Wistia is a popular video hosting platform that lets businesses integrate marketing and analytics features and functions into their videos.

It's like YouTube for businesses.

Different analytical features like trend graphs and video heat maps can help your business track popularity of the specific videos you upload and manage through Wistia.

The Turnstile email collector feature from Wistia can be a useful marketing tool that collects email addresses of users who'll view videos on your website or from the website where your video will be embedded.

Here's an example video from Wistia:

Example of Turnstile feature from Wistia

The Turnstile feature allows you to customize how and when your video asks for an email address from viewers.

You can choose to allow users to skip entering their email address if they wish to do so, or you can make entering their email addresses mandatory in order to view the video.

You can also choose whether you ask for a user's first and last name and email address, or solely the email address.

The form asking for this information can appear at the beginning or end of the video, a setting that you can customize on your Wistia account.

Wistia: Customize video to ask for email

You can then integrate your Wistia account with an email marketing service provider or other automated marketing platform. You can integrate with a number of popular automated email marketing services including MailChimp, Constant Contact and HubSpot.

Privacy Policy requirements

If you use Wistia's Turnstile feature to collect email addresses from viewers, you may be required by law to have a Privacy Policy agreement.

Additionally, if you integrate your Wistia account with an email marketing platform, these platforms will also require you to have a Privacy Policy agreement.

Required by law

There are a variety of laws in a number of countries that dictate when the Privacy Policy agreement is required for businesses that collect users' personal information.

United States Flag

The California Online Privacy Protection Act (CalOPPA) requires that if your commercial website or online service (website, mobile app, desktop app etc.) collects any personally identifiable information from any California residents, you must conspicuously post a Privacy Policy on that website.

It doesn't matter what country your website is originating from. If you do have or may possibly have users who reside in California, CalOPPA applies to you.

An email address is considered personally identifiable information for purposes of the CalOPPA act, thus the law would apply to businesses that use Wistia's Turnstile along with an email marketing platform to collect the email addresses of video viewers.

Flag of EU

In the EU, the Data Protection Directive requires that European users be informed when their personal information is collected. Generally, most businesses choose to inform users of this through a Privacy Policy posted on the website and/or in the mobile app.

Because an email address is considered to be personal information for purposes of the EU Data Protection Directive (as well as by CalOPPA), this Directive may also apply to businesses that use Wistia to collect email addresses from viewers.

Required by email platforms

If you choose to integrate your Wistia account with an email marketing platform, the Terms of Use of these platforms will most likely require you to have a Privacy Policy agreement in place.

MailChimp includes a clause in its Terms of Use that requires anyone who uses its service to comply with all required laws and regulations, i.e. the international privacy laws discussed in the previous section.

This means that you can't send marketing emails through MailChimp without having a Privacy Policy agreement set in place.

The Section 20, Compliance with Laws, from Terms of Use of MailChimp

In its Terms and Conditions of Use, Constant Contact requires that its users "shall adopt and comply with" their own "customer privacy policy."

This Privacy Policy must include information about "practices with respect to subscriber data."

This requirement from Constant Contact is the same as MailChimp's: you can't send marketing emails through Constant Contact without having a Privacy Policy agreement in place.

Section Subscriber Privacy from Constant Contact Terms and Conditions of Use

Anti-spam requirements

Chances are, if you're collecting email addresses through Wistia, you plan to use them for commercial marketing messages to boost your business.

If your business uses email to send commercial messages, you'll need to comply with CAN-SPAM in the US and potentially other anti-spam laws from other countries.

In the US, for purposes of CAN-SPAM, "commercial messages" include any email message that aims to promote content on a commercial website, such as an email announcing a new product, or a sale or other promotion to encourage people to spend money.

CAN-SPAM creates a list of requirements for marketing emails sent within the United States. These requirements include having accurate subject lines and header information, including a physical address of your business in each email, and providing an opt-out method for users who wish to stop receiving your emails.

Canada and Australia also have similar anti-spam laws, as does the EU, the UK, and a number of other countries.

Most email marketing platforms will likely include a Spam Policy section within their Terms of Use agreements.

The Acceptable Use Policy of HubSpot references both CAN-SPAM and Canada's Anti-Spam Legislation and forbids the use of HubSpot for spamming in any way. By directing their customers to these laws, HubSpot customers are aware that the requirements of these laws must be met before using the HubSpot platform.

No spam permitted in HubSpot Acceptable Use Policy

Constant Contact takes a more detailed and specific approach to breaking down spam legislation requirements for its customers. A link to its Anti-Spam Policy is included in the footer, as well as a link to the standard Terms and Conditions of Use:

Highlight Anti-spam and Terms & Conditions links from Constant Contact footer

Section 5.1 of its Terms for using Constant Contact includes three different sections specifically informing customers about the prohibition on spam and what practices are permitted. These are the Prohibition on Spam, Messages, and Unsubscribe sections.

The "Messages" section mentions the CAN-SPAM law and Canada's Anti-Spam legislation. It also includes detailed requirements taken from the laws, such as requiring the following:

"from" line of any email message sent by you using the Site or the Products will accurately and in a non-deceptive manner identify your organization, your product or your service."

The Messages section of Constant Contact legal agreement

The "Unsubscribe" section from the same legal agreement states:

"every email message sent in connection with the Products must contain an "unsubscribe" link that allows subscribers to remove themselves from your mailing list and a link to the then-current About Our Service Provider description."

That unsubscribe link must remain operational for at least 60 days after sending the messages, and all unsubscribe requests must be honored within 10 days.

The CAN-SPAM and Canada's Anti-Spam legislations are again referenced in this section:

The Unsubscribe section in Constant Contact legal agreement

Including specific language from these legislations helps customers of Constant Contact know exactly what's required from them both by the laws and by Constant Contact.

Placing the Privacy Policy

Now that you've determined that you'll need a Privacy Policy agreement, where do you place it?

Unfortunately, Wistia doesn't currently allow you to link your Privacy Policy on the same screen where you ask users for their email addresses during the video viewing.

Wistia: Include a link to Privacy Policy on Turnstile

However, you could link your Privacy Policy in your website's footer to make it conspicuously available to anyone who visits your website, like Wistia does with its own Privacy Policy agreement:

Point to Privacy Policy link in Wistia footer

You can also include a link to your Privacy Policy agreement in any other email forms you have on your website.

Places where users can sign up for an account, or where they can simply submit an email address to subscribe to your emails are both great places to link your legal agreements.

When MailChimp asks for an email address when users create a new account, links to the Anti-Spam Policy, Privacy Policy, and general Terms of Use are all included on this page.

MailChimp and the Create Account form: Point to legal agreements

Remember that your Privacy Policy must inform people that you're collecting their email addresses, and how you plan to use those collected email addresses.

Let users know if you plan to send them email newsletters, marketing materials, and another type of communications.

See below how NPR includes a section within its Privacy Policy where the "Use and Sharing of Information" is discussed, and information about email address use is included.

NPR informs users that their email address may be used for "sending NPR email newsletters and other communications, including marketing, fundraising, membership and other communications, from NPR or NPR Member stations."

Privacy Policy of NPR: Use and Sharing of Information

Using Wistia with the Turnstile feature for your business can be an incredibly effective form of marketing and analytics tracking. Just remember to create a Privacy Policy agreement, if you don't have one yet before you start collecting email addresses from viewers.

Link to the agreement on your website in the footer of every web page of your website and in any other web forms where you ask for email addresses from users.

In your Privacy Policies informs users how you plan to use the email addresses (what's the purpose?), and always give them the option to opt out (or inform how they can opt-out).

Also, refresh yourself on anti-spam legislations and its requirements that you need to be aware of to make sure that you structure your email communications in a legally compliant way.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy