A Privacy Policy is a legal document that informs the public about the data you collect, how you collect it, and how you use it, as well as other important details about your privacy practices.
This article will explain in further detail what a Privacy Policy is, why and when one is legally required, and how to create and display your own.
We've also put together a Sample Privacy Policy Template that you can use to help write your own.
A properly written Privacy Policy tells customers what data you collect about them when they engage with your business (e.g., through your website) or purchase one of your products/services, and why you're collecting that information. It also lets people know how long their information will be stored, who can access these records and more.
The Privacy Policy agreement from termsfeedSo, a good Privacy Policy should outline what data is being collected and explain why you're collecting it, who has access to it, and the time frame during which you plan to store it. It should also include any third parties with whom your company shares personal or private information, as well as any steps taken to ensure the security of such information.
Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:
Privacy Policies are required by law to be posted on your website. You may be required to include specific clauses in your Privacy Policy, depending on the applicable laws within your area or where you are conducting business.
In fact, privacy laws are in place in many countries around the world, including the following:
Many third-party services that you use to improve your website's user experience, monitor analytics, or display ads require you to post a Privacy Policy.
You should provide clauses detailing how you use third-party services, APIs and SDKs.
Just some of the most popular third-party services, which require you to post a Privacy Policy are:
A few of the reasons these third-party services require you to post a Privacy Policy and disclose your usage of their cookies and services are due to the fact that they place cookies on your visitors' computers. They also collect information about them whenever they visit your site, such as their browsing habits, the device used, and so on.
A transparent and complete Privacy Policy agreement, which explains exactly what information a company collects and how it uses that information, inspires trust in a business.
Trust is essential for companies whose business models are based on sensitive customer data. Users feel secure knowing they have control over their personal information under the terms they signed up for.
Your Privacy Policy should explain to your users how your app or website handles personal data. Your users should also be aware of the reasons for collecting information and how long they will be kept on your servers.
You must disclose even if you do not collect any personal information. Because users expect transparency, it helps to have a Privacy Policy. Users may believe that you are collecting too much personal information and not disclosing any.
The SwissCows search engine doesn't track or store user searches. Its Privacy Policy says that it only collects the data that is necessary to provide its services and stores it in an anonymized way:
Conduct a privacy audit to ensure transparency and accuracy in your Privacy Policy. This will enable you to determine your business's privacy practices and what information you must disclose to your users through an appropriately transparent Privacy Policy.
Your Privacy Policy will contain a variety of clauses depending on your business type and applicable law. Accordingly, there are certain clauses that every website, which collects personal data from visitors, should include in their Privacy Policies.
It should be structured to make it easy for the reader to understand essential information. You can achieve this by using well-structured, clearly written clauses that are clearly identified with descriptive headlines.
With that in mind, let's take a look at what you should include in your Privacy Policy.
Letting your website's visitors know what information you collect is an essential part of any Privacy Policy. This clause is crucial to let your users know from the beginning if you intend to collect data that they are comfortable sharing.
For instance, a website could use a registration form to collect an individual's email address, which the company then adds to its mailing list. This is very different from an app that collects all kinds of personal data, such as name, address, payment information, and location.
The point here is that there is a worldwide consensus that users have the right to know exactly what kind of data you collect.
Here's an example of a clause that lets users know what kinds of information it uses and collects:
You must also keep in mind that privacy laws generally stipulate that you may only collect personal information if necessary to offer the services you provide.
This clause informs the user about what happens to their personal data after it is collected.
A website might collect information such as a user's address and name in order to ship products purchased online. This information is essential and is not collected more than necessary. This is very different from a website that collects users' names and addresses and then sells it to a third party for marketing purposes.
Both websites collect the same information, but it is vital that you disclose how this information is used once it has been collected.
Here's an example of how to disclose what is done with the information a business collects:
Personal data that is collected from an individual must be kept secure and only accessible by authorized personnel. You must implement appropriate security measures if you are trusted with handling personal data about users.
For example, to prevent unauthorized people from stealing or hacking your customer's credit card information, you need to secure it behind firewalls.
Data breaches have been affecting millions of internet users over the last few years. Many of those affected faced severe legal and financial consequences. You are responsible to make sure that personal information is not lost or misused if you store it.
Here's an example of how you can disclose how data is secured:
This clause is only applicable to specific websites and apps. It is regulated primarily under COPPA (the Children's Online Privacy Protection Act). COPPA imposes special requirements on apps and websites that collect data about children. It is vital to protect the privacy of all people, but it is crucial for minors.
This is why there is an additional clause in the Privacy Policy for websites and apps that target children.
You must comply with COPPA regulations if young people use your app or website.
Here's an example of a clause addressing children's personal information:
Extra-sensitive information such as medical information is subject to additional regulation. The main law that covers additional measures for apps and websites that contain medical and health information is HIPAA (the Health Insurance Portability and Accountability Act of 1996).
If your website or app collects health or medical information, you must comply with HIPAA regulations. Note how the health insurance company Kaiser Permanente provides a link to its HIPAA privacy notice within its main Privacy Statement:
For obvious reasons, financial information requires greater privacy protections than usual. Because financial information and credit are more sensitive than usual, several laws govern what steps must be taken by companies to protect their users from identity theft and fraud.
You must comply with all laws governing financial information and credit information that you offer on your website or app. Kaiser Permanente has a simple statement on this subject.
Privacy Policies often disclose information about third-party services used by websites. It is important to disclose information about third-party usage because the Privacy Policies of third parties may differ from yours. Users need to know who has access and what their own unique policies are, since this may affect their data.
A website might use a third-party credit card processor to process transactions. Although the website does not store or handle this transaction information, users need to be able to see who has access to their credit card information and what they do with it.
It can be as simple as providing the name of the third party and explaining why it is being used. The user can then read the third party's Privacy Policy to confirm their agreement with your website's policies.
Here is an example of this type of clause:
Here is a list of frequently asked questions that you may find useful.
A Privacy Policy is a legally-required policy document between you and the users of your website/app that discloses your privacy practices and how you handle your users' personal data. A Privacy Policy will describe the types of personal data you collect, how you collect the data, how you keep it safe, what you use it for, and if you share any of that personal information with other parties.
Yes. You can download a sample Privacy Policy template for free in multiple formats: PDF, DOCX, Full Text or as a Google Docs document.
You need a Privacy Policy because privacy laws around the world require one if you collect personal information. Many third-party companies also require a Privacy Policy in order to use their services.
Even if you don't collect personal information, you should still have a Privacy Policy. This is because people and the authorities expect to see one. Without one, even one that simply says you don't collect personal information, you may come across as untrustworthy to the public and end up being questioned by authorities.
You should have a Privacy Policy even if you don't collect personal information because the general public and authorities both expect to see one.
Without a Privacy Policy, you may end up having to explain your privacy practices to legal authorities to prove that you aren't violating privacy laws. You may also lose trust with the public for not being clear about what your privacy practices are.
Even if you don't collect personal information, you should post a Privacy Policy that says exactly that.
The standard information that every Privacy Policy should include is as follows:
Note that some privacy laws require additional information if you fall under the law's scope. Some of this additional information includes:
You should always display a link to your Privacy Policy in your website's footer. This is where people know to look for it, and it's a common best practice.
You should also display a Privacy Policy link at places where you request to collect personal information.
Make your Privacy Policy enforceable by having your users click an unticked checkbox next to a statement that says something similar to "I have read and agree to the terms of the Privacy Policy."
You can also have users click a button that says something like "I Agree" next to a statement like the above if you don't want to use a checkbox.
Generally, you need to update your Privacy Policy when any of your privacy practices change.
Some common times to update your Privacy Policy would be if you:
Make sure to update your Privacy Policy's effective date with the date you make the updates. Send notifications to your users of any material changes, such as via an email or a website pop-up message.
Note that some privacy laws (such as the CCPA) require you to update your Privacy Policy once every 12 months.
Whether your website, mobile app, desktop or web app collects personal data from users, you must post a Privacy Policy. Many websites include a link to their Privacy Policies in the homepage footer or main navigation menu.
Let's look at some Privacy Policies on popular news websites.
The New York Times has the following sections in its Privacy Policy:
This list is a great place to start for most Privacy Policies.
The National Review has the following sections in its Privacy Policy:
While this policy is shorter, it still covers all the key areas and is worth checking out for inspiration and guidance on your own Privacy Policy's content and structure.
Privacy laws require that your Privacy Policy be displayed in a way that's easy for users to access at any time. You must also get users to consent, or agree to, your processing of their personal data as stated in your policy.
When it comes to displaying your Privacy Policy, you should start with adding a link within your website's footer. This will make the policy visible and accessible from every page of your site, and people are familiar with looking here for legal agreements and important information.
Here's an example of how you can display a Privacy Policy in a site footer:
Other common places to include your Privacy Policy link are in forms where you request personal information, such as when a user creates an account with you:
Or when they sign up to receive marketing emails from you:
To obtain consent from users, ask them to check a box such as an "I Agree" checkbox next to a statement that clicking it shows agreement to your Privacy Policy. Link your Privacy Policy to this consent mechanism as well, as seen here:
Your Privacy Policy is not just a legal requirement but also an opportunity to communicate your company's values. Think of it like the "About Us" section on your website, only more important.
It should be accurate and up-to-date with any changes in policy or practices so that you don't run into problems down the line.
Your website, web app or mobile app may collect personal data. If so, you will likely be required by law or third-party services to provide a Privacy Policy to your website/app.
Be sure to include sections on:
Finally, don't be tempted to copy or use another business's Privacy Policy. The one you're copying might not be right for your business. Let's take, for example, the text of a competitor who is in the same industry.
You may be doing business differently than they are. Your competitor might collect different types of information or share it with other third parties than you do. Of course, you could edit the Privacy Policy you're copying from to make it more appropriate for your business.
But is that time better spent growing your business or creating cobbling together a Frankenpolicy?
We understand that writing your own Privacy Policy can seem like a daunting task. Therefore, to help you put one together without snatching your competitor's or cherry-picking bits and pieces here and there, you can use a template. Templates can provide structure and inspiration, which is a great starting point.
Alternatively, we recommend using our Privacy Policy Generator. It is a powerful tool that will ask all the right questions regarding your business and the types of information you collect. The tool will use your answers to create a professional Privacy Policy tailored to your requirements and needs.
Our Sample Privacy Policy is available for download, for free. The template includes these sections:
You can download the Sample Privacy Policy Template as HTML code below. Copy it from the box field below (right-click > Select All and then Copy-paste) and then paste it on your website pages.