Privacy Policy Generator

Generate a Privacy Policy, 2020 up-to-date, for your business with the Privacy Policy Generator from TermsFeed.

  • CalOPPA: California Online Privacy Protection Act
  • GDPR: EU General Data Protection Regulation
  • CCPA: California Consumer Privacy Act
  • California Business Code
  • And many more
Generate Privacy Policy

I just wanted to send a quick note to let you know that I just used TermsFeed to generate three agreements for a mobile app that we are developing. It almost felt too simple!

- generated agreements for his mobile app.

I found both Terms & Conditions as well as the Privacy Policy to very elaborate and helpful.

- generated a GDPR Privacy Policy.

Privacy Policy is required by law

A "Privacy Policy" agreement is required by law if you're collecting personal data from users, regardless of the platform used (website, mobile app, desktop app etc.)

Most laws around the world require a Privacy Policy:

  • CalOPPA: California Online Privacy Protection Act
  • GDPR: EU General Data Protection Regulation
  • CCPA: California Consumer Privacy Act
  • California Business Code
  • And many more

Personal data is any kind of data that can identify an individual: email address, first and last name, billing and shipping address, credit card information, and so on.

Use this agreement everywhere:

  • Websites
  • WordPress blogs (or any other platforms: Joomla, Drupal)
  • E-commerce stores
  • Mobile apps: iOS, Android or Windows Phone
  • Facebook apps
  • Desktop apps
  • SaaS apps
  • Digital products or digital services

If you don't have a Privacy Policy yet, use the Privacy Policy Generator to generate it.

Privacy Policy for e-commerce stores

Including a Privacy Policy agreement for your ecommerce store is not only required by law, but it also builds trust with your customers and ensures that you stay in line with your legal obligations.

If you already have this agreement for your store, make sure to follow these tips:

  • Disclose what kind of personal information you're collecting from your customers
  • Disclose how the collected information may be shared or disclosed with third parties your store might be using (Google Analytics, Google AdWords, Google AdSense etc.)
  • Inform how customers can review and change the information collected on them
  • Make sure to include the policy's effective date

If you're missing a Privacy Policy for your store, use the Privacy Policy Generator to create it.

Privacy Policy for mobile apps

You'll need the Privacy Policy agreement even if you don't collect any personal data yourself through the mobile app you're building, but instead use third party tools such as:

  • Google Analytics Mobile
  • Flurry
  • Firebase
  • Mixpanel
  • And so on

If you use at least one third party tool that might collect personal data through your mobile app, you need this agreement in place.

Each app store also requires you to have this agreement in place before submitting the mobile app:

  • Apple App Store
  • Google Play Store
  • Microsoft Windows Phone Store

If your mobile app is missing a Privacy Policy, use the Privacy Policy Generator to generate it.

Privacy Policy for SaaS apps

Most SaaS businesses need to collect at least 2 types of personal information from users: email address and payment information. This makes a Privacy Policy agreement mandatory for SaaS businesses.

Most SaaS apps are using this agreement to disclose what kind of personal data might be collected through the app from users:

  • Personal information, such as the name and/or the email address, to register the account and process the subscription payments
  • Content that users create or post through the account
  • Use of Cookies
  • Log files created by the server
  • Geo-location information (GPS) requested by the mobile app
  • And more

Use the Privacy Policy Generator to generate a Privacy Policy for your SaaS app.

Privacy Policy for Facebook Apps & Pages

Various platforms, such as Facebook, are requiring businesses that are submitting their official app on these platforms to have a Privacy Policy agreement in place, even if the app doesn't collect any personal data.

Because you might be collecting personal information from users, through Facebook's APIs, you need to have a Privacy Policy for your Facebook app.

With TermsFeed's Privacy Policy Generator, you can create a Privacy Policy for your Facebook App & Page to include it at the "Privacy Policy URL" field.

Important: Your Facebook app will not go live if you don't have the Privacy Policy published on your website. Use the Privacy Policy Generator to create it and we'll host the policy for free for you.

Privacy Policy FAQ

Privacy Policies are essential for all websites and apps. Besides offering transparency to users who are using your website and/or app, Privacy Policies are also a matter of a legal compliance.

There are many countries that require a conspicuous Privacy Policy before you collect users' personal information.

A Privacy Policy is an agreement between you and a user regarding how you'll handle the user's personal data. The Privacy Policy describes the type of data you collect, how you collect it, and if you share any of that personal information with other parties.

Privacy Policy agreements also describe how you protect the collected data and the remedies if there's a security breach, including any notification procedures.

Many Privacy Policies describe how the business stores the collect data and if they use cookies and other tracking technology. Other companies even describe what happens to the data if they go out of business or are acquired by another company.

The general definition of "personal information" includes names, email addresses, street addresses, telephone numbers, and any other data that can be used to identify or contact a user.

Credit card numbers and other payment information, if you run a subscription service, definitely fall under this definition as well.

There are three reasons you need a Privacy Policy:

  1. First, you must inform users of the risk of using your website or app.

    By outlining the type of personal information you require and describing how you use it, potential users can make an informed decision on whether the risks of sharing their information are worth the benefits of your website/app.

  2. Second, making expectations clear protects you from liability.

    When you have well-defined terms and circumstances defined in a Privacy Policy, users cannot claim you used their information without consent.

    Even if users do not actually read the Privacy Policy, using clickwrap and other forms of acceptance assures they accept the terms even if they did not review it.

  3. Third, the international character of websites and apps require knowledge of laws outside your own jurisdiction.

    There are countries where your product may be purchased or downloaded that require a Privacy Policy before you request a name or credit card number.

    If you have a Privacy Policy already, you do not have to be concerned with running afoul of the law when you have users from these nations.

Canada, the U.K., and Australia, plus most countries around the world, all require a Privacy Policy.

The U.S. does not have a general federal law requiring a Privacy Policy, but the state of California has a law requiring them called CalOPPA.

The U.S. federal laws (COPPA) address children's privacy, so you need to be aware of that if you distribute children's games and apps in the U.S.

You need to be aware of the following laws:

  • California Online Privacy Protection Act (CalOPPA).

    Even though the U.S. lacks a federal law regarding privacy policies and protection, California is one of the most populated states and if you do business in the U.S., you most likely have users from California.

    CalOPPA requires a Privacy Policy if you operate a commercial website, online service, or mobile app.

  • Children's Online Privacy Protection Act (COPPA).

    COPPA is the only federal law regarding privacy in the U.S. regards children.

    So, your product or service is designed for children under 13, you need to take extra caution with data handling. This law is not limited to U.S. companies and also applies to foreign businesses with users from the U.S.

  • Personal Information Protection and Electronic Documents Act (PIPEDA).

    A Canadian law relevant only to Canadian companies, it requires online and brick-and-mortar businesses to publish a Privacy Policy if they handle personal information.

    The law defines 'personal information' as names, birthdays, income statistics, race or ethnic origin, employee data and other private data.

  • Data Protection Act of 1998 (DPA).

    The U.K. law is only relevant to businesses from the UK.

    Any business that collects, stores, and uses personal information must follow data processing requirements and limit the amount of personal information collected to only what's necessary.

    Email addresses, full names, identifying numbers, and birth dates all fall under personal information.

  • Australia Privacy Act of 1998.

    The Australian law generally addresses companies handling personal information.

    Using a list of privacy principles, it describes acceptable data collection, use, and storage policies that are well-covered if you have a Privacy By Design approach in your company. While the law predates mobile apps and many cloud software services, it's interpreted as being applicable to them.

You must be aware of not only local and federal laws in your jurisdiction but also those of where your website, app or service will be available.

Many legal issues occur with companies because they violated the laws of a country where they are not incorporated but perform transactions.

That's not a recommended course of action. Email addresses fall under personal information in current legislation on user data, all which require a Privacy Policy for collecting email addresses.

Also, you open yourself up to liability when you request information without a Privacy Policy because there are no terms stating that's permissible.

Even if it's obvious that your website or app cannot operate without a user's email address, you still need to describe how you use it, store it, and share it in a Privacy Policy.

That's the only way to control or avoid liability.

Options for posting your Privacy Policy include:

  • Within your website footer section.

    The browsewrap method means that a user accepts the terms just by using the website or service. This method isn't very reliable to enforce the terms of your Privacy Policy.

    Dropbox follows this approach on its own website footer:

    Dropbox: Privacy & Terms in website footer

  • Clickwrap.

    Clickwrap gives users a chance to review the Privacy Policy at signup and accept the agreement through a checkbox.

    Hubspot offers a good example of this approach when creating a new account:

    Inbound Sign-up: Clickwrap - Agree to Privacy Policy

  • Clickwrap, but with a notice.

    Other companies do not provide a checkbox but give notice of a Privacy Policy and indicate that registering for the service means accepting those terms.

    Box, a file sharing platform, adopted that method:

    Box: Register an account: Clickwrap: By registering you agree to our Terms of Use and Privacy Policy

All of these methods meet legal requirements. Your choice will depend on your level of risk adversity.

As a bottom line, the more sensitive information you handle, the more visible you should make your Privacy Policy.

The best way to assure acceptance of the Privacy Policy is through clickwrap as it's the most direct and active approach.

Even with clickwrap, you need to provide a link to the Privacy Policy.

All of the examples above give users a chance to click the link and see privacy practices before they move ahead with accepting the policy.

All Privacy Policies must contain two essential pieces of material:

  • A description of the type of information you collect
  • The purpose of that collection

If your company practices remarketing and targeted advertisements, that must also be within your Privacy Policy.

Privacy Policies available online take many structures including formal legal agreement, plain language descriptions, and even an FAQ structure.

Dropbox offers a good example of a Privacy Policy in plain language as opposed to unclear legal terms.

The Amazon Privacy Notice not only features plain language but also an easy-to-read FAQ format.

Disclaimers address specific types of liability and are usually present in the Terms and Conditions agreement. Occasionally, a Disclaimer can also be posted as a separate document.

The purpose of a disclaimer is to avoid liability due to a user's misunderstanding.

For example, WebMD has a Disclaimer in its Terms & Conditions agreement indicating that while the WebMD website provides medical information, that does not comprise medical advice.

Users are encouraged to see their health professional regarding symptoms rather than act on what they discover online.

Disclaiming liability is one function of a Privacy Policy but that's not its sole purpose. It also informs and gives notice of the type of personal information collected and how it is used.

Disclaimers exist solely to avoid liability and are not necessarily there to give users details on how data helps their use of the app or service.

A Terms & Conditions Agreement (T&C) explains rules, conditions, and requirements regarding the use of your website or app. The Terms & Conditions addresses items like copyright protection, no tolerance policies against abuse and harassment, and non-payment of subscription fees.

It's not required to have a Terms and Conditions under any laws. However, having a Terms & Conditions will help you enforce any rules and preserve a cause to terminate when a user quits paying fees. It's the only way you can enforce these requirements.

Some Terms & Conditions agreements contain language related to user privacy in their terms, but there's almost always a reference to the main and separate Privacy Policy agreement.

Any time you develop a website and/or app that collects and shares personal information, you cannot rely on the Terms & Conditions agreement alone. You'll likely violate the laws and make it difficult to argue that your privacy statement was conspicuous.

Here's an example of a Terms & Conditions with a brief reference to user privacy and a link to the Privacy Policy is shown here, from Twitter:

Privacy Section in Twitter Terms of Service