Privacy laws are changing worldwide with new data privacy regulations going into effect. Many of these laws update and expand upon existing data privacy laws, and so business owners must ensure they comply with whatever geographic location they happen to do business.

In practical terms, this means that the Privacy Policy for your website, app, blog, etc. might need to handle the legal privacy requirements of multiple countries.

For example, suppose you do business in the State of California and in European countries. In that case, your Privacy Policy is going to need to address the demands of California's Consumer's Privacy Act (CCPA), as amended by the CPRA. It will also need to abide by the European Economic Area's General Data Protection Regulation (GDPR).

It's important to keep in mind that these laws apply to your business, whether you are physically located in California or the European Economic Area. If you merely do business in those geographic regions, these laws apply to your company, and your Privacy Policy must reflect that.

This article will explore what you need to include in your Privacy Policy and how to best comply with requirements as well as best practices.

Note that the following is applicable for both website and mobile app Privacy Policies.

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:

  1. At Step 1, select the Website option or App option or both.

    TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  2. Answer some questions about your website or app.

    TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  3. Answer some questions about your business.

    TermsFeed Privacy Policy Generator: Answer questions about business practices  - Step 3

  4. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.

What are the Key Components of a Privacy Policy?

What are the Key Components of a Privacy Policy?

The key components of any Privacy Policy should include clauses and sections that disclose the following information:

The Policy's Effective Date

Always include the date that the Privacy Policy became effective, or the date of its last update. This is typically included at the beginning of the policy, as you can see here:

Medium Privacy Policy intro section with effective date highlighted

This helps users know how current your Privacy Policy is, and lets authorities see if you're complying with requirements for annual updates.

Who Owns the Website or Mobile App

Disclose the official, formal name of whoever owns the site or app. This can be part of an introduction clause, such as this clause that notes the official business name, and that the policy applies to itself and its subsidiaries:

Pandora Privacy Policy: Intro clause

What Information is Being Collected, and How

Let users know what information you are collecting. Be as specific as possible, like seen here with listing out each different data type in a separate section:

Pandora Privacy Policy: Information We Receive or Collect from You clause excerpt

The clause also includes how the data is collected, such as when a user registers, signs up for a subscription, or responds to ads.

Don't forget to update this section as your privacy practices change. Accuracy is key in your Privacy Policy.

How You Use the Collected Information

This clause is where you let users know what you'll be doing with the collected personal information. As always, be as specific as possible without being overly complex in language.

Here's how you can do this:

Pandora Privacy Policy: How We Use Information We Receive or Collect clause excerpt

Using a list format makes a clause like this easier to read and helps with clarity.

Will you Share or Sell User Information to Third Parties

This is a very important clause, as users have the right to know not only what you do with their information, but if any other company who isn't you will also have access.

Here's how you can let users know who information may be shared with, under what circumstances, and how the sharing will be done:

Pandora Privacy Policy: How We Share Information We Receive or Collect with Others clause excerpt

List of User Rights

You'll need to let users know what their rights are, and how they can exert them. These rights may only apply to people in certain jurisdictions, such as rights specifically granted to people in California via state laws.

Here's how you can let users know about their rights and how they can exert them:

Pandora Privacy Policy: Your Privacy Rights Under State Laws clause excerpt

How Updates to the Privacy Policy Will Be Communicated

Let users know how you will inform them if or when you make material changes to the Privacy Policy. This is typically done via email or through a pop-up notice the next time a user visits a website or uses a service that has an updated Privacy Policy.

Here's how you can note that users should check the policy page periodically, and also that any material changes will come with notice, likely via an email:

Pandora Privacy Policy: Changes or updates to the Privacy Policy clause excerpt

Why Should My Privacy Policy Be Unique?

Why Should My Privacy Policy Be Unique?

Your Privacy Policy needs to reflect your company's actual privacy practices. Ideally, it should be custom-tailored to ensure that you are legally protected based on the legal jurisdictions and geographical boundaries within and across which you may do business.

While many of the clauses seem fairly boilerplate and the same across the board, they still need to be specific to your own practices and must be accurate.

Without your own custom Privacy Policy, you could run into some issues.

Your Privacy Policy should be unique because it's an actual legal contract. A Privacy Policy is a legal agreement between those who use your business' website, mobile app, or your blog for that matter. Depending on how the Privacy Policy is written, it could have incredible legal consequences for your company.

For instance, if you cobble together a Privacy Policy by copying and pasting from a competitor's policy, yours may have legal gaps of which you're unaware. If someone challenges the way you use their private information in court, and you aren't covered the way you think you are, your company could face enormous fines and other penalties.

You Could Lose Customers

Consider what might happen if you tell your clients, customers, website visitors, etc. one thing in your Privacy Policy, but that policy omits vital information or describes a data collection process you don't even use.

If those individuals discover that your business has practices that your Privacy Policy says you don't, it's a breach of trust. For example, maybe your Privacy Policy says you don't share or sell data to third parties, but you actually do.

Recall the maxim that people do business with those whom they know, like, and trust. If you break the trust of those who use your website, blog, or app, they're not going to want to use your products or services any longer. You're going to make them angry, and then through word of mouth, each one is likely to tell about fifteen other people.

Your company could suffer a severe backlash along with potentially awful PR because you made a wrong choice. You don't want to put your company in the position of having to do damage control for years to come.

Displaying and Getting Agreement to a Privacy Policy

Part of Privacy Policy compliance is displaying your policy and getting users to agree to your privacy practices.

First, always display a link to your Privacy Policy in your site's footer, like so:

Screenshot of the email footer from The Economist with Privacy Policy link highlighted

For mobile apps, the equivalent would be displaying a link within an in-app menu, such as a Legal Information menu. Here's an example:

Screenshot of Audible app Settings menu with Privacy Notice highlighted

You should also add a Privacy Policy URL wherever you collect personal information. For example, next to a form for registering for an account, or where a user signs up to receive marketing communications for you. In both cases, a user would be sharing legally protected personal information such as an email address.

Here's an example:

BitChute Create Account form: Privacy Policy link highlighted

You can also request consent at the same time you display your Privacy Policy by asking users to check an "I Agree" box or click some form of an "I Agree" button.

Here's an example of this:

Generic Create Account form with I Agree checkbox highlighted - example


Create a unique, accurate Privacy Policy for your website and make sure to include all the key clauses and information required by privacy laws.

Keep your Privacy Policy updated and disclose the date when it was last updated.

Display it in your site's footer, your mobile app's in-app menu, and anywhere where you collect personal information. You should request consent for your Privacy Policy via an "Agree" checkbox or button.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy