Sample Privacy Policy Template

Last updated on 07 November 2021 by Sara Pegarella (Law school graduate, B.A. in English/Writing. In-house writer)

Sample Privacy Policy Template

Generate a Privacy Policy in just a few minutes

In today's business world, companies depend heavily on data and information derived from it. Indeed, information is essential for all company employees, from the top executives to the operations level.

Protecting data, especially private, personal information, is crucial in a complex world where so much depends upon it. The most important step for business owners to protect their customers' data is to create a concise and transparent Privacy Policy.

A Privacy Policy is a legal document, which informs your website's visitors about the data collected on them and how your company will use it.

A good Privacy Policy should outline what data is being collected and explain why you're collecting it, who has access to it, and the time frame during which you plan to store it.

It should also include any third parties with whom your company shares personal or private information, as well as any steps taken to ensure the security of such information.

This article will cover the components of a good Privacy Policy and will help you better understand how to create one that builds trust and confidence in your customers and protects you against various liability issues. You'll also find examples of how other businesses have used Privacy Policies to comply with the law and inform customers about their privacy practices.

We've also put together a sample Privacy Policy Template that you can use to help write your own.

Download our Privacy Policy template by clicking here. It's free.


What is a Privacy Policy?

In essence, a Privacy Policy is a legal document outlining how your organization collects, uses, and discloses personal information.

There are two main reasons why you need a Privacy Policy:

✓ They're legally required: Privacy Policies are legally required by global privacy laws if you collect or use personal information.

✓ Consumers expect to see them: Place your Privacy Policy link in your website footer, and anywhere else where you request personal information.

Excerpt from TermsFeed Testimonials:

"I needed an updated Privacy Policy for my website with GDPR coming up. I didn't want to try and write one myself, so TermsFeed was really helpful. I figured it was worth the cost for me, even though I'm a small fry and don't have a big business. Thanks for making it easy."

Stephanie P.
Generated a Privacy Policy

Generate a Privacy Policy, 2021 up-to-date, for your business (web, mobile and others) with the Privacy Policy Generator from TermsFeed.

A properly written Privacy Policy tells customers what data you collect about them when they engage with your business (e.g., through your website) or purchase one of your products/services, and why you're collecting that information. It also lets people know how long their information will be stored, who can access these records and more.

A Privacy Policy is Required by Law

Privacy Policies are important because they're required by law to be posted on your website. You may be required to include specific clauses in your Privacy Policy, depending on the applicable laws within your area or where you are conducting business.

In fact, privacy laws are in place in many countries around the globe, including the following:

  • Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
  • The California Online Privacy Protection Act (CalOPPA)
  • The California Consumer Privacy Act (CCPA)
  • Europe's General Data Protection Regulation (GDPR)
  • Australia's Privacy Act
  • The UK's Data Protection Act

Third Party Services Require a Privacy Policy

Many third-party services that you use to improve your website's user experience, monitor analytics, or display ads require you to post a Privacy Policy.

You should provide clauses detailing how you use third-party services, APIs and SDKs.

Just some of the most popular third-party services, which require you to post a Privacy Policy are:

A few of the reasons these third-party services require you to post a Privacy Policy and disclose your usage of their cookies and services are due to the fact that they place cookies on your visitors' computers. They also collect information about them whenever they visit your site, such as their browsing habits, the device used, and so on.

Always be Transparent in Your Privacy Policy

Trust is essential for companies whose business models are based on sensitive customer data. A transparent and complete Privacy Policy agreement, which explains exactly what information a company collects and how it uses that information, inspires trust in a business.

The Privacy Policy Agreement and Template basics

Users feel secure knowing they have control over their personal information under the terms they signed up for.

Your Privacy Policy should explain to your users how your app or website handles personal data. Your users should also be aware of the reasons for collecting information and how long they will be kept on your servers.

Use the Privacy Policy Generator to create this legal agreement.

You must disclose even if you do not collect any personal information. Because users expect transparency, it helps to have a Privacy Policy. Users may believe that you are collecting too much personal information and not disclosing any.

The SwissCows search engine doesn't track or store user searches. Its Privacy Policy says that it only collects the data that is necessary to provide its services and stores it in an anonymized way:

Swisscows Privacy Policy: How does Swisscows protect your privacy clause

Conduct a privacy audit to ensure transparency and accuracy in your Privacy Policy. This will enable you to determine your business's privacy practices and what information you must disclose to your users through an appropriately transparent Privacy Policy.

What Should You Include in Your Privacy Policy

Download our Privacy Policy template by clicking here. It's free.

Your Privacy Policy should be structured to make it easy for the reader to understand essential information. You can achieve this by using well-structured, clearly written clauses that are clearly identified with descriptive headlines.

Your Privacy Policy will contain a variety of clauses depending on your business type and applicable law. Accordingly, there are certain clauses that every website, which collects personal data from visitors, should include in their Privacy Policies.

With that in mind, let's take a look at what you should include in your Privacy Policy.

What information do you collect?

Letting your website's visitors know what information you collect is an essential part of any Privacy Policy. This clause is crucial to let your users know from the beginning if you intend to collect data that they are comfortable sharing.

Use the Privacy Policy Generator to create this legal agreement.

For instance, a website could use a registration form to collect an individual's email address, which the company then adds to its mailing list. This is very different from an app that collects all kinds of personal data, such as name, address, payment information, and location.

The point here is that there is a worldwide consensus that users have the right to know exactly what kind of data you collect.

Here's how TikTok lets users know what kinds of information it uses and collects:

TikTok Privacy Policy: The types of personal data we use clause

You must also keep in mind that privacy laws generally stipulate that you may only collect personal information if necessary to offer the services you provide.

What do you do with the information you collect?

This clause informs the user about what happens to their personal data after it is collected.

A website might collect information such as a user's address and name in order to ship products purchased online. This information is essential and is not collected more than necessary. This is very different from a website that collects users' names and addresses and then sells it to a third party for marketing purposes.

Both websites collect the same information, but it is vital that you disclose how this information is used once it has been collected.

Here's how Snap discloses what it does with the information it collects:

Snap Privacy Policy: How We Use Information clause excerpt

How is collected information kept safe?

Personal data that is collected from an individual must be kept secure and only accessible by authorized personnel. You must implement appropriate security measures if you are trusted with handling personal data about users.

For example, to prevent unauthorized people from stealing or hacking your customer's credit card information, you need to secure it behind firewalls.

Data breaches have been affecting millions of internet users over the last few years. Many of those affected faced severe legal and financial consequences. You are responsible to make sure that personal information is not lost or misused if you store it.

Here is how MeWe notifies users about how it secures the data it collects:

MeWe Privacy Policy: Security: HTTPS and Encryption clause

Do users under the age of 13 use your website?

This clause is only applicable to specific websites and apps. It is regulated primarily under COPPA (the Children's Online Privacy Protection Act). COPPA imposes special requirements on apps and websites that collect data about children. It is vital to protect the privacy of all people, but it is crucial for minors.

This is why there is an additional clause in the Privacy Policy for websites and apps that target children.

You must comply with COPPA regulations if young people use your app or website.

The kids virtual classroom website Edmodo writes its clause on this subject like this:

Edmodo Privacy Policy: How is childrens personal information treated clause

Do you handle medical data?

Extra-sensitive information such as medical information is subject to additional regulation. The main law that covers additional measures for apps and websites that contain medical and health information is HIPAA (the Health Insurance Portability and Accountability Act of 1996).

If your website or app collects health or medical information, you must comply with HIPAA regulations. Note how the health insurance company Kaiser Permanente provides a link to its HIPAA privacy notice within its main Privacy Statement:

Kaiser Permanente Privacy Statement Introduction section with HIPAA Privacy notice link highlighted

Do you handle financial or credit data?

For obvious reasons, financial information requires greater privacy protections than usual. Because financial information and credit are more sensitive than usual, several laws govern what steps must be taken by companies to protect their users from identity theft and fraud.

You must comply with all laws governing financial information and credit information that you offer on your website or app. Kaiser Permanente has a simple statement on this subject.

Kaiser Permanente Privacy Statement: Credit card transactions clause

Does your website or app utilize third-party services?

We discussed this briefly previously, but standard clauses in Privacy Policies often disclose information about third-party services used by websites. It is important to disclose information about third-party usage because the Privacy Policies of third parties may differ from yours. Users need to know who has access and what their own unique policies are, since this may affect their data.

A website might use a third-party credit card processor to process transactions. Although the website does not store or handle this transaction information, users need to be able to see who has access to their credit card information and what they do with it.

It can be as simple as providing the name of the third party and explaining why it is being used. The user can then read the third party's Privacy Policy to confirm their agreement with your website's policies.

Here is an example from Facebook's Privacy Policy:

Facebook Data Policy: How Information is Shared clause - Apps, websites and third-party integrations section

Additional clauses in your Privacy Policy

The clauses we just went over are pretty common. However, your website might require additional clauses to disclose your privacy practices and inform users about your services.

Use the Privacy Policy Generator to create this legal agreement.

Check out the Privacy Policies on your favorite websites and apps, or those of your competitors, to see what extra clauses they have, which cover the unique features and services they offer.

FAQ: Privacy Policy

Here is a list of frequently asked questions that you may find useful.

You need a Privacy Policy because privacy laws around the world require one if you collect personal information. Many third-party companies also require a Privacy Policy in order to use their services.

Even if you don't collect personal information, you should still have a Privacy Policy. This is because people and the authorities expect to see one. Without one, even one that simply says you don't collect personal information, you may come across as untrustworthy to the public and end up being questioned by authorities.


Examples of Privacy Policies on Websites

Whether your website, mobile app, desktop or web app collects personal data from users, you must post a Privacy Policy. Many websites include a link to their Privacy Policies in the homepage footer or main navigation menu.

Let's look at some Privacy Policies on popular news websites.

The New York Times

The New York Times website footer with Privacy Policy link highlighted for 2021

The New York Times has the following sections in its Privacy Policy:

  • What Information Do We Gather About You?
  • What Do We Do With the Information We Collect About You?
  • With Whom Do We Share the Information We Gather?
  • What Are Your Rights?
  • What About Sensitive Personal Information?
  • How Long Do You Retain Data?
  • How Do You Protect My Information?
  • Are There Guidelines for Children?
  • How Is Information Transferred Internationally?
  • What Is Our Legal Basis?
  • What About Links to Third Party Services?
  • How Are Changes to This Privacy Policy Communicated?
  • How Can You Contact Us?
  • Who is the Controller of Your Personal Information?

This list is a great place to start for most Privacy Policies.

The National Review

The National Review website footer with Privacy Policy link highlighted

The National Review has the following sections in its Privacy Policy:

  • Quick Overview of This Privacy Policy
  • General Statement About This Privacy Policy
  • General Statement About Data Collection & Targeted Advertising
  • The Information We Collect
  • How We Use The Information We Collect
  • Information Sharing
  • Third-Party Services
  • Your Account
  • Confidentiality & Security
  • Additional Information for California Residents
  • Privacy Policy Changes

While this policy is shorter, it still covers all the key areas and is worth checking out for inspiration and guidance on your own Privacy Policy's content and structure.

Summary

Your Privacy Policy is not just a legal requirement but also an opportunity to communicate your company's values. Think of it like the "About Us" section on your website, only more important.

It should be accurate and up-to-date with any changes in policy or practices so that you don't run into problems down the line.

Your website, web app or mobile app may collect personal data. If so, you will likely be required by law or third-party services to provide a Privacy Policy to your website/app.

Be sure to include sections on:

  • What information you collect
  • What you do with that information
  • How you keep that information safe
  • How you handle data of individuals under 13 years of age
  • How you handle medical data
  • How you handle financial or credit data
  • How your app or website utilizes third-party services

Finally, don't be tempted to copy or use another business's Privacy Policy. The one you're copying might not be right for your business. Let's take, for example, the text of a competitor who is in the same industry.

You may be doing business differently than they are. Your competitor might collect different types of information or share it with other third parties than you do. Of course, you could edit the Privacy Policy you're copying from to make it more appropriate for your business.

But is that time better spent growing your business or creating cobbling together a Frankenpolicy?

Download Privacy Policy Template

We understand that writing your own Privacy Policy can seem like a daunting task. Therefore, to help you put one together without snatching your competitor's or cherry-picking bits and pieces here and there, you can use a template. Templates can provide structure and inspiration, which is a great starting point.

Alternatively, we recommend using our Privacy Policy Generator.

It is a powerful tool that will ask all the right questions regarding your business and the types of information you collect. The tool will use your answers to create a professional Privacy Policy tailored to your requirements and needs.

Use the Privacy Policy Generator to create this legal agreement.

Download the Privacy Policy Template as a PDF file or Download the Privacy Policy Template as a DOCX file.

You can also download this Privacy Policy Template as a Google Document.

This template available for download, for free, includes these sections:

  • Information Collection And Use
  • Log Data
  • Cookies
  • Security
  • Links To Other Sites
  • Changes To This Privacy Policy
  • Contact Us

Example of Privacy Policy - Screenshot

Sara Pegarella

Sara Pegarella

Law school graduate, B.A. in English/Writing. In-house writer

This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.