Legal and compliance basics

Most small businesses over-fear legal risk on social, then under-do the actual compliance. Here's a plain-English overview of what genuinely matters. This is general information, not legal advice — consult a real lawyer for specifics.

Disclosure of paid partnerships (FTC)

In the US, any time you or a creator you're paying posts about a product or service and there's compensation (cash, free product, affiliate commission, discount), it must be clearly disclosed.

• How to disclose: "#ad" at the start of the post, "paid partnership" tag where available, or clear language ("@brand sent me this to try").
• Who's responsible: both you (the brand) and the creator. Don't assume the creator knows the rules.
• The test: would a reasonable reader understand that this is a paid/compensated relationship?
• Penalties: mostly reputational + FTC warnings. Legal fines rare for small businesses but increasing.

Copyright and music

• Photos you didn't take: need permission or a proper license. Stock image licenses are specific about where and how you can use them.
• Music in videos: use only platform-licensed music libraries (TikTok's library, Instagram's library). Don't rip a song off YouTube and use it — instant takedown and account strike.
• Customer-generated content: get explicit written permission before reposting. A DM "yes, feel free" is enough for small reposts; formal case studies should have a signed release.
• Screenshots of other posts: quoting and commenting is generally fair use; reposting verbatim without attribution or permission is not.

Platform Terms of Service

Every platform has strict ToS that can ban your account at their discretion. Key categories to watch:

• Multi-account / automation: platforms have different tolerance levels. Facebook/Instagram (Meta) is strictest; X is more tolerant; TikTok is middle. Using a scheduling tool is fine; using follow/unfollow bots is not.
• Spam rules: mass DMs, comment copy-paste, follow-for-follow schemes all violate most ToS.
• Sensitive categories: health claims, financial promises, political ads often have extra rules. Check the platform's ad policy library.

Data privacy (GDPR, CCPA, and the rest)

If you collect ANY personal data — even an email address — you trigger these rules:

• Consent: a checkbox saying "I agree to receive emails" before collection. Pre-checked boxes are not consent under GDPR.
• Privacy policy: a real, published policy explaining what you collect and what you do with it. Linked from your signup form and website footer.
• Right to delete: if someone asks you to delete their data, you have to (with some legitimate exceptions). Have a process.
• Data breach notification: if user data leaks, you have 72 hours under GDPR to report it.

Claims and advertising standards

• Health/wellness claims: "cures," "prevents," "treats" can trigger FDA/FTC issues. Stick to "supports," "contributes to," testimonials with typical disclaimers.
• Financial claims: "guaranteed returns," "easy money" — don't. Disclaimers required even for legitimate financial services content.
• Before/after claims: typical-result disclaimers. Individual transformations aren't typical; say so.
• Testimonials: must be real, verifiable, representative.

Contest and giveaway legality

• Official rules: always published. Copy a standard template from Contests Canada or USA Contest Rules.
• No-purchase-necessary clause: US rule — users can't be required to buy to enter.
• Age restrictions: always 18+ for US-based public giveaways.
• Platform-specific rules: Instagram and Facebook explicitly require disclaimers saying the platform isn't affiliated.

The affordable compliance baseline

For a typical small business:

• Published privacy policy on your website
• Clear paid-partnership disclosures
• Music only from platform-provided libraries
• Written permission for any UGC you repost
• Standard contest rules template for giveaways
• Honest claims with appropriate disclaimers

Those six cover 95% of what a small business needs. For anything more complex — FDA-regulated products, financial services, children's products, cross-border complex GDPR — hire a real lawyer.