Pinterest is a social media platform that enables users to curate and share images, GIFs, and videos through their account pinboards. Users can save pins to their boards and create customized digital scrapbooks. Pinterest's popularity continues to grow, and many merchants have found considerable success through its advertising services.

Whenever Pinterest merchants use targeted advertising to market to a specific group of people, they should have a Privacy Policy to help protect their audience's privacy rights.

A Privacy Policy is a legal agreement that describes how you collect consumers' personal information and what you do with it and lets people know how they can control their data.

This article will explain why you need a Privacy Policy for Pinterest advertising and how to comply with Pinterest's legal policies and applicable privacy laws. We will guide you through the process of creating a Privacy Policy specifically for Pinterest advertising, and explain how to display your Privacy Policy.

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:

  1. At Step 1, select the Website option or App option or both.

    TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  2. Answer some questions about your website or app.

    TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  3. Answer some questions about your business.

    TermsFeed Privacy Policy Generator: Answer questions about business practices - Step 3

  4. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.



Why Do You Need a Privacy Policy for Pinterest Advertising?

There are two main reasons why you need a Privacy Policy for advertising on Pinterest:

  1. To comply with Pinterest's legal policies
  2. To comply with applicable laws

Pinterest requires its users to comply with its legal agreements and guidelines, and anytime you engage in targeted advertising (marketing based on tracking consumers' online behavior) you need to be aware of any state or global privacy laws that may apply to you.

Let's take a look at how having a Privacy Policy can help you comply with Pinterest's legal policies.

Complying with Pinterest's Legal Policies

Pinterest requires its users to abide by its legal policies, including its Advertising Services Agreement, Terms of Service agreement, Business Terms of Service agreement, and Ad Data Terms. Pinterest merchants must also follow its Advertising, Merchant, and Community Guidelines.

We'll look at the requirements of each below.

Pinterest's Advertising Services Agreement

Pinterest's Advertising Services Agreement is a document that governs advertisers' use of Pinterest's Ad Services. It outlines the terms that you must agree to in order to advertise on Pinterest, including complying with all of its legal policies and agreeing to its payment and cancellation terms.

Certain Pinterest advertisers must also comply with PASA's Data Sharing Addendum and Joint Controller Addendum, which are located towards the end of the Advertising Services Agreement linked above.

Pinterest has updated its Advertising Services Agreement with a Joint Controller Addendum that applies to the joint processing of personal data that is subject to the General Data Protection Regulation (GDPR). The Joint Controller Agreement applies to joint controllers that offer goods or services to or control or process personal data belonging to residents of the European Union and the United Kingdom.

The GDPR is the EU's primary data protection law. It defines a joint controller as two or more data controllers that work together to decide the reasons for processing consumers' personal data. Pinterest's Advertising Services Agreement defines Pinterest advertisers and Pinterest Europe as joint controllers.

The Advertising Services Agreement defines joint processing as the collection and transmission of activity data through any Ad Service features (such as the Pinterest Tag or Pinterest API) that allow you to share activity data from your website, store, or mobile app.

Activity data is personal data that is shared in connection with Pinterest's Ad Services.

Pinterest sent an email to its users informing them about the updates it made to its Advertising Services Agreement, including incorporating a

"Joint Controller Addendum, which clarifies the responsibilities of Pinterest Europe Limited and our advertisers in relation to personal data subject to the General Data Protection Regulation (GDPR), including as it applies in the UK. (Pinterest, 2023)"

The email goes on to encourage advertisers that process personal data to update their Privacy Policies to reflect the Advertising Services Agreement's changes:

Pinterest email about updating Advertising Services Agreement

The Joint Controller Addendum requires Pinterest advertisers to:

  • Only process personal data for lawful reasons
  • Notify data subjects (the people the personal data belongs to) about how they handle personal data, and
  • Forward any requests they receive regarding joint processing to Pinterest

Only Process Personal Data For Lawful Reasons

One of the following must apply for data processing to be lawful:

  • The data subject has given consent
  • The data processing is necessary to fulfill or for the data subject to enter into a contract
  • The data processing is necessary for the controller to fulfill a legal obligation
  • The data processing is necessary to protect the "vital interests" (when the processing is a matter of life or death) of an individual
  • The data processing is necessary for the public interest
  • The data processing is necessary for the "legitimate interest" (such as marketing, fraud prevention, or IT security) of the data controller or a third party (unless those interests conflict with the data subject's rights, especially if the data subject is a child)

Article 6 of the GDPR outlines the legal reasons for processing personal data:

GDPR Article 6: Lawfulness of Processing - Section 1: Lawful bases

Keep Consumers Informed

You can use your Privacy Policy to inform consumers about the following:

  • What information you use Ad Data Features for
  • Your reasons for joint processing
  • That you and Pinterest Europe have entered into the Joint Controller Agreement to comply with the GDPR's joint processing requirements
  • That you are responsible for providing data subjects with the information required by the GDPR
  • That Pinterest Europe is responsible for enabling data subject's rights under the GDPR in regard to their personal data being stored by Pinterest
  • Data subjects' right to object to the processing of their personal data
  • How you keep the personal data used with joint processing safe
  • What you do in the case of a data breach (including if and how you communicate the data breach to the data subject)

Forward Joint Processing Requests to Pinterest

Pinterest's Advertising Services Agreement requires you to forward any joint processing requests you receive from data subjects or a supervisory authority to Pinterest within 7 calendar days of receiving the request:

Pinterest Advertising Services Agreement: Joint Controller Addendum Section 8

Next, let's take a look at the other legal policies that advertisers must comply with in order to use Pinterest's Ad Services.

Pinterest's Terms of Service Agreement

Pinterest's Terms of Service agreement describes the rules its users must abide by to use its services. Pinterest's Terms of Service agreement explains that any users who wish to use Pinterest for commercial reasons must agree to its Business Terms of Service agreement:

PInterest Terms of Service: Commercial Use clause

Pinterest's Business Terms of Service Agreement

Pinterest's Business Terms of Service agreement applies specifically to Pinterest merchants and explains that they must comply with all of its policies, including its Community Guidelines.

Pinterest merchants must also ensure that the content they post (including content from third parties) complies with applicable laws:

Pinterest Business Terms of Service: Responsibility for your content clause

Pinterest's Community Guidelines

Pinterest's Community Guidelines explains that paid partnerships and affiliates must comply with applicable advertising laws:

Pinterest Community Guidelines: Paid partnerships excerpt

Pinterest's Advertising Guidelines

Pinterest's Advertising Guidelines requires users of its ad services to respect privacy rights:

Pinterest Advertising Guidelines: Respect the rights of others section

The Advertising Guidelines also describe restricted Pinterest ads service data collection practices, including:

  • Using data that you receive for purposes other than understanding Pinterest campaigns
  • Sharing data with a third party
  • Combining collected data with information that could be used to identify a user, browser, or device

The Advertising Guidelines go on to explain that you must tell users and get their consent whenever you collect, share, or use their personal data used with a Pinterest ad service.

Pinterest's Merchant Guidelines

Pinterest's Merchant Guidelines explain that merchants must comply with applicable laws to use its service:

Pinterest Merchant Guidelines: Follow relevant laws section

Pinterest's Ad Data Terms

Pinterest defines ad data as any personal data that is shared in connection with its advertising service, such as for targeting or measuring ads. Pinterest's Ad Data Terms state that you must agree to the following when using its ad services:

  • Disclose and get consent for cookies and User IDs
  • Notify visitors to your website and app if their information will be shared with third parties for targeted advertising purposes
  • Tell visitors how they can opt out of targeted advertising

Pinterest Ad Data Terms: Obligations list

Including information about how you use personal information and how visitors can opt out of targeted advertising within your Privacy Policy is an effective way to comply with Pinterest's Ad Data Terms.

Next, let's take a look at how a Privacy Policy can help you comply with applicable laws (as required by Pinterest).

Complying With Applicable Laws

Complying With Applicable Laws

Any time you engage in targeted advertising, you need to be aware of applicable privacy laws. Privacy legislation can apply to you based on both your business's location and your users' locations. It's important to know what states or locations your audience lives in so that you can create a Privacy Policy that reflects the laws that govern their locations.

The laws regulating targeted advertising include but aren't limited to the following:

  • The California Consumer Privacy Act (CCPA/CPRA)
  • The GDPR
  • Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)

CCPA (CPRA) Requirements

The CCPA (CPRA) applies to certain companies that do business within the state of California and gives California citizens the following rights:

  • The right to access, correct, or delete their personal information
  • The right to know what personal information is being collected and who it is sold to or shared with
  • The right to opt out of the sale or sharing of their personal information
  • The right to limit the use and disclosure of their sensitive personal information
  • The right to exercise their rights without being discriminated against

The CCPA requires any applicable organization to maintain a compliant Privacy Policy on its website that notifies California residents of their rights and provides information about how it uses, sells, or shares their personal information.

GDPR Requirements

The GDPR applies to anyone who provides goods or services to or collects or processes (uses) personal data belonging to residents of the EU. It gives EU consumers a similar set of rights to the CCPA. It requires applicable organizations to provide information about why they are collecting personal data, among other requirements.

It requires anyone within its scope to inform users why they are processing their personal data and provide applicable information within the notice. The best way to do this is with a GDPR-compliant Privacy Policy.

PIPEDA Requirements

PIPEDA applies to organizations that do business in Canada or collect, use, or share Canadian citizens' personal information. It requires businesses that meet its criteria to comply with its ten fair information principles.

One of the simplest ways to comply with the PIPEDA is to maintain a Privacy Policy that describes how you use personal information on your website.

How to Create a Privacy Policy for Pinterest Advertising

How to Create a Privacy Policy for Pinterest Advertising

Your Privacy Policy for Pinterest advertising must be clearly written, easy to understand, and contain all relevant and required clauses.

Below are the clauses that you'll find in most compliant Privacy Policies.

The Types of Information You Collect

You can use this clause to describe the kinds of personal information you collect. You should make sure that you only collect personal data that is covered in Pinterest's Privacy Policy.

Pinterest's Advertising Guidelines inform users that they should not collect any personal data that isn't covered in its Privacy Policy:

Pinterest Advertising Guidelines: Collect personal data section

Pinterest's Privacy Policy describes the types of data it collects, including account info, content, and precise location information, among others:

Pinterest Privacy Policy: Collect Information clause excerpt

Porch Potty maintains a Privacy Policy on its website that explains the kinds of information it collects, including email and mailing addresses, phone numbers, and credit card information that users provide directly, and information gathered via cookies:

Porch Potty Privacy Policy: Information we collect clause

How You Use the Information You Collect

This clause explains what you do with users' personal information, such as using it to collect payments and ship orders, and for advertising purposes.

Wood and Hearts' Privacy Policy describes how it uses, processes, and discloses users' personal information, including to fulfill orders, process payments, and for marketing purposes:

Wood and Hearts Privacy Policy: How Your Personal Information is Used Processed and Disclosed clause

How You Comply With Location-Specific Laws

You should include this clause in your Privacy Policy if you have users that live in certain states or countries with relevant privacy laws, as it can explain how you comply with those laws and give users location-specific information that these laws may require.

Bright Creations' Privacy Policy includes information about how it collects, uses, discloses, and sells California residents' personal information, as required by the CCPA:

Bright Creations Privacy Policy: Additional Disclosures for Residents of California clause

How Users Can Access, Edit, or Delete Their Personal Information

This clause explains the steps users can take to access, edit, or delete their personal information. You can also use this clause to describe any changes to your service that may occur if users choose to edit or delete their personal information.

Gahlia Lahav's Privacy Policy informs users of their rights to access, edit, and delete their personal information (among other rights):

Gahlia Lahav Privacy Policy: User Rights clause excerpt

It also provides a link to an email address where users can send in requests or questions concerning these rights:

Gahlia Lahav Privacy Policy: Exercise rights section

How Users Can Opt Out of Use of Information

You should give users clear instructions for how they can opt out of the sale, sharing, or use of their personal information for targeted advertising.

Luxe Lady Fit's Privacy Policy explains that it uses consumers' personal information for targeted advertising purposes, and provides links that enable users to opt out:

Lux Lady Fit Privacy Policy: Targeted advertisement clause

How and With Whom You Share Users' Personal Information

Visitors to your website need to know whether you share the personal information you collect with any third parties and for what reasons. You should use this clause to list the types of third parties you share users' personal information with.

Ruggable's Privacy Policy lists who it shares users' personal data with, including with other companies within the Ruggable group, with service providers, with the acquirer in the event of a merger, and with strategic partners, among other third parties:

Ruggable Privacy Policy: How We Disclose Your Personal Data Clause

How Long You Retain Users' Personal Information

You can use this clause to inform users about how long you keep their personal information.

Bolder Play's Privacy Policy informs users that it only keeps their personal data as long as necessary to fulfill its purposes unless it receives a complaint or believes that litigation may occur:

Bolder Play Privacy Policy: Data retention clause

Your Contact Information

It's important to give users methods for contacting you. This can be an email address, a phone number, access to a web form, etc.

AllModern's Privacy Policy includes the email address for its data protection officer as well as its U.S. and Galway mailing addresses:

AllModern Privacy Policy: Contact clause

Information Required by the Joint Controller Addendum

If you advertise to residents of the EU or the UK, you will need to make sure that your Privacy Policy contains information required by Pinterest's Joint Controller Addendum, including your reasons for joint processing and what you do in case of a data breach.

Pinterest's Advertising Services Agreement contains a table describing the obligations Pinterest advertisers need to meet in order to comply with it and the GDPR:

Pinterest Advertising Services Agreement: Joint Controller Addendum GDPR chart

After you create your Privacy Policy for Pinterest, you need to make sure it's displayed in a way that's compliant with the law. Let's look at that next.

How to Display Your Privacy Policy on Pinterest

How to Display Your Privacy Policy on Pinterest

Pinterest makes it easy to add a website link to your profile. You can use the website field of your Pinterest profile to either:

  • Link directly to your Privacy Policy, or
  • Link to your main website, where your Privacy Policy should be linked and accessible

Most businesses and bloggers alike will link their Privacy Policy within their site's footer. This means linking to your website will help users access your Privacy Policy as well.

Here's how NuCalm links its Privacy Policy to its footer, next to other important links for its support team, help guides, a blog and Terms agreement:

NuCalm website footer with Privacy Policy link highlighted

Follow these steps to add your website link or Privacy policy link to your Pinterest profile:

  1. Log in to your Pinterest account

  2. In the top right of the screen, click the down-arrow icon:

    TermsFeed Pinterest account with menu arrow highlighted

  3. Click Settings within the menu:

    TermsFeed Pinterest menu with Settings option highlighted

  4. On the left side of the screen, click Public profile:

    TermsFeed Pinterest menu with Public profile highlighted

  5. Enter your Privacy Policy URL or website URL in the Website field:

    TermsFeed Pinterest account with Website field highlighted

  6. Click Save at the bottom of the screen

Your Privacy Policy or website link will now be displayed as a link on your Pinterest profile.

Summary

You should have a Privacy Policy for Pinterest advertising in order to comply with Pinterest's legal policies and applicable state and global privacy and data protection laws.

Pinterest's legal agreements require merchants to:

  • Comply with its Advertising Services Agreement (including its Joint Controller Addendum)
  • Ensure that their content and any content they post from third parties complies with applicable laws
  • Get consent from users before collecting their personal data
  • Notify users if their personal information will be shared with third parties for targeted advertising
  • Inform users how they can opt out of targeted advertising

One of the best ways to comply with Pinterest's legal agreements and applicable state and global privacy and data protection laws is by maintaining a Privacy Policy on your website.

To create a Privacy Policy for Pinterest advertising, you will need to make sure that it is clearly written and easy to understand, and update it regularly as laws and your business processes change. Your Privacy Policy should include at least the following clauses:

  • What types of personal information you collect
  • How you use the personal information you collect
  • How you comply with location-specific laws
  • How users can opt out of the sale, sharing, or use of their personal data for targeted advertising and other rights they have
  • What third parties you share personal information with
  • How long you keep users' personal information
  • Your contact information
  • Information required by the Joint Controller Addendum

You should display your Privacy Policy where it is easily accessible by visitors to your Pinterest page, either by a direct link to your Privacy Policy or to your website where your Privacy Policy is then accessible.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy