Thank you both. So I guess the good news is I’m not an idiot after all. 
@tobiaseigen thanks, I’ve seen the option to link to and external privacy policy and ToS, but Discourse is actually on my “main” domain and there’s no other site to link to, so this is not really my use case.
I understand and appreciate the rationale behind not burdening smaller communities run by natural persons with too much legal stuff. However, the problem I now have is that I’d like to set up social login with Google and potentially Facebook, and providing a link to a privacy policy is a prerequisite for social login with these services. I don’t think they require one to identify as a company to be able to use this service, so while this new feature does simplify the life of smaller communities’ administrators in some aspects, it also (unintentionally, I believe) makes it more complicated to set up social login which is a very useful feature.
But OK, I’ll run the wizard and fill out the “company” name, it shouldn’t be big deal now that I know what I need to do - thanks again for that.
@tobiaseigen, to answer your question, there’s no particular document I ran into which states that /tos and /privacy are generated by default, that’s what confused me in the first place. It was more implied in support topics like this one.