Privacy & Information Security Law Blog

On February 27, 2025, in Chabolla v. ClassPass Inc., the U.S. Court of Appeals for the Ninth Circuit, in a split 2-1 decision, held that website users were not bound by the terms of a “sign-in wrap” agreement.

ClassPass sells subscription packages that grant subscribers access to an assortment of gyms, studios and fitness and wellness classes. The website requires visitors to navigate through several webpages to complete the purchase of a subscription. After the landing page, the first screen (“Screen 1”) states: “By clicking ‘Sign up with Facebook’ or ‘Continue,’ I agree to the Terms of Use and Privacy Policy.” The next screen (“Screen 2”) states: “By signing up you agree to our Terms of Use and Privacy Policy.” The final checkout page (“Screen 3”) states: “I agree to the Terms of Use and Privacy Policy.” On each screen, the words “Terms of Use” and “Privacy Policy” appeared as blue hyperlinks that took the user to those documents.

The court described four types of Internet contracts based on distinct “assent” mechanisms:

• Browsewrap - users accept a website’s terms merely by browsing the site, although those terms are not always immediately apparent on the screen (courts consistently decline to enforce).
• Clickwrap - the website presents its terms in a “pop-up screen” and users accept them by clicking or checking a box expressly affirming the same (courts routinely enforce).
• Scrollwrap - users must scroll through the terms before the website allows them to click manifesting acceptance (courts usually enforce).
• Sign-in wrap - the website provides a link to the terms and states that some action will bind users but does not require users to actually review those terms (courts often enforce depending on certain factors).

The court analyzed ClassPass’ consent mechanism as a sign-in wrap because its website provided a link to the company’s online terms but did not require users to read them before purchasing a subscription. Accordingly, the court held that user assent required a showing that:  (1) the website provides reasonably conspicuous notice of the terms to which users will be bound; and (2) users take some action, such as clicking a button or checking a box, that unambiguously manifests their assent to those terms.  

The majority found Screen 1 was not reasonably conspicuous because of the notice’s “distance from relevant action items” and its “placement outside of the user’s natural flow,” and because the font is “timid in both size and color,” “deemphasized by the overall design of the webpage,” and not “prominently displayed.”

The majority did not reach a firm conclusion on whether the notice on Screen 2 and Screen 3 is reasonably conspicuous. On one hand, Screen 2 and Screen 3 placed the notice more centrally, the notice interrupted the natural flow of the action items on Screen 2 (i.e., it was not buried on the bottom of the webpage or placed outside the action box but rather was located directly on top of or below each action button), and users had to move past the notice to continue on Screen 3. On the other hand, the notice appeared as the smallest and grayest text on the screens and the transition between screens was somewhat muddled by language regarding gift cards, which may not be relevant to a user’s transaction; thus, a reasonable user could assume the notice pertained to gift cards and hastily skim past it. 

Even if the notice on Screen 2 and Screen 3 was reasonably conspicuous, the majority deemed the notice language on both screens ambiguous. Screen 2 explained that “[b]y signing up you agree to our Terms of Use and Privacy Policy,” but there was no “sign up” button—rather, the only button on Screen 2 read “Continue.” Screen 3 read, “I agree to the Terms of Use and Privacy Policy,” and the action button that follows is labeled “Redeem now”; it does not specify the user action that would constitute assent to the terms. In other words, the notice needs to clearly articulate an action by the user that will bind the user to the terms, and there should be no ambiguity that the user has taken such action. For example, clicking a “Place Order” button unambiguously manifests assent if the user is notified that “by making a purchase, you confirm that you agree to our Terms of Use.” 

Accordingly, the court held that Screen 1 did not provide reasonably conspicuous notice and, even if Screen 2 and Screen 3 did, progress through those screens did not give rise to an unambiguous manifestation of assent.

The dissent noted that the majority opinion “sows great uncertainty” in the area of internet contracts because “minor differences between websites will yield opposite results.” Similarly, the dissent argued that the majority opinion will “destabilize law and business” because companies cannot predict how courts are going to react from one case to another. Likewise, the dissent expressed concern that the majority opinion will drive websites to the only safe harbors available to them—clickwrap or scrollwrap agreements.

While ClassPass involved user assent to an arbitration provision in the company’s online terms, the issue of user assent runs far deeper, extending to issues like consent to privacy and cookie policies—a formidable defense to claims involving alleged tracking technologies and wiretapping theories. Notwithstanding the majority’s opinion, many businesses’ sign-in wrap agreements will differ from the one at issue in the lawsuit and align more closely with the types of online agreements that courts have enforced. Nonetheless, as the dissent noted, use of a sign-in wrap agreement carries some degree of uncertainty. Scrollwrap and clickwrap agreements continue to afford businesses the most certainty.