Privacy Policy Generator

A Privacy Policy is a legally-required agreement between you and the users of your website/app. This agreement discloses your privacy practices and how you handle your users' personal data.

For example, a Privacy Policy will describe the types of personal data you collect, how you collect the data, how you keep it safe, what you use it for, and if you share any of that personal information with other parties.

Privacy Policies also disclose the use of cookies and other tracking technologies that may affect user privacy.

Privacy Policies are legally required by global privacy laws if you collect or use personal information.

The general definition of "personal information" is "any piece of information that can be used to identify an individual."

Personal information includes the obvious pieces of data such as first and last names, email addresses, street addresses, telephone numbers, financial information and ID numbers. But it also includes less intuitive pieces of "information" such as data collected via some cookies and IP addresses.

There are two main reasons why you need a Privacy Policy:

1. They're legally required

   If you collect or use personal information, you'll have to comply with privacy laws put in place around the world to protect consumer privacy. These laws will apply regardless of where your business itself is located, as they work to protect consumers in specific regions. For example, if your business is located in the U.S. but you have users in the EU, the EU's GDPR will still apply to you.

2. Consumers expect to see them

   In a world where consumer privacy is more important than ever and consumers are starting to take their privacy more seriously, not having a Privacy Policy can mean you may lose customers. People expect to see a Privacy Policy that they can easily access whenever they want. Not having one will make you seem untrustworthy.

Most countries around the world have some sort of law in place that requires a Privacy Policy if you handle personal data from its residents. To name a few, Canada, the EU, the UK, the U.S. and Australia all have laws that require a Privacy Policy.

As privacy concerns grow, the number of countries projected to enact this requirement will grow.

For a current directory, see our article: Privacy Laws By Country.

When it comes to laws that require a Privacy Policy, they work to protect people in specific regions. In other words, even if you aren't located in the state of California, you'll still need to be aware of California privacy laws if any of your customers are in that state.

With the global nature of business, it's best to be aware of all the leading privacy laws, and look more specifically into laws in areas where you're certain you do business.

In general, you need to be aware of the following laws:

• CalOPPA is a U.S. law from California that requires a Privacy Policy if you operate a commercial website, online service, or mobile app and collect personal information from people in CA.
• The CCPA is a U.S. law from California that requires a Privacy Policy under the same circumstances.
• COPPA is the only federal privacy law in the U.S. that addresses the privacy of children. If your U.S. customer base has children under 13, you'll need to take extra precautions when handling personal information.

• PIPEDA is a Canadian law relevant only to Canadian companies. It requires online and brick-and-mortar businesses to publish a Privacy Policy if they handle personal information.

  The law defines 'personal information' as names, birthdays, income statistics, race or ethnic origin, employee data and other private data.

• The GDPR is a wide-reaching, robust law that hails from the EU but has a global impact. It requires a Privacy Policy as well as new levels of consent required before collecting and processing certain types of personal information.

  After the GDPR, most new privacy laws are showing a mirroring effect to this law. In other words, the GDPR set the new standard for privacy laws and we will surely see its impacts in other countries and privacy laws around the world.

• The Data Protection Act of 1998 (DPA) is a UK law that's only relevant to businesses from the UK.

  Any business that collects, stores, and uses personal information must follow data processing requirements and limit the amount of personal information collected to only what's necessary.

  Email addresses, full names, identifying numbers, and birth dates all fall under personal information.

• The Australia Privacy Act of 1988 is an Australian law that applies to companies handling personal information.

  Using a list of privacy principles, it describes acceptable data collection, use, and storage policies that are well-covered if you have a Privacy By Design approach in your company. While the law predates mobile apps and many cloud software services, it's interpreted as being applicable to them.

You must be aware of not only local and federal laws in your jurisdiction but also those of where your website, app or service will be available.

Many legal issues occur with companies because they violate the laws of a country where they are not incorporated but perform transactions.

That's not a recommended course of action. Email addresses fall under personal information in current legislation on user data, all which require a Privacy Policy for collecting personal information.

You will open yourself up to liability if you request personal information without a Privacy Policy in place.

You'll need to have a Privacy Policy that explains that you collect email addresses, why you collect them, how you'll use them, and let users know about any rights they have when it comes to all of this. For example, let users know they can opt out of your email marketing list at any time, even after they've provided an email address and consent.

Your Privacy Policy needs to be easily and freely accessible at all times. There are a number of different placement options, but the general rule is to place your Privacy Policy link in your website footer, and anywhere else where you request personal information.

• Within your website footer

  Add your Privacy Policy link in with other important links. Users know to look here.

• When requesting personal information

  Present a link to your Privacy Policy at the time you're requesting personal information. For example, on sign-up/create account forms, on checkout pages and in email sign-up forms.

The best way to assure acceptance of the Privacy Policy is through clickwrap as it's the most clear, active and legally-compliant approach.

With clickwrap, you'll provide a link to the Privacy Policy and a checkbox a user can click next to a statement describing that by checking the box, the user is accepting the Privacy Policy.

You can also use a clearly-labeled button and statement such as, "By clicking Agree, you are agreeing to the terms in our Privacy Policy."

Privacy Policies need to be written in a way that covers all required, important information but does so in a way that's easy to understand by your average consumer.

Different privacy laws also have different requirements for what a Privacy Policy must contain.

The first step is to sit down and get an honest, thorough view of exactly what personal data your business collects, exactly why you collect it, and what you specifically do with it all.

Once you have a solid understanding of your business' relationship with personal information, you'll be able to draft a Privacy Policy.

You can use our Privacy Policy Generator, or check out some of our template articles to help you piece together your own Privacy Policy.

• Sample Privacy Policy Template
• Sample GDPR Privacy Policy Template
• Sample CCPA Privacy Policy Template
• CCPA Privacy Policy Checklist
• The Privacy Policy Checklist

The purpose of a Privacy Policy is to inform users about how you collect, handle and use their personal information.

The purpose of a disclaimer is to avoid or limit liability due to a user's misunderstanding of your content.

In more detail, disclaimers address specific types of liability for products or content.

For example, a medical website will include a medical disclaimer stating that the content is only shared for informative purposes and should not replace the care of a medical doctor.

A financial company that talks about the stock market will include a disclaimer stating that the content isn't guaranteed to lead to financial wealth.

Disclaimers are usually on standalone web pages or included in a Terms and Conditions agreement.

A Privacy Policy is used to inform users about how you collect, handle and use their personal information. In other words, it helps protect your users.

A Terms & Conditions agreement (T&C) is used to maintain more control over your website or app. In other words, it helps protect you as the business owner.

A T&C explains your rules, conditions of use, and other requirements regarding the use of your website or app. It provides information about topics like copyright protection, user-generated content, no tolerance policies against abuse and harassment, and how non-payment of subscription fees will be handled.

Another key difference is that while Privacy Policies are legally required, a Terms and Conditions agreement is not required under any laws.

However, having a Terms & Conditions agreement will help you enforce your rules and preserve a cause to terminate accounts if users violate your terms.