Where to Add a Privacy Policy on Your Website and Mobile App

Especially for new business owners and startups, drafting legal agreements like a Privacy Policy can be a daunting task. Once the final touches are in place and the Privacy Policy is published, you can breathe a brief sigh of relief, but your work is not quite finished.

A legally compliant Privacy Policy won't do your business any good if no one sees it. Also, having your Privacy Policy be easy to locate and access is a requirement of a number of privacy laws.

Keep reading to learn about the most advantageous locations to place Privacy Policy links within your website and mobile app.

There was a time when internet privacy practices were decidedly shady. When the FTC and other authorities suggested that online businesses post a public Privacy Policy, many companies posted the policy, but website navigation to the page would be nearly invisible or nonexistent.

To circumvent loopholes like these, regulations were put into place to ensure that consumers had easy access to Privacy Policies that concern personal data.

These are two of the pertinent regulations that apply to most online businesses:

• CalOPPA - California's Online Privacy Protection Act applies to any business that collects personal data from California residents. Regarding Privacy Policy accessibility, CalOPPA states that:

  The website or online service shall "conspicuously post its privacy policy" in a way that is "set off from the surrounding text" so that "a reasonable person would notice it."

• GDPR - Europe's General Data Protection Regulation can be enforced on any company that collects personal information from European residents. The GDPR states the following regarding Privacy Policies:

  The Privacy Policy must be "easily accessible" and written in a way that is "concise, transparent, and intelligible.. using clear and plain language."

Beyond these specific requirements, regulations like the GDPR and Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) also require that consumers be informed of how their information is used when they give consent for data processing.

In other words, when users send their personal data to your business and consent for the data to be processed on their behalf, they must be well-informed of how that data will be used at the time of consent. This calls for links to the Privacy Policy to be provided in any webform or interface where consumer data is collected.

Not only are practices like these required by law, they are good methods to establish open, transparent relationships with customers from the first moment of contact.

Finally, providing easily accessible and strategically placed links to your Privacy Policy will help prevent potential privacy complaints and legal allegations. The more accessible and prominent your Privacy Policy is throughout the user interface, the less likely customers are to complain that they "never saw the Privacy Policy."

Strategic Website Locations for Privacy Policy Links

Below you'll find an overview of the most common and strategic locations for Privacy Policy links within your website.

Basic Navigational Links

First and foremost, the Privacy Policy must be made available within the basic navigation of every website page. This is commonly accomplished by adding a link to your website footer since the footer is available on every single page and customers know to look here.

Here's a standard example of this type of navigation from HuffPost:

As you can see, the Privacy Policy link is easily visible alongside other important links within the footer navigation of every page on the Huffpost website.

Here is an example of even more conspicuous linking on the Hershey's website:

Hershey's chose to type the Privacy Policy link in all caps to differentiate it from the links around it. In this way it emphasizes the importance of the policy and complying with privacy laws like CalOPPA.

About Us Section

Another location where the Privacy Policy should be mentioned is the About Us or similar type of section of your website.

Pixabay provides this link under the company information on the About page:

Turning Tides incorporates a Privacy Policy link into its informational directory by adding it to the About Us dropdown menu:

If you don't use an About menu but have some other sort of menu where you place informational links and your users would intuitively look there for such things, consider adding your Privacy Policy link to that menu or section of your website or app.

Webforms

Perhaps the most important place to display a Privacy Policy link is in webforms where consumers submit their personal information. Users should be reminded of your data processing and protection policies every time they send personal information to your company.

Below are some important webforms where a link to the Privacy Policy should appear.

Contact Forms

Although a contact form is an elective method for consumers to freely send you their contact information, it is still worthwhile to give them a chance to read your Privacy Policy at the outset. From the second an individual sends you their personal information, your business is technically processing their data. It is a good idea to let them know how that data will be handled from the start.

NOW Find Relief links to the Privacy Policy right above the submission button:

Signup Forms

A signup form marks the beginning of a business relationship. Since you will be using this customer's personal data to communicate with them, provide services, and potentially advertise to them, it is imperative that the consumer understands how their personal data will be used when they sign up.

Most businesses use the signup form as an opportunity to not only link to the Privacy Policy, but also to request the user's consent to the policy, as LinkedIn has done here:

Note how LinkedIn uses the wording "Agree & Join" to emphasize that the consumer is agreeing to the Privacy Policy when they click that button and sign up.

Obtaining consent to the Privacy Policy is important because it provides you with a valid record that the consumer saw and agreed to your data processing policies. From a legal standpoint, this satisfies certain consent laws while adding a layer of protection and prevention against potential privacy disputes in the future.

Especially if your business uses consumer data to serve personalized advertising, you may want to incorporate a consent checkbox into the signup form. The GDPR requires specific, unambiguous consent for data processing activities like targeted remarketing campaigns. If consent is your legal basis for processing user data, a specific consent checkbox is one way to obtain the needed records of consent for your Privacy Policy.

Check out this example from Canvas:

A user must check the box to demonstrate that extra step of agreeing to the terms and Privacy Policy linked in the associated statement. Using checkboxes such as this is a really solid way to get clear consent.

Checkout Forms

The shopping cart checkout interface is another place where personal data is exchanged, specifically payment information. Naturally, it's also an important location for the Privacy Policy link to go. Customers need to know how this type of information will be used, stored, and protected before finalizing that order and sending all that information to you.

See a simple example of how this can be done from Akismet:

Note how the statement is located very close to the Continue button which helps make it nearly impossible to miss.

Once again, if your business needs more specific, unambiguous records of Privacy Policy consent, you may prefer to incorporate a consent checkbox into the checkout form as Living Clean has done here:

Note how multiple checkboxes are used here to get consent for each different component. This is a GDPR-required practice and a good one to get into the habit of doing as that may soon become the global standard.

Privacy Policy Links Within Mobile Apps

The user experience within mobile applications is clearly different from that of a website, so the placement of Privacy Policy links may seem tricky. The goal is the same, however - to encourage users to read the Privacy Policy at every available opportunity, especially when they submit personal information.

Below are the most advantageous placements for Privacy Policy links within mobile app interfaces.

App Store Listings

For mobile apps, your first touchpoint with the consumer is the app store listing. Not only is this an opportunity to communicate your data processing policies to customers before they submit any personal data, but it's also a requirement of most app store platforms that a Privacy Policy be provided.

Google Play and iTunes Store both require a public Privacy Policy link to be posted in the app listing.

The HuffPost mobile app displays its Privacy Policy within the iTunes Store listing like so:

The same is true for HuffPost's app in the Google Play store:

Adding a Privacy Policy link to your store listing makes sure that users can check to see your privacy practices and how you collect and use personal data before downloading your app. This is very important since some apps start collecting personal data immediately upon download.

Registration Interface

Registration forms for mobile apps serve the same purpose as those for websites; to begin a relationship with the consumer. This is a good place to obtain Privacy Policy consent as well, as eBay does:

eBay incorporates prominent links to the Privacy Notice and makes sure the user understands that by clicking the "Create Account" button, they are agreeing to the Privacy Notice.

PayPal goes one step further and obtains a more specific, unambiguous record of consent by implementing a consent checkbox within the registration form:

Finally, some mobile apps also include a link to the Privacy Policy within the login screen to ensure that existing customers have the opportunity to read it any time they sign-in, as Amazon demonstrates here:

Clearly label your Privacy Policy link as such and consider adding a checkbox to your account registration and possibly your log-in screen for maximum transparency.

Checkout Interface

Checkout forms within mobile apps often collect the same types of information as any other shopping cart interface, such as addresses and credit card numbers. Customers and law enforcement alike are especially concerned about the way personal data like this is handled.

Make sure they are well-informed by including a link to the Privacy Policy within the checkout interface like this one from Amazon:

In this case, the Privacy Policy link is located below the "Place Your Order" button. When a customer clicks to place an order, they agree to the Privacy Policy, thereby granting consent.

Settings/About Menu

If a customer needs to locate the Privacy Policy within a mobile app, it is not necessarily as simple as website navigation. With limited space on mobile screens, app designers do not have room for detailed footer navigation.

This dilemma can be solved by placing an accessible link to the Privacy Policy within the main Settings interface, as seen in the Venmo app:

Other apps, like Uber, create a dedicated interface for legal papers. This is also a good location for a Privacy Policy link:

The above guidelines for Privacy Policy accessibility will satisfy most applicable legal regulations. Making your Privacy Policy easily accessible and conspicuous can also help to prevent potential privacy complaints and disputes with consumers. Of course, establishing an open, transparent relationship with your customers is also an excellent benefit of following these guidelines.

Remember to add your Privacy Policy to:

• Website footers
• Website and app menus
• Sign-in or Registration screens
• Checkout pages
• Contact forms
• Anywhere where you collect personal information