A Privacy Policy is a legal document that informs the public about the data you collect, how you collect it, and how you use it, as well as other important details about your privacy practices.

This article will explain in further detail what a Privacy Policy is, why and when one is legally required, and how to create and display your own.

We've also put together a Sample Privacy Policy Template that you can use to help write your own.


What is a Privacy Policy?

A properly written Privacy Policy tells customers what data you collect about them when they engage with your business (e.g., through your website) or purchase one of your products/services, and why you're collecting that information. It also lets people know how long their information will be stored, who can access these records and more.

So, a good Privacy Policy should outline what data is being collected and explain why you're collecting it, who has access to it, and the time frame during which you plan to store it. It should also include any third parties with whom your company shares personal or private information, as well as any steps taken to ensure the security of such information.

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:

  1. At Step 1, select the Website option or App option or both.

    TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  2. Answer some questions about your website or app.

    TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  3. Answer some questions about your business.

    TermsFeed Privacy Policy Generator: Answer questions about business practices  - Step 3

  4. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.


A Privacy Policy is Required by Law

Privacy Policies are required by law to be posted on your website. You may be required to include specific clauses in your Privacy Policy, depending on the applicable laws within your area or where you are conducting business.

In fact, privacy laws are in place in many countries around the world, including the following:

  • Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
  • The California Online Privacy Protection Act (CalOPPA)
  • The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)
  • Europe's General Data Protection Regulation (GDPR)
  • Australia's Privacy Act
  • The UK's Data Protection Act

Third Party Services Require a Privacy Policy

Many third-party services that you use to improve your website's user experience, monitor analytics, or display ads require you to post a Privacy Policy.

You should provide clauses detailing how you use third-party services, APIs and SDKs.

Just some of the most popular third-party services, which require you to post a Privacy Policy are:

A few of the reasons these third-party services require you to post a Privacy Policy and disclose your usage of their cookies and services are due to the fact that they place cookies on your visitors' computers. They also collect information about them whenever they visit your site, such as their browsing habits, the device used, and so on.

Always be Transparent in Your Privacy Policy

A transparent and complete Privacy Policy agreement, which explains exactly what information a company collects and how it uses that information, inspires trust in a business.

Trust is essential for companies whose business models are based on sensitive customer data. Users feel secure knowing they have control over their personal information under the terms they signed up for.

Your Privacy Policy should explain to your users how your app or website handles personal data. Your users should also be aware of the reasons for collecting information and how long they will be kept on your servers.

You must disclose even if you do not collect any personal information. Because users expect transparency, it helps to have a Privacy Policy. Users may believe that you are collecting too much personal information and not disclosing any.

The SwissCows search engine doesn't track or store user searches. Its Privacy Policy says that it only collects the data that is necessary to provide its services and stores it in an anonymized way:

Swisscows Privacy Policy: How does Swisscows protect your privacy clause

Conduct a privacy audit to ensure transparency and accuracy in your Privacy Policy. This will enable you to determine your business's privacy practices and what information you must disclose to your users through an appropriately transparent Privacy Policy.

What Should You Include in Your Privacy Policy

Your Privacy Policy will contain a variety of clauses depending on your business type and applicable law. Accordingly, there are certain clauses that every website, which collects personal data from visitors, should include in their Privacy Policies.

It should be structured to make it easy for the reader to understand essential information. You can achieve this by using well-structured, clearly written clauses that are clearly identified with descriptive headlines.

With that in mind, let's take a look at what you should include in your Privacy Policy.

What information do you collect?

Letting your website's visitors know what information you collect is an essential part of any Privacy Policy. This clause is crucial to let your users know from the beginning if you intend to collect data that they are comfortable sharing.

For instance, a website could use a registration form to collect an individual's email address, which the company then adds to its mailing list. This is very different from an app that collects all kinds of personal data, such as name, address, payment information, and location.

The point here is that there is a worldwide consensus that users have the right to know exactly what kind of data you collect.

Here's an example of a clause that lets users know what kinds of information it uses and collects:

TikTok Privacy Policy: The types of personal data we use clause

You must also keep in mind that privacy laws generally stipulate that you may only collect personal information if necessary to offer the services you provide.

What do you do with the information you collect?

This clause informs the user about what happens to their personal data after it is collected.

A website might collect information such as a user's address and name in order to ship products purchased online. This information is essential and is not collected more than necessary. This is very different from a website that collects users' names and addresses and then sells it to a third party for marketing purposes.

Both websites collect the same information, but it is vital that you disclose how this information is used once it has been collected.

Here's an example of how to disclose what is done with the information a business collects:

Snap Privacy Policy: How We Use Information clause excerpt

How is collected information kept safe?

Personal data that is collected from an individual must be kept secure and only accessible by authorized personnel. You must implement appropriate security measures if you are trusted with handling personal data about users.

For example, to prevent unauthorized people from stealing or hacking your customer's credit card information, you need to secure it behind firewalls.

Data breaches have been affecting millions of internet users over the last few years. Many of those affected faced severe legal and financial consequences. You are responsible to make sure that personal information is not lost or misused if you store it.

Here's an example of how you can disclose how data is secured:

MeWe Privacy Policy: Security: HTTPS and Encryption clause

Do users under the age of 13 use your website?

This clause is only applicable to specific websites and apps. It is regulated primarily under COPPA (the Children's Online Privacy Protection Act). COPPA imposes special requirements on apps and websites that collect data about children. It is vital to protect the privacy of all people, but it is crucial for minors.

This is why there is an additional clause in the Privacy Policy for websites and apps that target children.

You must comply with COPPA regulations if young people use your app or website.

Here's an example of a clause addressing children's personal information:

Edmodo Privacy Policy: How is childrens personal information treated clause

Do you handle medical data?

Extra-sensitive information such as medical information is subject to additional regulation. The main law that covers additional measures for apps and websites that contain medical and health information is HIPAA (the Health Insurance Portability and Accountability Act of 1996).

If your website or app collects health or medical information, you must comply with HIPAA regulations. Note how the health insurance company Kaiser Permanente provides a link to its HIPAA privacy notice within its main Privacy Statement:

Kaiser Permanente Privacy Statement Introduction section with HIPAA Privacy notice link highlighted

Do you handle financial or credit data?

For obvious reasons, financial information requires greater privacy protections than usual. Because financial information and credit are more sensitive than usual, several laws govern what steps must be taken by companies to protect their users from identity theft and fraud.

You must comply with all laws governing financial information and credit information that you offer on your website or app. Kaiser Permanente has a simple statement on this subject.

Kaiser Permanente Privacy Statement: Credit card transactions clause

Does your website or app utilize third-party services?

Privacy Policies often disclose information about third-party services used by websites. It is important to disclose information about third-party usage because the Privacy Policies of third parties may differ from yours. Users need to know who has access and what their own unique policies are, since this may affect their data.

A website might use a third-party credit card processor to process transactions. Although the website does not store or handle this transaction information, users need to be able to see who has access to their credit card information and what they do with it.

It can be as simple as providing the name of the third party and explaining why it is being used. The user can then read the third party's Privacy Policy to confirm their agreement with your website's policies.

Here is an example of this type of clause:

Facebook Data Policy: How Information is Shared clause - Apps, websites and third-party integrations section

Privacy Policy FAQs

Here is a list of frequently asked questions that you may find useful.

A Privacy Policy is a legally-required policy document between you and the users of your website/app that discloses your privacy practices and how you handle your users' personal data. A Privacy Policy will describe the types of personal data you collect, how you collect the data, how you keep it safe, what you use it for, and if you share any of that personal information with other parties.

Yes. You can download a sample Privacy Policy template for free in multiple formats: PDF, DOCX, Full Text or as a Google Docs document.

You need a Privacy Policy because privacy laws around the world require one if you collect personal information. Many third-party companies also require a Privacy Policy in order to use their services.

Even if you don't collect personal information, you should still have a Privacy Policy. This is because people and the authorities expect to see one. Without one, even one that simply says you don't collect personal information, you may come across as untrustworthy to the public and end up being questioned by authorities.

You should have a Privacy Policy even if you don't collect personal information because the general public and authorities both expect to see one.

Without a Privacy Policy, you may end up having to explain your privacy practices to legal authorities to prove that you aren't violating privacy laws. You may also lose trust with the public for not being clear about what your privacy practices are.

Even if you don't collect personal information, you should post a Privacy Policy that says exactly that.

The standard information that every Privacy Policy should include is as follows:

  • What personal information you collect
  • How you collect it
  • Why you collect it/How you use it
  • How long you keep the personal information
  • How you secure it
  • Whether or not you share it with any third parties
  • Any rights your users have when it comes to your collection, use or retention of their personal information
  • Your contact information

Note that some privacy laws require additional information if you fall under the law's scope. Some of this additional information includes:

  • How you handle personal information of minors/children
  • Whether you use cookies that collect personal information
  • If you transfer data to other countries
  • Whether you sell personal information, and how users can opt out of this
  • How users can exercise their rights under specific laws

You should always display a link to your Privacy Policy in your website's footer. This is where people know to look for it, and it's a common best practice.

You should also display a Privacy Policy link at places where you request to collect personal information.

For example:

  • Email newsletter sign-up forms
  • Contact forms
  • Account sign-up forms
  • Ecommerce checkout pages

For mobile apps, the same concept applies. Add a link to your Privacy Policy in a menu within your app, such as an "About" or "Legal" menu. Also add the link to other areas of your app where you request personal information.

Make your Privacy Policy enforceable by having your users click an unticked checkbox next to a statement that says something similar to "I have read and agree to the terms of the Privacy Policy."

You can also have users click a button that says something like "I Agree" next to a statement like the above if you don't want to use a checkbox.

Generally, you need to update your Privacy Policy when any of your privacy practices change.

Some common times to update your Privacy Policy would be if you:

  • Collect new types of personal information that you didn't used to collect
  • Collect personal information in a new way
  • Start using personal information in a way you didn't previously use it
  • Change how long you retain personal information
  • Start sharing personal information with a new third party

Make sure to update your Privacy Policy's effective date with the date you make the updates. Send notifications to your users of any material changes, such as via an email or a website pop-up message.

Note that some privacy laws (such as the CCPA) require you to update your Privacy Policy once every 12 months.


Privacy Policy Examples

Whether your website, mobile app, desktop or web app collects personal data from users, you must post a Privacy Policy. Many websites include a link to their Privacy Policies in the homepage footer or main navigation menu.

Let's look at some Privacy Policies on popular news websites.

The New York Times

The New York Times website footer with Privacy Policy link highlighted for 2021

The New York Times has the following sections in its Privacy Policy:

  • What Information Do We Gather About You?
  • What Do We Do With the Information We Collect About You?
  • With Whom Do We Share the Information We Gather?
  • What Are Your Rights?
  • What About Sensitive Personal Information?
  • How Long Do You Retain Data?
  • How Do You Protect My Information?
  • Are There Guidelines for Children?
  • How Is Information Transferred Internationally?
  • What Is Our Legal Basis?
  • What About Links to Third Party Services?
  • How Are Changes to This Privacy Policy Communicated?
  • How Can You Contact Us?
  • Who is the Controller of Your Personal Information?

This list is a great place to start for most Privacy Policies.

The National Review

The National Review website footer with Privacy Policy link highlighted

The National Review has the following sections in its Privacy Policy:

  • Quick Overview of This Privacy Policy
  • General Statement About This Privacy Policy
  • General Statement About Data Collection & Targeted Advertising
  • The Information We Collect
  • How We Use The Information We Collect
  • Information Sharing
  • Third-Party Services
  • Your Account
  • Confidentiality & Security
  • Additional Information for California Residents
  • Privacy Policy Changes

While this policy is shorter, it still covers all the key areas and is worth checking out for inspiration and guidance on your own Privacy Policy's content and structure.

How to Display and Get Agreement to a Privacy Policy

Privacy laws require that your Privacy Policy be displayed in a way that's easy for users to access at any time. You must also get users to consent, or agree to, your processing of their personal data as stated in your policy.

When it comes to displaying your Privacy Policy, you should start with adding a link within your website's footer. This will make the policy visible and accessible from every page of your site, and people are familiar with looking here for legal agreements and important information.

Here's an example of how you can display a Privacy Policy in a site footer:

Wolverine website footer with Privacy Policy link highlighted

Other common places to include your Privacy Policy link are in forms where you request personal information, such as when a user creates an account with you:

BitChute Create Account form: Privacy Policy link highlighted

Or when they sign up to receive marketing emails from you:

Havaianas email newsletter sign-up form with Privacy Policy link highlighted

To obtain consent from users, ask them to check a box such as an "I Agree" checkbox next to a statement that clicking it shows agreement to your Privacy Policy. Link your Privacy Policy to this consent mechanism as well, as seen here:

Hungry Howies Pizza: Submit Order page with Agree to Terms and Privacy Statement checkbox highlighted

Summary of What a Privacy Policy Is

Your Privacy Policy is not just a legal requirement but also an opportunity to communicate your company's values. Think of it like the "About Us" section on your website, only more important.

It should be accurate and up-to-date with any changes in policy or practices so that you don't run into problems down the line.

Your website, web app or mobile app may collect personal data. If so, you will likely be required by law or third-party services to provide a Privacy Policy to your website/app.

Be sure to include sections on:

  • What information you collect
  • What you do with that information
  • How you keep that information safe
  • How you handle data of individuals under 13 years of age
  • How you handle medical data
  • How you handle financial or credit data
  • How your app or website utilizes third-party services

Finally, don't be tempted to copy or use another business's Privacy Policy. The one you're copying might not be right for your business. Let's take, for example, the text of a competitor who is in the same industry.

You may be doing business differently than they are. Your competitor might collect different types of information or share it with other third parties than you do. Of course, you could edit the Privacy Policy you're copying from to make it more appropriate for your business.

But is that time better spent growing your business or creating cobbling together a Frankenpolicy?

Download Sample Privacy Policy Template

Generate a Privacy Policy in just a few minutes

We understand that writing your own Privacy Policy can seem like a daunting task. Therefore, to help you put one together without snatching your competitor's or cherry-picking bits and pieces here and there, you can use a template. Templates can provide structure and inspiration, which is a great starting point.

Alternatively, we recommend using our Privacy Policy Generator. It is a powerful tool that will ask all the right questions regarding your business and the types of information you collect. The tool will use your answers to create a professional Privacy Policy tailored to your requirements and needs.

Our Sample Privacy Policy is available for download, for free. The template includes these sections:

  • Definitions
  • Collecting and Using Personal Information
  • Usage Data
  • Use of Personal Information
  • Transfer of Personal Information
  • Disclosure of Personal Information
  • Security of Personal Information
  • GDPR Privacy Policy
  • CCPA (CPRA) Privacy Policy
  • Links to Other Websites
  • Changes to Privacy Policy
  • Contact Information

Sample Privacy Policy Template (HTML Text Download)

You can download the Sample Privacy Policy Template as HTML code below. Copy it from the box field below (right-click > Select All and then Copy-paste) and then paste it on your website pages.

Sample Privacy Policy Template (PDF Download)

Download the Sample Privacy Policy Template as a PDF file

Sample Privacy Policy Template (Word DOCX Download)

Download the Sample Privacy Policy Template as a Word DOCX file

Sample Privacy Policy Template (Google Docs)

Download the Sample Privacy Policy Template as a Google Docs document

Screenshot of the Sample Privacy Policy Template

More Privacy Policy Templates

More specific Privacy Templates are available on our blog.

Sample Privacy Policy Template A Privacy Policy Template for all sorts of websites, apps and businesses.
Sample Mobile App Privacy Policy Template A Privacy Policy Template for mobile apps on Apple App Store or Google Play Store.
Sample GDPR Privacy Policy Template A Privacy Policy Template for businesses that need to comply with GDPR.
Sample CCPA Privacy Policy Template A Privacy Policy Template for businesses that need to comply with CCPA.
Sample California Privacy Policy Template A Privacy Policy Template for businesses that need to comply with California's privacy requirements (CalOPPA & CCPA).
Sample Virginia VCDPA Privacy Policy Template A Privacy Policy Template for businesses that need to comply with Virginia's VCDPA.
Sample PIPEDA Privacy Policy Template A Privacy Policy Template for businesses that need to comply with Canada's PIPEDA.
Sample Ecommerce Privacy Policy Template A Privacy Policy Template for ecommerce businesses.
Small Business Privacy Policy Template A Privacy Policy Template for small businesses.
Privacy Policy for Google Analytics (Sample) A Privacy Policy Template for businesses that use Google Analytics.
Sample CalOPPA Privacy Policy Template A Privacy Policy Template for businesses that need to comply with California's CalOPPA.
Sample SaaS Privacy Policy Template A Privacy Policy Template for SaaS businesses.
Sample COPPA Privacy Policy Template A Privacy Policy Template for businesses that need to comply with California's COPPA.
Sample CPRA Privacy Policy Template A Privacy Policy Template for businesses that need to comply with California's CPRA.
Blog Privacy Policy Sample A Privacy Policy Template for blogs.
Sample Email Marketing Privacy Policy Template A Privacy Policy Template for businesses that use email marketing.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy