Sample Privacy Policy Template

sample privacy policy template

Our Sample Privacy Policy Template lets you create a Privacy Policy for your website or mobile app so that you can comply with strict privacy laws. It is free to download and easy to use.

A Privacy Policy allows you to inform your users about how their personal data is being collected, managed, used, and stored.

You can download the Free Privacy Policy Template below, or if you’d prefer, you can generate a free customized Privacy Policy using our generic Privacy Policy Generator. This will allow for more customization, so your Privacy Policy can be tailored based on  the specific needs of your company or website.

Table of Contents

What is a Privacy Policy?

A Privacy Policy is a legal document or statement that outlines how a company or website collects personal information from users or visitors of the website, and how it then handles and processes that personal data. It also states for what purposes that personal data is being collected and used and whether the personal data is shared with any third parties outside of the company.

It is required by law if you collect personal information (also called personal data or personally identifiable information), which is defined as any kind of information that can be used to identify an individual, including an email address, first and last name, or billing information.  

Privacy Policies originated because the right to privacy is a fundamental human right recognized by many governments around the world. As our world becomes more interconnected, privacy policy laws will only become more strict and more frequently enforced, so it is critical for any company or website to be aware of and follow the various laws and regulations surrounding having a privacy policy on your website or mobile app. 

A Privacy Policy may also be referred to by the following names:

  • Privacy Notice
  • Privacy Statement
  • Privacy Policy Statement
  • Privacy Clause
  • Privacy Agreement
  • Privacy Page
  • Privacy Information
  • Data Privacy Agreement
  • Business Privacy Policy
  • Corporate Privacy Policy
  • GDPR Policy Statement

Certain platforms or services may require a Privacy Policy with specific provisions included, such as a Privacy Policy for blogs, or a Privacy Policy for e-commerce companies or a Privacy Policy for apps. However, in most cases, a generic privacy policy generator or template will suffice and can be used for both your website and mobile app.

While laws and regulations regarding Privacy Policies may differ between countries, generally, a Privacy Policy should contain the following key components related to how you collect, manage, use, and store personal data:

  • Notice of Collection: what personal information is collected
  • Method of Collection: how and where personal information is collected (including through tracking technologies such as cookies)
  • Reason for Collection: for what purposes the information is collected
  • Use of Personal Information: how is personal information being used
  • Third Parties: how and why is personal information being shared with third parties or sold to third parties, if applicable
  • Security Measures: how is the personal information being transferred and protected
  • Rights: what rights do users have over their personal information
  • Choices: what choices can users exercise over their personal information
  • Contact Information: what is the contact information for the website

Why Do You Need a Privacy Policy?

A Privacy Policy is required for any entity (individual or business) that collects personal data from users.  

Regardless of the platform or medium you’re using, or the industry, a Privacy Policy is essential, including for:

  • Websites
  • E-commerce shops
  • Blogs, including WordPress blogs
  • Mobile apps
  • Facebook apps, pages, groups, and events
  • Digital products
  • Using Google Adsense
  • Desktop apps

Specific platforms may also require a Privacy Policy as part of their terms and conditions. As an example, if you have a Facebook Page, Group, or Event, you are required by Facebook to have a Privacy Policy. As another example, if you create an iOS App, you are required by Apple to have a Privacy Policy- a non-compliant Privacy Policy will result in your iOS App being rejected by the platform.

A Privacy Policy is Required by Law

Most laws and regulations around the world require that you have a Privacy Policy if you collect, use, manage or store any personal information (e.g., first and last name, email address, billing information). These regulations require you to display the Privacy Policy prominently, so that it can easily be found and accessed by those who want to know how their personal information is being used.

Data Privacy has always been important, but as the world continues to become more interconnected through technology, Privacy Laws will become even more comprehensive and heavily enforced. Some of the major Privacy Laws that impact what you need as Privacy Policy content for a website include:

EU Flag

GDPR 

If you have any users or visitors from the European Economic Area (EEA), which includes all of the European Union (EU) member states, you are required to comply with the General Data Protection Regulation (GDPR).

The GDPR went into effect in May of 2018 and has had a wide impact on businesses and websites across the world, as these businesses and websites now must comply with the stringent regulations imposed by the GDPR.

As arguably one of the world’s most robust and comprehensive privacy laws, the GDPR has become a model for how personal data should be handled, and many businesses and websites struggle to understand how to comply with the GDPR due to its complexity. Not only does it dictate how a Privacy Policy must be displayed, but it also has specific requirements for what must be included in the Privacy Policy.

USA Flag

In the U.S., privacy laws may differ from state to state. These privacy laws include:

CCPA

If you collect information from residents of California, you are required to comply with the California Consumer Privacy Act (CCPA). CCPA went into effect on January 1, 2020 and is the most robust data privacy law in the U.S. It is designed to protect the privacy rights of residents of California, and governs use of their personal information. 

CCPA not only requires that you have a comprehensive Privacy Policy, but specifies what must be included in that Privacy Policy. It also requires that you update your Privacy Policy at least once a year.

COPPA

If you collect information from or about children under the age of 13, you are required to comply with the Children’s Online Privacy Protection Act (COPPA). This is a federal law that mandates that you have a Privacy Policy that includes information about how personal information is collected.

CalOPPA

If you collect information from residents of California, in addition to CCPA, you are required to comply with the California Online Privacy Protection Act (CalOPPA). CalOPPA went into effect on July 1, 2004 and was the original law in the U.S. requiring entities with websites to have a Privacy Policy. It also dictates what information must be included in a Privacy Policy.

Canada Flag

PIPEDA

In Canada, you are required to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) if you collect, use or disclose personal information in the course of running your business.  

PIPEDA is a federal privacy law that went into effect on January 1, 2004. Among other things, it requires that you have policies in place outlining how you manage personal information and implement procedures to secure that personal information.

Privacy Act

In Australia, the Privacy Act 1988 (Privacy Act) requires that Australian companies have a Privacy Policy outlining how personal information is being collected, used and shared.

This is far from an exhaustive list, as there are hundreds of Privacy Laws across the world, with new regulations coming out each year.

A Privacy Policy is Required by Third Party Services

In addition to being required by law, many third party services require you to have a Privacy Policy in order to operate through their platform.

Facebook App

You are required by Facebook to have a Privacy Policy if you have a:

  • Facebook Page
  • Facebook Group
  • Facebook Event

As outlined in the excerpt from Facebook’s policies below, the Privacy Policy must clearly state that you are the one collecting the information.

Collecting Data From Users

If you collect content and information directly from users, your Page, Group or Event must make it clear that you (and not Facebook) are collecting it, and must provide notice about and obtain user content for your use of the content and information that you collect. Regardless of how you obtain content and information from users, you are responsible for securing all necessary permissions to reuse their content and information.

iOS App 

You are required by Apple to have a Privacy Policy if you create an iOS App.

As outlined in the excerpt from Apple’s policies below, all apps must include an easily accessible Privacy Policy. Among other things, the Privacy Policy for your iOS App must outline what personal data is being collected, how it is being collected, and how it is being used. It should also explain your data retention policies.

Failure to have a complaint Privacy Policy will result in your iOS App being rejected by Apple.

What Should You Include in a Privacy Policy?

Basic privacy policy content for a website should include how and why you are collecting personal information, what personal information is being collected, and how it is being used, shared, managed and stored.

As a business, it’s important to remember that a Privacy Policy is designed to show the users four fundamental elements:

  • That you are transparent about your use of their personal data
  • That you are protecting their personal data
  • That you are complying with Privacy Laws
  • That you understand and respect the rights they have to their personal data 

What Personal Information You Collect

Users need to be clear about exactly what personal information you collect. For that reason, your Privacy Policy should clearly state the types of personal information you are collecting.

While you do not need to enumerate every piece of personal information, under both the GDPR and CCPA, you need to be specific about what categories of personal information you collect.  As examples, categories of personal information that you collect may include:

  • Personal Data (such as first and last name, email address, or physical address)
  • Financial Data (such as credit score or credit card billing information)
  • Derivative Data (such as browser type and language or IP address)
  • Mobile Data (such as mobile manufacturer or operating system and version)
  • Social Network Data (such as Instagram log-in username and password)
  • Third Party Data (such as social media profile picture)
  • Data from Cookies (such as how long they are on your website)

Before creating privacy policy text for your website, you should conduct an internal audit of your website to determine all of the ways you are collecting personal information. Some of the most common ways are through contact forms on your website, signup pages (such as to sign up for your newsletter or a free download), login areas and checkout pages. You should also determine if you are using analytics tools like Google Analytics or the Facebook Pixel that automatically collect personal information from users.

Why You Collect Personal Information?

Users need to know why you collect their personal information. Your Privacy Policy should clearly state the reasons why you are collecting their personal information.

Some examples for reasons you would collect personal information may include:

  • To send customized offers about products or services
  • To process and deliver any orders
  • To analyze trends to improve site performance
  • To delivered targeted advertising

If you collect personal information for any of the reasons listed above, or for any other reasons, you must disclose those reasons in your Privacy Policy.

Who You Share Personal Information With

Users need to know who you are sharing their personal information with. Your Privacy Policy should clearly state whether you are sharing their personal information with third parties, and if so, the categories of third parties that you are sharing their personal information with.

Some examples of third parties that you would share personal information with may include:

  • Analytics providers such as Google Analytics
  • Payment processors such as Stripe or PayPal
  • Email marketing providers such as MailChimp
  • Advertising companies to provide targeted advertising

If you share personal information you collect with any third parties, such as the service providers listed above, you must disclose those categories in your Privacy Policy.  

In addition to stating the category of third party that you share personal information with, you should also state why you need to share that personal information. For example, if you share personal information with analytics providers such as Google Analytics, a reason why you might share that information is to improve site performance.

You can see this excerpt from our downloadable free Privacy Policy (and our Generic Privacy Policy Generator) to understand how this is accomplished. The blue highlighted text describes the category of the third party that you are sharing the personal information with, while the pink highlighted text describes why you need to share personal information with that third party category.

Affiliate Partners.  We may share your information with affiliate partners to generate traffic or leads or for other business purposes.

Rights Users Can Exercise

Users need to know what rights they can exercise over their personal information. Depending on where the user resides, they may have certain rights that they can exercise. To comply with certain laws, you must clearly state those rights and how those rights can be exercised in your Privacy Policy.

Under the GDPR, users in the European Economic Area (EEA), which includes all of the European Union (EU) member states, have very specific rights to their data that must be clearly stated in your Privacy Policy. Under the CCPA, users in California have specific rights as well.

How Users Can Contact You

In addition to stating the rights that users have over their personal information, your Privacy Policy should also include clear instructions for how those rights can be exercised. As a starting point, your Privacy Policy should have contact information for how users can contact you with questions or concerns about your Privacy Policy, or to exercise their rights.

This contact section is usually located at the end of the Privacy Policy. Nike’s privacy policy gives users the option to contact them by web form, phone, mail and e-mail.

Cookies Disclosure

Your Privacy Policy should include a cookies disclosure to let users know that you may store cookies on their computers. If you use Google Analytics or any third party service that operates by storing cookies on users’ computers, you should have a cookies disclosure in your Privacy Policy. 

You can include your cookies disclosure either in your Privacy Policy or as a separate notice. In addition, you should also have a Cookie Consent notice, notifying users of your use of cookies. This is typically done through a banner at the bottom of the screen like Coca Cola has done on its website.

Coca Cola Privacy Policy

Links to Other Policies

To legally protect your business, your website should also include Terms & Conditions (also called Terms of Use) and a Disclaimer. You’ll often hear all three documents (the Privacy Policy, Terms & Conditions and Disclaimer) referred to as the Website Policies. 

The Website Policies should be clearly linked on your website and easily accessible. There should also be an explicit statement the Website Policies all form one agreement. This is to make it clear that if anyone uses your website, they are bound by not only the Privacy Policy, but also the Terms & Conditions and Disclaimer

How Do You Enforce a Privacy Policy?

The best way to enforce a Privacy Policy is through a clickwrap method. 

With a clickwrap method, the user is typically shown the hyperlinks to your Website Policies (such as your Terms & Conditions and Privacy Policy), and must affirmatively take an action indicating consent.

In practice, one of the best ways to do this is through requiring the user to check a box agreeing to the Website Policies before proceeding to the next step.

As you can see, this is the method that Ahrefs uses. Before clicking continue, you must affirmatively check a box to accept their hyperlinked Terms and Conditions.

Ahresfs

If you attempt to move forward without affirmatively checking the box to accept their Terms and Conditions, you will receive a message that you must accept the Terms and Conditions before moving forward.

What Ahrefs does is an example of the clickwrap method, which is the most effective method.

While less effective than requiring the user to check a box, another method is to include hyperlinks to the relevant Website Policies, with a statement that by continuing forward, the user is agreeing to the hyperlinked Website Policies.  

As you can see, this is the method that LinkedIn uses.

Download Sample Free Privacy Policy

Download your Sample Free Privacy Policy here.

Facebook
Twitter
LinkedIn
Pinterest

Download the free legal guide

Learn how to avoid these 4 costly legal mistakes, so you can legally protect your business...

…Without Hiring an Expensive Lawyer

small_c_popup.png

For Our Valued Customers:

Access Your Bundle

If you have any issues accessing your account, please contact us.