Privacy Policy for Email Newsletters

Last updated on 21 July 2020 by Sara Pegarella (Law school graduate, B.A. in English/Writing. In-house writer)

Privacy Policy for Email Newsletters

Once your website or mobile app starts to gain users, you're going to want to be able to communicate quickly and easily with your users.

A common way to send email communications to users is by using an email newsletter service, such as MailChimp, Aweber, Campaign Monitor, and so on.

However, when you start sending email newsletters, you will need to have a Privacy Policy in place.

First, is a Privacy Policy required?

The Privacy Policy agreement is the legal document or legal statement that discloses the important information to your users regarding their use of personal information:

  • What personal information you collect from your users. Personal information can any data that can be used to identify an individual, such as email addresses, mailing addresses, location data, or a user's first and last name.
  • Why you collect this personal information
  • How you use this personal information and allow any third parties to use the information

This legal agreement is required by law in a number of different countries.

What customers say about TermsFeed:

This really is the most incredible service that most website owners should consider using.

Easy to generate custom policies in minutes & having the peace of mind & protection these policies can offer is priceless. Will definitely recommend it to others. Thank you.

- Bluesky's review for TermsFeed. Read all our testimonials here.

With TermsFeed, you can generate:

In the United States, the Federal Trade Commission (FTC) regulates provisions and sets forth guidelines and recommendations for how businesses can protect consumers' privacy.

FTC's guidelines call for these agreements to be written in clear, simple language that is easy to understand:

FTC Guidelines: Privacy Notices

California's Online Privacy Protection Act (CalOPPA) is intended to protect California citizens from unfair and intrusive privacy practices, but the effect goes far beyond California.

Any website or mobile app that collects personal information from a person located in California must provide users with an easy to read Privacy Policy that lets users know what personal information is being collected, how the information will be used, and how a user can opt out of being tracked by the business' use of cookies or other tracking technologies that may be used by the business.

In the UK, the Data Protection Act of 1998 (DPA) governs laws on data privacy and data protection.

In Canada, it's PIPEDA.

In Australia, it's the Privacy Act.

Examples from email newsletters

If you plan on sending out email newsletters, regardless of the service you use, you'll be collecting email addresses of people who wish to receive your newsletter from your website and/or mobile app.

For purposes of the acts and directives mentioned above, an email address is considered to be "Personal Information", thus creating the requirement to have this kind of legal agreement.

You must let users know that you will collect their email addresses in order to send the email newsletter. If this is the only personal information you collect, and you only use the email addresses solely for sending the newsletter, just inform users of this in your legal agreement.

Here's how SaaS Weekly by Hiten Shah includes short and sweet information regarding the privacy of the email addresses for those who wish to subscribe on the subscription page.

While a link to the full Privacy Policy agreement is included at the bottom of the main section, a line below the box where users submit their email addresses states: "No spam, ever. Your email address will only ever be used for Hiten's SaaS Weekly."

SaaS Weekly form: Subscribe to email newsletter

This helps users know right away, without needing to open and dig through the legal agreement, that the email addresses collected are used only for purposes of its email newsletters.

However, if you ever do begin to collect any additional personal information, or use the email addresses for purposes beyond just the email newsletter, you'll have to update the agreement to reflect any new practices and notify users about any upcoming changes before these changes are in effect.

In the full version of SaaS Weekly's Privacy Policy agreement, in the "Information Collection and Use" section, users are informed that email addresses and possibly other personally identifiable information may be requested, and that this information will be used "for the purpose of providing the Service, identifying and communicating with you, responding to your requests/enquiries, and improving our services":

SaaS Weekly: Information Collect and Use Clause

This language covers the collection of email addresses for communicating to users through email newsletters.

The "Communications" section again makes it clear that personal information may be used "to contact you with newsletters..." and that a user may opt out by "following the unsubscribe link or instructions provided in any email we send":

SaaS Weekly: Communications clause

It's not a requirement to include a link to your Privacy Policy in the email newsletter itself, but doing so is an easy method of making sure that users notice and have access to the legal agreement at all times.

Here's how Medium includes a link to their Privacy Policy at the bottom of every email newsletter they send out:

Email newsletter from Medium: Highlight link

You must always include the "Unsubscribe" link in your email newsletters.

According to the CAN-SPAM Act, which spells out rules for commercial email and other commercial messages, you must provide a clear and conspicuous method of opting out of future communications in each of your communications.

CAN-SPAM sets out other requirements for commercial messages that can be viewed in the CAN-SPAM Compliance Guide document.

Here's an example of how theSkimm places the "Unsubscribe" link at the bottom of their email newsletter:

theSkimm email newsletter: Unsubscribe link

When the opt-out link is clicked by a user, the user must be given an easy way to unsubscribe from your email communications.

Here's another example of an unsubscribe field from Apple that simply asks a user to enter his email address twice and then click the "Unsubscribe" button as a confirmation. The link at the bottom lets the user unsubscribe from Apple's other newsletters that Apple may send to the user:

Apple: Confirm email to opt-out from emails

If you have an email newsletter, stay compliant with these legal requirements by creating a Privacy Policy that lets users know that you will be using their email addresses for emailing them your email newsletters.

Make sure the agreement is accessible and easy to read and understand, and that you provide users with a way to easily unsubscribe from your email newsletter.

Other examples

Examples of other platforms, such as websites or mobile apps, are helpful to determine where to place the links to your legal agreements.

Examples from websites

Websites typically include a link to a Privacy Policy in the footer of the web site where it can be easily noticed and accessed.

Here's how Evernote places its Privacy Policy link in the footer of its website:

Evernote Website Footer: Highlight Privacy Policy Link

Another common placement for the legal links is in the header menu.

Here's an example of how the United States Postal Service includes its Privacy Policy in the header menu. By clicking "Who We Are", then "Legal", then "USPS Privacy", the legal agreement can be accessed:

Steps to reach USPS Privacy Highlights page

Examples from mobile apps

Mobile apps typically provide a Privacy Policy through one of two ways: embedded directly within the app, or linked to a URL that forces open the mobile web browser to open to a specific URL where the page of that agreement is hosted.

Below is the "Settings" menu from the Evernote iOS app that a user can use to navigate to the Privacy Policy agreement of Evernote. To reach this, the user clicks "Settings", then clicks "Legal":

Evernote iOS App: Click on Legal

The "Legal" section of Evernote's mobile app has the legal agreements listed:

Evernote: Clicks which agreement to read

eBay's iOS mobile app provides access to the Privacy Policy agreement of eBay by going to the "Settings" menu of the app:

eBay Privacy Policy Embedded on Mobile App's iOS app opens the user's mobile browser to the URL where the Privacy Policy of is hosted, instead of embedding the agreement in the app:

Screenshot of Booking iOS App: Information Screen

This URL linked from the app should be the same URL used on your website in the footer.

Examples from embeddable web plugins

An example of an embeddable web plugin is the SoundCloud's embedded music player that lets a user create and share a music playlist on any website simply by copying and pasting the widget's code.

For example, the SoundCloud's plugin shown below has a link to their Cookie Policy right inside the widget. This ensures that users will quickly notice it and can easily access it:

Cookies Policy from SoundCloud Embed

Sara Pegarella

Sara Pegarella

Law school graduate, B.A. in English/Writing. In-house writer

This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.