A Privacy Policy is a legal document that informs the public about the data you collect, how you collect it, and how you use it.
This article will cover the components of a good Privacy Policy and will help you better understand how to create one that builds trust and confidence in your customers and protects you against various liability issues. You'll also find examples of how other businesses have used Privacy Policies to comply with the law and inform customers about their privacy practices.
We've also put together a Sample Privacy Policy Template that you can use to help write your own.
Highlights
- Definition of a Privacy Policy (jump to chapter)
- When is a Privacy Policy required (jump to chapter)
- Examples of Privacy Policies (jump to chapter)
- FAQs on Privacy Policies (jump to chapter)
- Download a sample Privacy Policy (jump to chapter)
- 1. What is a Privacy Policy?
- 2. A Privacy Policy is Required by Law
- 3. Third Party Services Require a Privacy Policy
- 4. Always be Transparent in Your Privacy Policy
- 5. What Should You Include in Your Privacy Policy
- 5.1. What information do you collect?
- 5.2. What do you do with the information you collect?
- 5.3. How is collected information kept safe?
- 5.4. Do users under the age of 13 use your website?
- 5.5. Do you handle medical data?
- 5.6. Do you handle financial or credit data?
- 5.7. Does your website or app utilize third-party services?
- 5.8. Additional clauses in your Privacy Policy
- 6. Privacy Policy FAQs
- 7. Privacy Policy Examples
- 7.1. The New York Times
- 7.2. The National Review
- 8. Summary of What a Privacy Policy Is
- 9. Download Sample Privacy Policy Template
- 9.1. Sample Privacy Policy Template (HTML Text Download)
- 9.2. Sample Privacy Policy Template (PDF Download)
- 9.3. Sample Privacy Policy Template (Word DOCX Download)
- 9.4. Sample Privacy Policy Template (Google Docs)
- 9.5. More Privacy Policy Templates
What is a Privacy Policy?
A Privacy Policy is a legal document outlining how your organization collects, uses, and discloses personal information.
A properly written Privacy Policy tells customers what data you collect about them when they engage with your business (e.g., through your website) or purchase one of your products/services, and why you're collecting that information. It also lets people know how long their information will be stored, who can access these records and more.
In today's business world, companies depend heavily on data and information derived from it. Indeed, information is essential for all company employees, from the top executives to the operations level.
Protecting data, especially private, personal information, is crucial in a complex world where so much depends upon it. The most important step for business owners to protect their customers' data is to create a concise and transparent Privacy Policy.
So, a good Privacy Policy should outline what data is being collected and explain why you're collecting it, who has access to it, and the time frame during which you plan to store it. It should also include any third parties with whom your company shares personal or private information, as well as any steps taken to ensure the security of such information.
A Privacy Policy is Required by Law
Privacy Policies are required by law to be posted on your website. You may be required to include specific clauses in your Privacy Policy, depending on the applicable laws within your area or where you are conducting business.
In fact, privacy laws are in place in many countries around the globe, including the following:
- Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
- The California Online Privacy Protection Act (CalOPPA)
- The California Consumer Privacy Act (CCPA)
- Europe's General Data Protection Regulation (GDPR)
- Australia's Privacy Act
- The UK's Data Protection Act
Third Party Services Require a Privacy Policy
Many third-party services that you use to improve your website's user experience, monitor analytics, or display ads require you to post a Privacy Policy.
You should provide clauses detailing how you use third-party services, APIs and SDKs.
Just some of the most popular third-party services, which require you to post a Privacy Policy are:
- Google Analytics
- Google AdSense
- Google AdWords
- Amazon Associates
- ClickBank
- Twitter Lead Generation
- Facebook Pages, Stores and Apps
- Google Play Store
- Apple's App Store
A few of the reasons these third-party services require you to post a Privacy Policy and disclose your usage of their cookies and services are due to the fact that they place cookies on your visitors' computers. They also collect information about them whenever they visit your site, such as their browsing habits, the device used, and so on.
Always be Transparent in Your Privacy Policy
A transparent and complete Privacy Policy agreement, which explains exactly what information a company collects and how it uses that information, inspires trust in a business.
Trust is essential for companies whose business models are based on sensitive customer data. Users feel secure knowing they have control over their personal information under the terms they signed up for.
Your Privacy Policy should explain to your users how your app or website handles personal data. Your users should also be aware of the reasons for collecting information and how long they will be kept on your servers.
You must disclose even if you do not collect any personal information. Because users expect transparency, it helps to have a Privacy Policy. Users may believe that you are collecting too much personal information and not disclosing any.
The SwissCows search engine doesn't track or store user searches. Its Privacy Policy says that it only collects the data that is necessary to provide its services and stores it in an anonymized way:
Conduct a privacy audit to ensure transparency and accuracy in your Privacy Policy. This will enable you to determine your business's privacy practices and what information you must disclose to your users through an appropriately transparent Privacy Policy.
What Should You Include in Your Privacy Policy
Your Privacy Policy will contain a variety of clauses depending on your business type and applicable law. Accordingly, there are certain clauses that every website, which collects personal data from visitors, should include in their Privacy Policies.
It should be structured to make it easy for the reader to understand essential information. You can achieve this by using well-structured, clearly written clauses that are clearly identified with descriptive headlines.
With that in mind, let's take a look at what you should include in your Privacy Policy.
What information do you collect?
Letting your website's visitors know what information you collect is an essential part of any Privacy Policy. This clause is crucial to let your users know from the beginning if you intend to collect data that they are comfortable sharing.
For instance, a website could use a registration form to collect an individual's email address, which the company then adds to its mailing list. This is very different from an app that collects all kinds of personal data, such as name, address, payment information, and location.
The point here is that there is a worldwide consensus that users have the right to know exactly what kind of data you collect.
Here's how TikTok lets users know what kinds of information it uses and collects:
You must also keep in mind that privacy laws generally stipulate that you may only collect personal information if necessary to offer the services you provide.
What do you do with the information you collect?
This clause informs the user about what happens to their personal data after it is collected.
A website might collect information such as a user's address and name in order to ship products purchased online. This information is essential and is not collected more than necessary. This is very different from a website that collects users' names and addresses and then sells it to a third party for marketing purposes.
Both websites collect the same information, but it is vital that you disclose how this information is used once it has been collected.
Here's how Snap discloses what it does with the information it collects:
How is collected information kept safe?
Personal data that is collected from an individual must be kept secure and only accessible by authorized personnel. You must implement appropriate security measures if you are trusted with handling personal data about users.
For example, to prevent unauthorized people from stealing or hacking your customer's credit card information, you need to secure it behind firewalls.
Data breaches have been affecting millions of internet users over the last few years. Many of those affected faced severe legal and financial consequences. You are responsible to make sure that personal information is not lost or misused if you store it.
Here is how MeWe notifies users about how it secures the data it collects:
Do users under the age of 13 use your website?
This clause is only applicable to specific websites and apps. It is regulated primarily under COPPA (the Children's Online Privacy Protection Act). COPPA imposes special requirements on apps and websites that collect data about children. It is vital to protect the privacy of all people, but it is crucial for minors.
This is why there is an additional clause in the Privacy Policy for websites and apps that target children.
You must comply with COPPA regulations if young people use your app or website.
The kids virtual classroom website Edmodo writes its clause on this subject like this:
Do you handle medical data?
Extra-sensitive information such as medical information is subject to additional regulation. The main law that covers additional measures for apps and websites that contain medical and health information is HIPAA (the Health Insurance Portability and Accountability Act of 1996).
If your website or app collects health or medical information, you must comply with HIPAA regulations. Note how the health insurance company Kaiser Permanente provides a link to its HIPAA privacy notice within its main Privacy Statement:
Do you handle financial or credit data?
For obvious reasons, financial information requires greater privacy protections than usual. Because financial information and credit are more sensitive than usual, several laws govern what steps must be taken by companies to protect their users from identity theft and fraud.
You must comply with all laws governing financial information and credit information that you offer on your website or app. Kaiser Permanente has a simple statement on this subject.
Does your website or app utilize third-party services?
Privacy Policies often disclose information about third-party services used by websites. It is important to disclose information about third-party usage because the Privacy Policies of third parties may differ from yours. Users need to know who has access and what their own unique policies are, since this may affect their data.
A website might use a third-party credit card processor to process transactions. Although the website does not store or handle this transaction information, users need to be able to see who has access to their credit card information and what they do with it.
It can be as simple as providing the name of the third party and explaining why it is being used. The user can then read the third party's Privacy Policy to confirm their agreement with your website's policies.
Here is an example from Facebook's Privacy Policy:
Additional clauses in your Privacy Policy
The clauses we just went over are pretty common. However, your website might require additional clauses to disclose your privacy practices and inform users about your services.
Check out the Privacy Policies on your favorite websites and apps, or those of your competitors, to see what extra clauses they have, which cover the unique features and services they offer.
Privacy Policy FAQs
Here is a list of frequently asked questions that you may find useful.
Privacy Policy Examples
Whether your website, mobile app, desktop or web app collects personal data from users, you must post a Privacy Policy. Many websites include a link to their Privacy Policies in the homepage footer or main navigation menu.
Let's look at some Privacy Policies on popular news websites.
The New York Times
The New York Times has the following sections in its Privacy Policy:
- What Information Do We Gather About You?
- What Do We Do With the Information We Collect About You?
- With Whom Do We Share the Information We Gather?
- What Are Your Rights?
- What About Sensitive Personal Information?
- How Long Do You Retain Data?
- How Do You Protect My Information?
- Are There Guidelines for Children?
- How Is Information Transferred Internationally?
- What Is Our Legal Basis?
- What About Links to Third Party Services?
- How Are Changes to This Privacy Policy Communicated?
- How Can You Contact Us?
- Who is the Controller of Your Personal Information?
This list is a great place to start for most Privacy Policies.
The National Review
The National Review has the following sections in its Privacy Policy:
- Quick Overview of This Privacy Policy
- General Statement About This Privacy Policy
- General Statement About Data Collection & Targeted Advertising
- The Information We Collect
- How We Use The Information We Collect
- Information Sharing
- Third-Party Services
- Your Account
- Confidentiality & Security
- Additional Information for California Residents
- Privacy Policy Changes
While this policy is shorter, it still covers all the key areas and is worth checking out for inspiration and guidance on your own Privacy Policy's content and structure.
Summary of What a Privacy Policy Is
Your Privacy Policy is not just a legal requirement but also an opportunity to communicate your company's values. Think of it like the "About Us" section on your website, only more important.
It should be accurate and up-to-date with any changes in policy or practices so that you don't run into problems down the line.
Your website, web app or mobile app may collect personal data. If so, you will likely be required by law or third-party services to provide a Privacy Policy to your website/app.
Be sure to include sections on:
- What information you collect
- What you do with that information
- How you keep that information safe
- How you handle data of individuals under 13 years of age
- How you handle medical data
- How you handle financial or credit data
- How your app or website utilizes third-party services
Finally, don't be tempted to copy or use another business's Privacy Policy. The one you're copying might not be right for your business. Let's take, for example, the text of a competitor who is in the same industry.
You may be doing business differently than they are. Your competitor might collect different types of information or share it with other third parties than you do. Of course, you could edit the Privacy Policy you're copying from to make it more appropriate for your business.
But is that time better spent growing your business or creating cobbling together a Frankenpolicy?
Download Sample Privacy Policy Template
Generate a Privacy Policy in just a few minutes
We understand that writing your own Privacy Policy can seem like a daunting task. Therefore, to help you put one together without snatching your competitor's or cherry-picking bits and pieces here and there, you can use a template. Templates can provide structure and inspiration, which is a great starting point.
Alternatively, we recommend using our Privacy Policy Generator. It is a powerful tool that will ask all the right questions regarding your business and the types of information you collect. The tool will use your answers to create a professional Privacy Policy tailored to your requirements and needs.
Our Sample Privacy Policy is available for download, for free. The template includes these sections:
- Definitions
- Collecting and Using Personal Information
- Usage Data
- Use of Personal Information
- Transfer of Personal Information
- Disclosure of Personal Information
- Security of Personal Information
- GDPR Privacy Policy
- CCPA Privacy Policy
- Links to Other Websites
- Changes to Privacy Policy
- Contact Information
Sample Privacy Policy Template (HTML Text Download)
You can download the Sample Privacy Policy Template as HTML code below. Copy it from the box field below (right-click > Select All and then Copy-paste) and then paste it on your website pages.
Sample Privacy Policy Template (PDF Download)
Download the Sample Privacy Policy Template as a PDF file
Sample Privacy Policy Template (Word DOCX Download)
Download the Sample Privacy Policy Template as a Word DOCX file
Sample Privacy Policy Template (Google Docs)
Download the Sample Privacy Policy Template as a Google Docs document
More Privacy Policy Templates
We have a number of specific Privacy Policy Templates available on our blog, including the following:
Sample Mobile App Privacy Policy Template | A Privacy Policy for mobile apps on Apple App Store or Google Play Store. |
Sample GDPR Privacy Policy Template | A Privacy Policy for businesses that need to comply with GDPR. |
Sample CCPA Privacy Policy Template | A Privacy Policy for businesses that need to comply with CCPA. |
Sample California Privacy Policy Template | A Privacy Policy for businesses that need to comply with California's privacy requirements (CalOPPA & CCPA). |
Sample Virginia CDPA Privacy Policy Template | A Privacy Policy for businesses that need to comply with Virginia's CDPA. |
Sample PIPEDA Privacy Policy Template | A Privacy Policy for businesses that need to comply with Canada's PIPEDA. |
Sample Ecommerce Privacy Policy Template | A Privacy Policy for ecommerce businesses. |
Small Business Privacy Policy Template | A Privacy Policy for small businesses. |
Privacy Policy for Google Analytics (Sample) | A Privacy Policy for businesses that use Google Analytics. |
Sample CalOPPA Privacy Policy Template | A Privacy Policy for businesses that need to comply with California's CalOPPA. |
Sample SaaS Privacy Policy Template | A Privacy Policy for SaaS businesses. |
Sample COPPA Privacy Policy Template | A Privacy Policy for businesses that need to comply with California's COPPA. |
Sample CPRA Privacy Policy Template | A Privacy Policy for businesses that need to comply with California's CPRA. |
Blog Privacy Policy Sample | A Privacy Policy for blogs. |
Sample Email Marketing Privacy Policy Template | A Privacy Policy for businesses that use email marketing. |
Comprehensive compliance starts with a Privacy Policy.
Comply with the law with our agreements, policies, and consent banners. Everything is included.