Do I Need a Privacy Policy if I Don't Collect Any Data?

Last updated on 29 September 2022 by Robert Bateman (Privacy and Data Protection Research Writer at TermsFeed)

Do I Need a Privacy Policy if I Don't Collect Any Data?

If you don't actually collect any personal information, you might not need a Privacy Policy. However, many third parties and app stores require one. Also, you may be collecting protected personal information without knowing it, such as with an Analytics service.

This article will look at ways you might be collecting personal information without knowing it, why you need a Privacy Policy even if you actually aren't collecting personal information, and what your Privacy Policy should include.


You Might Be Collecting Personal Information Without Realizing It

Many types of data qualify as "personal information." It's actually pretty rare for a business, website, or mobile app not to collect at least some personal information.

For example, under the definitions used in many privacy laws, the following activities involve the processing of personal information:

  • Taking customer inquiries via email, contact forms, or social media
  • Maintaining a mailing list
  • Using cookies for advertising or analytics

That last point can surprise some people.

Many people know that using cookies to deliver personalized advertising falls under the ambit of privacy law. But did you know that using analytics to measure the performance or functionality of your website can count as collecting personal information?

If your website or app collects users' IP addresses, advertising IDs, location, referral data, or tracks their usage, this could bring you under the jurisdiction of certain privacy laws.

But even if you're going out of your way not to collect personal information, it might still be a good idea for you to create a Privacy Policy.

Four Reasons to Create a Privacy Policy Even If You Don't Collect Personal Information

Four Reasons to Create a Privacy Policy Even If You Don't Collect Personal Information

We think every website should have a Privacy Policy, whether or not it collects personal information. This is because it helps ensure customer trust, helps meet third party requirements, helps develop your business and helps you avoid legal issues.

Let's look at each.

Ensuring Consumer Trust

Creating a Privacy Policy explaining your practices with full transparency helps build consumer trust, and makes your project or business appear more professional.

Privacy Policies are so abundant online that it's increasingly hard to take a company seriously if it doesn't have one.

Whether they understand the law or not, consumers expect to see that a company has certain legal documents available at the footer of its website or the "Settings" page of its app. These include its Terms and Conditions and its Privacy Policy.

If you've read the section above and determined that you really don't collect any personal information, you can leverage this fact to your advantage. Many consumers will see this as a good thing.

For example, take a look at the Privacy Policy of consultancy firm ThinkPrivacy:

ThinkPrivacy Privacy Policy: Intro clause updated

This company makes it clear not only what information it collects, but also what it does not collect.

There are legitimate uses of personal information. But if you don't need to track your users, great! Shout it from the rooftops.

Meeting Third-Party Requirements

Meeting Third-Party Requirements

When you host your blog on a WordPress site, run a Facebook Page, or offer your mobile app on the App Store, you depend on third parties to get the job done. You enter into legally-binding agreements with these third parties before you can use their services. Often, these agreements contain clauses that require you to take certain steps toward legal compliance. Sometimes these steps can require you to go even further than the law requires.

Whatever your online business or project involves, you're almost certainly not doing it entirely alone.

For example, take a look at this section of Apple's App Store Review Guidelines:

Apple App Store Review Guidelines: Data Collection and Storage section - Privacy Policy Link required section highlighted

The section above explains that every app submitted to the App Store must come with a Privacy Policy, whether the app collects user data or not.

It's worth creating a Privacy Policy just in case you're required to do so under the numerous third-party agreements by which you're almost certainly bound.

These can include third-party analytics companies (i.e. Google Analytics), as well.

Developing Your Business

As your business or project grows and expands, your needs will evolve with it. Sure, you might not need to collect personal information right now, but don't assume you won't need to do so in the future. If you ever want to start a social media ad campaign, start selling merchandise, or even just add a contact form to your website, you'll need a Privacy Policy at this point.

By laying the foundations now, early in your venture, you save yourself some work in the future, when things could get more serious.

As outlined above, collecting personal information online is actually pretty hard to avoid for many projects. And users increasingly expect to see that a company has an accessible and comprehensive Privacy Policy.

If your customers believe you might be in breach of privacy law, they could report you to the relevant privacy authority, such as a Data Protection Authority in the EU, or an Attorney-General in many U.S. states.

Even if you're not strictly required to maintain a Privacy Policy under the law (and remember, you might be), you don't need this sort of a headache. Any suggestion of a regulatory investigation, or even a customer complaint, is a hassle that you want to avoid.

How to Create a Privacy Policy for Your Website

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:

  1. At Step 1, select the Website option or App option or both.
  2. TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  3. Answer some questions about your website or app.
  4. TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  5. Answer some questions about your business.
  6. TermsFeed Privacy Policy Generator: Answer questions about business practices  - Step 3

  7. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.


What Should my Privacy Policy Include If I Don't Collect Personal Information?

What Should my Privacy Policy Include If I Don't Collect Personal Information?

Your Privacy Policy can be a declaration of your good privacy practices that can win you some good PR points with your customers.

Above, we showed how you can express your decision not to collect personal information as an affirmation of your commitment to user privacy. Here's another example from search engine Startpage:

Startpage Privacy Policy introduction section

Privacy laws typically require you to explain what types of personal information you collect. So, if you don't collect any personal information, you can explain this instead. What types of data do you not collect?

Here's more from Startpage's Privacy Policy, explaining what information is not collected by the search engine:

Startpage Privacy Policy: We Do Not Collect Personal Data clause

And here's how law firm AWO does this:

AWO Privacy Policy What we do not collect clause - Updated for 2022

Startpage addresses the issue of disclosing data, both through sales and if a governmental authority requests data.

While it may seem like common sense that if a company doesn't collect data, it can't be sold or disclosed since there is nothing there to do either with. However, writing this out makes it clear to the public and avoids assumptions:

Startpage Privacy Policy: We Do Not Disclose or Sell and Governmental Requests for Data clauses

This is useful information, and it also confirms your commitment to your users' privacy.

Summary

In sum, if you don't collect any data, you can and still should have a Privacy Policy in place for a number of reasons. The general public will want to see that you have one, and so will global authorities responsible for enforcing privacy laws.

By not including a Privacy Policy that states you do not collect certain types of information (or any information at all), one may wrongly assume that you're actually collecting a lot of data and not disclosing it, which will open you up to distrust and potential legal issues.

Taking a few minutes to create a Privacy Policy will help save you from these hassles and business reputation damage potentially happening.

Create Privacy Policy, Terms & Conditions and other legal agreements in a few minutes. Free to use, free to download.

Get started today ⇢

Screenshot of TermsFeed Generator

Robert Bateman

Robert Bateman

Privacy and Data Protection Research Writer at TermsFeed

This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.