Not having T&C/TOS/PP is asking for trouble when things go wrong – especially when you're obtaining personal information and/or processing payments.

My advice is to (from the most the least recommended):
1. Ask your lawyer to draft them up for you.
2. If you have little/no money, look around for a friend that's a law student (or a law student in general) and do some bartering.
3. Go through the legal docs of your competitors/similar sites and come up with something alike. Be aware that's the last resort and if you'll start making money, this should be the first thing to properly sort out.

I know that figuring out policies and paperwork seems very boring, but it's a must. A few years back we had (in Poland) an influx of trolls that would go through TOSes of online stores/e-commerce websites. When they found not allowed clauses, they'd hit you up with threats of legal actions (court case, notifying the Office of Consumer Protection, etc.) unless you'd pay them or/and some charity.

You should have some basic "terms & privacy" policies.

You can start with free options in:

• termsfeed.com/
• termly.io/
• getterms.io/

In case you need some 'complex' or 'delicate' stuff from your users, you can update those policies (paying a '1' time fee) and update it. Plus having your policies served on other servers is a good choice in case something go wrong from your side.

As @wojciechgabrys says "Go through the legal docs of your competitors/similar sites and come up with something similar." and you should be 'OK'.

Plus some services like 'termsfeed' can help you set up a privacy policy for the incoming GDPR on May 25.