diff --git a/src/main/java/dev/kruhlmann/imgfloat/config/SecurityConfig.java b/src/main/java/dev/kruhlmann/imgfloat/config/SecurityConfig.java
index 8407889..2c9b49d 100644
--- a/src/main/java/dev/kruhlmann/imgfloat/config/SecurityConfig.java
+++ b/src/main/java/dev/kruhlmann/imgfloat/config/SecurityConfig.java
@@ -59,7 +59,10 @@ public class SecurityConfig {
                         "/v3/api-docs/**",
                         "/swagger-ui.html",
                         "/swagger-ui/**",
-                        "/channels"
+                        "/channels",
+                        "/terms",
+                        "/privacy",
+                        "/cookies"
                     )
                     .permitAll()
                     .requestMatchers(HttpMethod.GET, "/view/*/broadcast")
diff --git a/src/main/java/dev/kruhlmann/imgfloat/controller/ViewController.java b/src/main/java/dev/kruhlmann/imgfloat/controller/ViewController.java
index 7668164..7292de9 100644
--- a/src/main/java/dev/kruhlmann/imgfloat/controller/ViewController.java
+++ b/src/main/java/dev/kruhlmann/imgfloat/controller/ViewController.java
@@ -76,6 +76,27 @@ public class ViewController {
         return "channels";
     }
 
+    @org.springframework.web.bind.annotation.GetMapping("/terms")
+    public String termsOfUse(Model model) {
+        LOG.info("Rendering terms of use");
+        addVersionAttributes(model);
+        return "terms";
+    }
+
+    @org.springframework.web.bind.annotation.GetMapping("/privacy")
+    public String privacyPolicy(Model model) {
+        LOG.info("Rendering privacy policy");
+        addVersionAttributes(model);
+        return "privacy";
+    }
+
+    @org.springframework.web.bind.annotation.GetMapping("/cookies")
+    public String cookiePolicy(Model model) {
+        LOG.info("Rendering cookie policy");
+        addVersionAttributes(model);
+        return "cookies";
+    }
+
     @org.springframework.web.bind.annotation.GetMapping("/settings")
     public String settingsView(OAuth2AuthenticationToken oauthToken, Model model) {
         String sessionUsername = OauthSessionUser.from(oauthToken).login();
diff --git a/src/main/resources/templates/channels.html b/src/main/resources/templates/channels.html
index 0abfcef..e4eb38e 100644
--- a/src/main/resources/templates/channels.html
+++ b/src/main/resources/templates/channels.html
@@ -43,6 +43,12 @@
             </main>
 
             <footer class="landing-meta">
+                <div class="build-chip">
+                    <span class="muted">Legal</span>
+                    <a class="version-badge version-link" href="/terms">Terms</a>
+                    <a class="version-badge version-link" href="/privacy">Privacy</a>
+                    <a class="version-badge version-link" href="/cookies">Cookies</a>
+                </div>
                 <div class="build-chip">
                     <span class="muted">License</span>
                     <span class="version-badge">MIT</span>
diff --git a/src/main/resources/templates/cookies.html b/src/main/resources/templates/cookies.html
new file mode 100644
index 0000000..9b1671d
--- /dev/null
+++ b/src/main/resources/templates/cookies.html
@@ -0,0 +1,55 @@
+<!doctype html>
+<html lang="en" xmlns:th="http://www.thymeleaf.org">
+    <head>
+        <meta charset="UTF-8" />
+        <title>Cookie Policy - Imgfloat</title>
+        <link rel="icon" href="/favicon.ico" />
+        <link rel="stylesheet" href="/css/styles.css" />
+    </head>
+    <body>
+        <main class="landing">
+            <header class="landing-header">
+                <div class="brand">
+                    <img class="brand-mark" alt="brand" src="/img/brand.png" />
+                    <div>
+                        <div class="brand-title">Imgfloat</div>
+                        <div class="brand-subtitle">Twitch overlay manager</div>
+                    </div>
+                </div>
+            </header>
+
+            <section class="download-section">
+                <h1>Cookie Policy</h1>
+                <p class="muted">Last updated: <span th:text="${version}">version</span></p>
+
+                <h2>1. What are cookies?</h2>
+                <p>
+                    Cookies are small text files stored on your device. Imgfloat uses cookies to keep you signed in and
+                    to protect the service.
+                </p>
+
+                <h2>2. Cookies we use</h2>
+                <ul>
+                    <li>Authentication cookies to keep your session active.</li>
+                    <li>XSRF token cookies to help prevent cross-site request forgery.</li>
+                    <li>Cookie consent preferences for this site.</li>
+                </ul>
+
+                <h2>3. Managing cookies</h2>
+                <p>
+                    You can block or delete cookies in your browser settings. Blocking essential cookies may prevent the
+                    service from working properly.
+                </p>
+
+                <h2>4. Contact</h2>
+                <p>
+                    For questions about cookies, contact the administrator of the Imgfloat service instance you are
+                    using.
+                </p>
+
+                <p><a href="/terms">Terms of Use</a> · <a href="/privacy">Privacy Policy</a></p>
+            </section>
+        </main>
+        <script src="/js/cookie-consent.js"></script>
+    </body>
+</html>
diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html
index e89318c..1c876ac 100644
--- a/src/main/resources/templates/index.html
+++ b/src/main/resources/templates/index.html
@@ -34,6 +34,12 @@
             <section class="download-section" th:insert="~{fragments/downloads :: downloads}"></section>
 
             <footer class="landing-meta">
+                <div class="build-chip">
+                    <span class="muted">Legal</span>
+                    <a class="version-badge version-link" href="/terms">Terms</a>
+                    <a class="version-badge version-link" href="/privacy">Privacy</a>
+                    <a class="version-badge version-link" href="/cookies">Cookies</a>
+                </div>
                 <div class="build-chip">
                     <span class="muted">License</span>
                     <span class="version-badge">MIT</span>
diff --git a/src/main/resources/templates/privacy.html b/src/main/resources/templates/privacy.html
new file mode 100644
index 0000000..5566c5c
--- /dev/null
+++ b/src/main/resources/templates/privacy.html
@@ -0,0 +1,68 @@
+<!doctype html>
+<html lang="en" xmlns:th="http://www.thymeleaf.org">
+    <head>
+        <meta charset="UTF-8" />
+        <title>Privacy Policy - Imgfloat</title>
+        <link rel="icon" href="/favicon.ico" />
+        <link rel="stylesheet" href="/css/styles.css" />
+    </head>
+    <body>
+        <main class="landing">
+            <header class="landing-header">
+                <div class="brand">
+                    <img class="brand-mark" alt="brand" src="/img/brand.png" />
+                    <div>
+                        <div class="brand-title">Imgfloat</div>
+                        <div class="brand-subtitle">Twitch overlay manager</div>
+                    </div>
+                </div>
+            </header>
+
+            <section class="download-section">
+                <h1>Privacy Policy</h1>
+                <p class="muted">Last updated: <span th:text="${version}">version</span></p>
+
+                <h2>1. Information we collect</h2>
+                <p>We collect the minimum data needed to operate Imgfloat.</p>
+                <ul>
+                    <li>Account data such as your Twitch username and identifiers for authentication.</li>
+                    <li>Uploaded assets (images, audio, video, and scripts) you choose to store.</li>
+                    <li>Operational logs for security, abuse prevention, and reliability.</li>
+                </ul>
+
+                <h2>2. How we use information</h2>
+                <p>
+                    We use your information to authenticate you, deliver overlays, sync assets, and maintain service
+                    performance.
+                </p>
+
+                <h2>3. Data sharing</h2>
+                <p>
+                    We do not sell your personal information. We may share data with service providers who help operate
+                    Imgfloat or when required by law.
+                </p>
+
+                <h2>4. Data retention</h2>
+                <p>
+                    We retain account data and assets for as long as your account is active. You can remove assets at
+                    any time. Operational logs are retained for a limited period for security and troubleshooting.
+                </p>
+
+                <h2>5. Your choices</h2>
+                <p>
+                    You can manage your assets and connected channels from your dashboard. You can also contact the
+                    administrator of this Imgfloat instance to request access or deletion.
+                </p>
+
+                <h2>6. Contact</h2>
+                <p>
+                    Privacy questions should be directed to the administrator of the Imgfloat service instance you are
+                    using.
+                </p>
+
+                <p><a href="/terms">Terms of Use</a> · <a href="/cookies">Cookie Policy</a></p>
+            </section>
+        </main>
+        <script src="/js/cookie-consent.js"></script>
+    </body>
+</html>
diff --git a/src/main/resources/templates/terms.html b/src/main/resources/templates/terms.html
new file mode 100644
index 0000000..9a32e6e
--- /dev/null
+++ b/src/main/resources/templates/terms.html
@@ -0,0 +1,102 @@
+<!doctype html>
+<html lang="en" xmlns:th="http://www.thymeleaf.org">
+    <head>
+        <meta charset="UTF-8" />
+        <title>Terms of Use - Imgfloat</title>
+        <link rel="icon" href="/favicon.ico" />
+        <link rel="stylesheet" href="/css/styles.css" />
+    </head>
+    <body>
+        <main class="landing">
+            <header class="landing-header">
+                <div class="brand">
+                    <img class="brand-mark" alt="brand" src="/img/brand.png" />
+                    <div>
+                        <div class="brand-title">Imgfloat</div>
+                        <div class="brand-subtitle">Twitch overlay manager</div>
+                    </div>
+                </div>
+            </header>
+
+            <section class="download-section">
+                <h1>Terms of Use</h1>
+                <p class="muted">Last updated: <span th:text="${version}">version</span></p>
+
+                <h2>1. Acceptance of terms</h2>
+                <p>
+                    By accessing or using Imgfloat, you agree to these Terms of Use. If you do not agree, do not use the
+                    service.
+                </p>
+
+                <h2>2. Eligibility</h2>
+                <p>
+                    You must be able to form a binding agreement in your jurisdiction. If you use Imgfloat on behalf of
+                    an organization, you represent that you have authority to bind that organization.
+                </p>
+
+                <h2>3. Your account</h2>
+                <p>
+                    You are responsible for activity that occurs through your account and for maintaining the
+                    confidentiality of your sign-in credentials.
+                </p>
+
+                <h2>4. User content and scripts</h2>
+                <p>
+                    You retain ownership of the assets you upload. You represent that you have all necessary rights to
+                    upload and share those assets.
+                </p>
+                <p>
+                    By submitting script code, you agree to release that code under the MIT License to the public. This
+                    applies to new scripts and updates you submit through Imgfloat.
+                </p>
+
+                <h2>5. Acceptable use</h2>
+                <p>You agree not to:</p>
+                <ul>
+                    <li>Use the service to upload illegal, infringing, or harmful content.</li>
+                    <li>Attempt to disrupt, abuse, or interfere with the service or other users.</li>
+                    <li>Reverse engineer or circumvent security features.</li>
+                </ul>
+
+                <h2>6. Service changes</h2>
+                <p>
+                    We may modify or discontinue features at any time. We are not liable for any modification,
+                    suspension, or discontinuation of the service.
+                </p>
+
+                <h2>7. Termination</h2>
+                <p>
+                    We may suspend or terminate your access if you violate these terms or if we reasonably believe your
+                    use poses risk to the service or other users.
+                </p>
+
+                <h2>8. Disclaimers</h2>
+                <p>
+                    The service is provided “as is” without warranties of any kind. We disclaim all warranties, express
+                    or implied, including merchantability and fitness for a particular purpose.
+                </p>
+
+                <h2>9. Limitation of liability</h2>
+                <p>
+                    To the maximum extent permitted by law, Imgfloat is not liable for indirect, incidental, special,
+                    consequential, or punitive damages, or any loss of profits or data.
+                </p>
+
+                <h2>10. Governing law</h2>
+                <p>
+                    These terms are governed by the laws applicable in the jurisdiction where Imgfloat is operated,
+                    without regard to conflict of law principles.
+                </p>
+
+                <h2>11. Contact</h2>
+                <p>
+                    Questions about these terms can be directed to the administrators of the Imgfloat service instance
+                    you are using.
+                </p>
+
+                <p><a href="/privacy">Privacy Policy</a> · <a href="/cookies">Cookie Policy</a></p>
+            </section>
+        </main>
+        <script src="/js/cookie-consent.js"></script>
+    </body>
+</html>