google Analytics (gtag, GA4)
│ └── Cookies: _ga(2年)、_gid(24小时)、_gat(1分钟)
├── Google Tag Manager → 多标签容器
├── Plausible → 隐私优先,无Cookie
├── Fathom → 隐私优先,无Cookie
├── PostHog → 产品分析、会话录制
├── Mixpanel → 事件追踪、用户资料
├── Amplitude → 产品分析
├── Heap → 自动捕获分析
├── Hotjar/FullStory → 会话录制、热力图
├── Vercel Analytics → 隐私优先,无Cookie
└── Segment → 客户数据平台
支付与账单
├── Stripe
│ └── 你存储的内容:customer_id、订阅状态
│ └── Stripe存储的内容:支付方式、卡片详情
│ └── Cookies: __stripe_mid、__stripe_sid
├── Paddle → 商家代运营模式
├── LemonSqueezy → 商家代运营模式
├── PayPal → 支付处理器
└── 自定义账单 → 发票数据、支付历史
邮件服务
├── Resend → 事务性邮件
├── SendGrid → 邮件投递
├── Postmark → 事务性邮件
├── Mailchimp/ConvertKit → 营销邮件、订阅列表
├── Customer.io → 营销自动化
└── AWS SES → 邮件基础设施
错误追踪与监控
├── Sentry → 错误追踪,可能捕获用户上下文
├── LogRocket → 会话重放、错误追踪
├── Bugsnag → 错误监控
├── Datadog → 应用性能监控、日志、追踪
└── New Relic → 应用监控
客户支持
├── Intercom → 聊天、用户数据、对话历史
├── Crisp → 在线聊天
├── Zendesk → 支持工单
├── HelpScout → 客户支持
└── Freshdesk → 支持平台
数据库与存储
├── PostgreSQL/MySQL → 用户数据存储
├── MongoDB → 文档存储
├── Prisma → ORM(检查架构中的个人可识别信息)
├── Drizzle → ORM
├── Supabase → 数据库+验证+存储
├── PlanetScale → MySQL平台
├── Neon → 无服务器Postgres
├── Cloudinary → 图片/视频存储
├── Uploadthing → 文件上传
├── AWS S3 → 对象存储
└── Vercel Blob → 文件存储
托管与基础设施
├── Vercel → 记录IP地址、请求数据
├── Netlify → 类似日志记录
├── AWS → CloudFront日志、ALB日志
├── Cloudflare → CDN,可能设置Cookie
└── Railway/Render → 平台日志
营销与广告
├── Facebook Pixel → 转化追踪
│ └── Cookies: _fbp、fr
├── Google Ads → 转化追踪
│ └── Cookies: _gcl_au、_gcl_aw
├── LinkedIn Insight Tag → B2B追踪
├── Twitter/X Pixel → 转化追踪
├── TikTok Pixel → 转化追踪
└── Pinterest Tag → 转化追踪
内容管理系统
├── Sanity → 内容管理
├── Contentful → 无头CMS
├── Payload → 无头CMS
├── Strapi → 无头CMS
└── WordPress API → 内容来源
表单与数据收集
├── 联系表单 → 姓名、邮箱、留言
├── 新闻通讯订阅 → 邮箱地址
├── 用户资料 → 各类个人可识别信息
├── 文件上传 → 用户生成内容
├── 调查/反馈 → 用户回复
└── 职位申请 → 简历、个人信息Detection Output Format
检测结果输出格式
Present findings to user:
markdown
undefined向用户展示检测结果:
markdown
undefined📊 Data Collection Detection Results
📊 数据收集检测结果
Authentication
身份验证
Detected: NextAuth.js with Google and GitHub OAuth
- Data collected: Email, name, profile picture from OAuth providers
- Data stored: User record in database, session cookie
- Session strategy: JWT / Database sessions
检测到: NextAuth.js 搭配Google和GitHub OAuth
- 收集的数据: 来自OAuth提供商的邮箱、姓名、头像
- 存储的数据: 数据库中的用户记录、会话Cookie
- 会话策略: JWT / 数据库会话
Analytics
分析
Detected: Google Analytics 4
- Data collected: Page views, events, device info, IP address
- Cookies set:
Cookie Purpose Duration Type _ga Distinguishes users 2 years Analytics _gid Distinguishes users 24 hours Analytics
检测到: Google Analytics 4
- 收集的数据: 页面浏览量、事件、设备信息、IP地址
- 设置的Cookie:
Cookie 用途 有效期 类型 _ga 区分用户 2年 分析 _gid 区分用户 24小时 分析
Payments
支付
Detected: Stripe
- Data you store: Customer ID, subscription status, billing address
- Data Stripe stores: Payment methods, transaction history
- Note: You are NOT a data controller for card numbers—Stripe is
检测到: Stripe
- 你存储的数据: 客户ID、订阅状态、账单地址
- Stripe存储的数据: 支付方式、交易历史
- 注意: 你并非卡号的数据控制者——Stripe是
Third-Party Processors
第三方处理商
| Service | Data Shared | Purpose | Their Privacy Policy |
|---|---|---|---|
| Vercel | IP, request logs | Hosting | vercel.com/legal/privacy-policy |
| Resend | Email addresses | Transactional email | resend.com/legal/privacy-policy |
| Sentry | Error data, user context | Error tracking | sentry.io/privacy |
| 服务 | 共享的数据 | 用途 | 其隐私政策 |
|---|---|---|---|
| Vercel | IP、请求日志 | 托管 | vercel.com/legal/privacy-policy |
| Resend | 邮箱地址 | 事务性邮件 | resend.com/legal/privacy-policy |
| Sentry | 错误数据、用户上下文 | 错误追踪 | sentry.io/privacy |
Cookies Summary
Cookie汇总
| Category | Count | Examples |
|---|---|---|
| Essential | 2 | Session, CSRF token |
| Analytics | 2 | _ga, _gid |
| Marketing | 0 | None detected |
| Functional | 1 | Theme preference |
---| 类别 | 数量 | 示例 |
|---|---|---|
| 必要Cookie | 2 | 会话、CSRF令牌 |
| 分析Cookie | 2 | _ga、_gid |
| 营销Cookie | 0 | 未检测到 |
| 功能性Cookie | 1 | 主题偏好 |
---Step 3: Guided Questions
步骤3:引导式问答
Use AskUserQuestion tool for each round. One focused topic at a time.
使用AskUserQuestion工具进行每一轮问答,每次聚焦一个主题。
Round 1: Business Identity
第1轮:企业身份
Question: "What are your business details?"
Header: "Business"
Options: [Free text response needed]
Gather:
- Legal business name (e.g., "Acme Inc." or "John Smith trading as Acme")
- Country/state of incorporation or residence
- Business type: Company, LLC, Sole proprietor, etc.
- Website URL
- Contact email for privacy/legal inquiries
- Physical address (required for some jurisdictions, recommended for all)问题:“你的企业详细信息是什么?”
标题:“企业信息”
选项:[需要自由文本回复]
收集内容:
- 合法企业名称(例如:“Acme Inc.”或“John Smith以Acme名义经营”)
- 注册或居住的国家/州
- 企业类型:公司、LLC、独资企业等
- 网站URL
- 隐私/法律咨询联系邮箱
- 实际地址(部分司法管辖区要求,建议所有项目提供)Round 2: Target Audience & Jurisdiction
第2轮:目标受众与司法管辖区
Question: "Where are your users located?"
Header: "Jurisdiction"
Options:
- "Worldwide (GDPR + CCPA compliant)" [Recommended]
→ Covers EU, California, and general best practices
- "US only"
→ CCPA for California, general US practices
- "EU/EEA only"
→ GDPR-focused
- "Specific countries"
→ Ask follow-up for which countries
Follow-up if needed:
Question: "Do you expect users under 18?"
Header: "Age"
Options:
- "No, adults only (18+)"
- "Yes, 13-17 with parental consent"
- "Yes, under 13" → COPPA applies, special handling required
- "Not sure"问题:“你的用户位于哪些地区?”
标题:“司法管辖区”
选项:
- “全球范围(符合GDPR+CCPA)” [推荐]
→ 覆盖欧盟、加州及通用最佳实践
- “仅美国”
→ 符合加州CCPA及美国通用实践
- “仅欧盟/欧洲经济区”
→ 专注GDPR合规
- “特定国家”
→ 追问具体国家
必要时跟进:
问题:“你是否会有18岁以下的用户?”
标题:“年龄范围”
选项:
- “无,仅面向成人(18+)”
- “是,13-17岁需家长同意”
- “是,13岁以下” → 适用COPPA,需特殊处理
- “不确定”Round 3: Documents Needed
第3轮:所需文档
Question: "Which legal documents do you need?"
Header: "Documents"
MultiSelect: true
Options:
- "Privacy Policy" [Required for almost all sites]
→ Required if you collect ANY data (even just analytics)
- "Terms of Service"
→ Required for apps/SaaS, recommended for all
- "Cookie Policy"
→ Required if using non-essential cookies (can be section in Privacy Policy)
- "Acceptable Use Policy"
→ Recommended if users can post content or interact问题:“你需要哪些法律文档?”
标题:“文档类型”
多选:是
选项:
- “隐私政策” [几乎所有网站都需要]
→ 只要收集任何数据(即使只是分析数据)就需要
- “服务条款”
→ 应用/SaaS必需,建议所有项目都有
- “Cookie政策”
→ 使用非必要Cookie时必需(可作为隐私政策的一部分)
- “可接受使用政策”
→ 若用户可发布内容或互动,建议提供Round 4: Service Type & Features
第4轮:服务类型与功能
Question: "What type of service is this?"
Header: "Service type"
Options:
- "SaaS / Web application"
→ User accounts, possibly subscriptions
- "E-commerce / Online store"
→ Products, checkout, shipping
- "Content / Blog / Marketing site"
→ Minimal data collection
- "Marketplace / Platform"
→ Multiple user types, transactions between users
- "API / Developer tools"
→ API keys, usage data, developer accounts
Follow-up based on selection:
- SaaS: "Do you offer free trials? Refund policy? Subscription billing?"
- E-commerce: "Physical or digital products? Return policy? Shipping regions?"
- Marketplace: "Do you facilitate payments between users? Take commission?"问题:“这是什么类型的服务?”
标题:“服务类型”
选项:
- “SaaS / Web应用”
→ 包含用户账户,可能有订阅功能
- “电商 / 在线商店”
→ 产品、结账、物流
- “内容 / 博客 / 营销网站”
→ 数据收集量极少
- “市场 / 平台”
→ 多用户类型,用户间存在交易
- “API / 开发者工具”
→ API密钥、使用数据、开发者账户
根据选择跟进:
- SaaS:“你是否提供免费试用?退款政策?订阅账单?”
- 电商:“是实体产品还是数字产品?退货政策?配送地区?”
- 市场:“你是否促成用户间的支付?收取佣金?”Round 5: Specific Policies
第5轮:特定政策
Question: "What are your data practices?"
Header: "Practices"
MultiSelect: true
Options:
- "We use data only for providing our service"
- "We send marketing emails (with consent)"
- "We share anonymized/aggregated data"
- "We use AI/ML to process user data"
- "We allow third-party integrations"
Question: "What is your refund/cancellation policy?"
Header: "Refunds"
Options:
- "14-day money-back guarantee"
- "30-day money-back guarantee"
- "Pro-rated refunds for annual plans"
- "No refunds (for digital goods)"
- "Custom policy" → Ask for details问题:“你的数据处理实践是什么?”
标题:“处理实践”
多选:是
选项:
- “我们仅将数据用于提供服务”
- “我们发送营销邮件(需用户同意)”
- “我们分享匿名/聚合数据”
- “我们使用AI/ML处理用户数据”
- “我们允许第三方集成”
问题:“你的退款/取消政策是什么?”
标题:“退款政策”
选项:
- “14天无理由退款保证”
- “30天无理由退款保证”
- “年度计划按比例退款”
- “不退款(数字商品)”
- “自定义政策” → 追问详情Step 4: Generate Documents
步骤4:生成文档
Based on detection + user answers, generate fully personalized documents.
基于检测结果+用户回答,生成完全个性化的文档。
CRITICAL: No Placeholders
关键要求:无占位符
DO NOT generate documents with markers. The documents must be:
[PLACEHOLDER]- Filled in with actual company name, URLs, emails from user answers
- Populated with actual detected services (Stripe, Vercel, etc.) by name
- Include real cookie names and durations from detection
- Have actual data categories based on what was detected
- Remove sections that don't apply (e.g., no Payments section if no payments detected)
Example — WRONG:
We share data with [SERVICE_PROVIDERS].
Contact us at [EMAIL].Example — CORRECT:
We share data with Vercel (hosting), Stripe (payments), and Resend (email).
Contact us at privacy@acme.com.The templates below show the structure. When generating, replace ALL bracketed items with real values from detection and user answers. If a section doesn't apply to this project, omit it entirely.
禁止生成带有标记的文档。文档必须:
[PLACEHOLDER]- 填充用户提供的实际公司名称、URL、邮箱
- 按名称填入实际检测到的服务(如Stripe、Vercel等)
- 包含检测到的真实Cookie名称和有效期
- 根据检测到的内容列出实际数据类别
- 删除不适用的章节(如未检测到支付功能则移除支付章节)
示例 — 错误:
我们与[SERVICE_PROVIDERS]共享数据。
联系我们:[EMAIL]。示例 — 正确:
我们与Vercel(托管)、Stripe(支付)和Resend(邮件)共享数据。
联系我们:privacy@acme.com。以下模板结构为参考。生成时,将所有括号内的内容替换为检测结果和用户回答中的真实值。若某章节不适用于该项目,需完全移除。
Structure Reference Templates
结构参考模板
The template structures for each document are maintained in separate files. Read these templates at runtime to use as the structure reference when generating personalized documents:
- Privacy Policy:
${CLAUDE_PLUGIN_ROOT}/templates/privacy-policy.md - Terms of Service:
${CLAUDE_PLUGIN_ROOT}/templates/terms-of-service.md - Cookie Policy:
${CLAUDE_PLUGIN_ROOT}/templates/cookie-policy.md
Use Read tool to load each template before generating. The templates show the structure — when generating, replace ALL bracketed items with real values from detection and user answers. If a section doesn't apply to this project, omit it entirely.
各文档的模板结构维护在单独文件中。生成前请使用Read工具加载这些模板,以其结构为基础生成个性化文档:
- 隐私政策:
${CLAUDE_PLUGIN_ROOT}/templates/privacy-policy.md - 服务条款:
${CLAUDE_PLUGIN_ROOT}/templates/terms-of-service.md - Cookie政策:
${CLAUDE_PLUGIN_ROOT}/templates/cookie-policy.md
Step 5: Implementation
步骤5:实施
Create the Pages
创建页面
For Next.js App Router:
app/
├── (legal)/
│ ├── layout.tsx # Shared layout for legal pages
│ ├── privacy/page.tsx # Privacy Policy
│ ├── terms/page.tsx # Terms of Service
│ └── cookies/page.tsx # Cookie Policy (or section in privacy)Example layout:
tsx
// app/(legal)/layout.tsx
export default function LegalLayout({ children }: { children: React.ReactNode }) {
return (
<div className="container mx-auto max-w-3xl px-4 py-12">
<article className="prose prose-gray dark:prose-invert max-w-none">
{children}
</article>
</div>
)
}Offer to create:
- The page files with generated content
- Footer links to the legal pages
- Cookie consent banner component (if needed)
针对Next.js App Router:
app/
├── (legal)/
│ ├── layout.tsx # 法律页面共享布局
│ ├── privacy/page.tsx # 隐私政策
│ ├── terms/page.tsx # 服务条款
│ └── cookies/page.tsx # Cookie政策(或作为隐私政策的一部分)示例布局:
tsx
// app/(legal)/layout.tsx
export default function LegalLayout({ children }: { children: React.ReactNode }) {
return (
<div className="container mx-auto max-w-3xl px-4 py-12">
<article className="prose prose-gray dark:prose-invert max-w-none">
{children}
</article>
</div>
)
}可提供的创建服务:
- 包含生成内容的页面文件
- 指向法律页面的页脚链接
- Cookie同意横幅组件(若需要)
Step 6: Next Steps
步骤6:后续步骤
Present to user after generation:
markdown
undefined生成完成后向用户展示:
markdown
undefined✅ Legal Pages Generated
✅ 法律页面已生成
Created:
- — Privacy Policy
/privacy - — Terms of Service
/terms - — Cookie Policy
/cookies
已创建:
- — 隐私政策
/privacy - — 服务条款
/terms - — Cookie政策
/cookies
Required Next Steps
必需的后续步骤
-
Add footer links
- Link to Privacy Policy, Terms, and Cookies from your site footer
-
Cookie consent banner (if using non-essential cookies)
- Required before setting analytics/marketing cookies
- Must offer "Reject All" option for GDPR compliance
- Consider: CookieConsent, Osano, or custom
-
Legal review
- Have these documents reviewed by a lawyer, especially if:
- You handle sensitive data (health, financial)
- You have users in multiple jurisdictions
- You're in a regulated industry
- You process children's data
- Have these documents reviewed by a lawyer, especially if:
-
Keep updated
- Update "Last updated" date when you make changes
- Review annually at minimum
- Update when you add new data collection or third-party services
-
Data Subject Requests
- Set up a process to handle privacy requests (access, deletion, etc.)
- Aim to respond within 30 days (GDPR requirement)
---
<arc_log>
**After completing this skill, append to the activity log.**
See: `${CLAUDE_PLUGIN_ROOT}/references/arc-log.md`
Entry: `/arc:legal — Generated Privacy Policy, Terms, Cookie Policy`
</arc_log>
----
添加页脚链接
- 在网站页脚添加指向隐私政策、服务条款和Cookie政策的链接
-
Cookie同意横幅(若使用非必要Cookie)
- 设置分析/营销Cookie前必须添加
- 需提供“全部拒绝”选项以符合GDPR合规要求
- 可考虑:CookieConsent、Osano或自定义实现
-
法律审核
- 请律师审核这些文档,尤其是以下情况:
- 你处理敏感数据(健康、金融)
- 你有来自多个司法管辖区的用户
- 你处于受监管行业
- 你处理儿童数据
- 请律师审核这些文档,尤其是以下情况:
-
保持更新
- 更改内容时更新“最后更新”日期
- 至少每年审核一次
- 添加新的数据收集方式或第三方服务时更新文档
-
数据主体请求
- 建立处理隐私请求(访问、删除等)的流程
- 目标在30天内回复(GDPR要求)
---
<arc_log>
**完成本技能后,将内容追加到活动日志。**
查看:`${CLAUDE_PLUGIN_ROOT}/references/arc-log.md`
日志条目:`/arc:legal — 生成隐私政策、服务条款、Cookie政策`
</arc_log>
---Interop
互操作性
- Invoked by /arc:letsgo when legal documents are missing
- May invoke cookie consent implementation after generating Cookie Policy
- References project detection patterns shared with /arc:letsgo
- 当/arc:letsgo检测到缺少法律文档时触发
- 生成Cookie政策后可调用Cookie同意实现技能
- 与/arc:letsgo共享项目检测模式