Privacy Policy Template

A Privacy Policy agreement is the agreement where you specify if you collect personal data, what kind of personal data you collect from your users and what you do with that data.

A Privacy Policy is required by law, if you collect personal data. Personal data is any kind of data or information that can be considered personal (identifies an individual):

  • email address
  • first and last name
  • billing and shipping address
  • credit card information

If you’re looking for the template, download the Privacy Policy template (.PDF). It’s free.

For mobile-related Privacy Policies, go to: iOS apps, Android apps, Windows Phone apps.

The Privacy Policy is not the same as the Terms and Conditions agreement. A Terms and Conditions is the agreement where you include the rules and guidelines that users must agree to in order to use your website or mobile app.

For a Terms and Conditions sample, see Sample Terms and Conditions Template.

The same Privacy Policy can be used for both your website and mobile app, if it is adapted to include both platforms your business operates on.

If you already have this agreement for your website and you are now launching a mobile app, you need to first consider what kind of personal data you collect via the mobile app.

Then, update your agreement to include the new changes: what you collect from the website and the mobile app. Afterwards, notify users of these changes.

This agreement should be added regardless of the type of platform your business operates on or what kind of industry you are in:

Use the Privacy Policy Generator to create your own custom agreement.

What To Include In Your Privacy Policy

What to include in a Privacy Policy depends on what personal information you collect, how you collect it and what you are doing with that collected information.

Also, you’ll need to disclose if any third parties are involved collecting personal information in your name, e.g. you use MailChimp to collect email addresses to send weekly updates to your members.

A few examples:

  • The Information Collection And Use section is the most important section of the entire agreement, where you need to inform users what kind of personal information you collect and how you are using that information.
  • A Log Data disclosure section should inform users that certain data are collected automatically from the web browser users are using and from the web server you’re using: IP addresses, browser types (Firefox, Chrome etc.), browser versions and various pages that users are visiting.
  • A Cookies disclosure should inform users that you may store cookies on your their computers when they visit the pages of your website. This applies even if you use Google Analytics (which would store cookies) or any other third party that would store cookies.
  • A Links To Other Sites is a very common disclosure added in Privacy Policies informing users that your web site may link to other web sites outside your control or ownership, e.g. linking to a news web site, and that users are advised to read the Privacy Policies of each web site they visit.

Here is how the Privacy Policy of Asana, a project management tool, inform users on what kind of personal information they collect:

Asana Privacy Policy - Information We Collect

Asana’s Privacy page clearly describes what kind of information a user can provide and how (by becoming a member, by connecting through Facebook, Twitter etc.):

Information You Provide: You provide us information about yourself, such as your name and e-mail address, if you register for an account with the Service, including by connecting with the Service via a third-party service, or by “following,” “becoming a fan,” adding the Asana application, etc., on a third party website or network.

It also specifies that registered members (users) may receive marketing messages, but users can opt-out following unsubscribe instructions in each email sent by Asana:

We may use your email address to send you Service-related notices (including any notices required by law, in lieu of communication by postal mail). We may also use your contact information to send you marketing messages. If you don’t want to receive these messages, you can opt out by following the instructions in the message. If you correspond with us by email, we may retain the content of your email messages, your email address and our responses.

The Privacy Policy of the Guardian informs users what GMC (Guardian News & Media Limited) does with the collected data:

The Privacy Policy of GMC

It specifies the four reasons why they collect personal information:

At GNM we collect different types of information about our users for four main reasons:

1. To provide personalised services unique to individual users.

2. To help us to monitor and improve the services we offer

3. To sell advertising space on the site. This helps us to keep the site free for people who visit it.

4. If we have permission from the user, to market services to them.

Here is a list of questions that can guide you when drafting your own Privacy Policy:

  • What kind of personal information you collect?
  • What kind of personal information is collected automatically, e.g. via the web server (Apache, nginx etc.)?
  • What kind of third parties are collecting personal information from your users?
  • How are you using that personal information?
  • Do you send promotional emails (newsletters)? If yes, can users opt-out? If so, how?

And so on.

How To Enforce Privacy Polices

Even if this agreement is required by law, it’s important to understand the enforceability issue of this agreement.

There are two methods of implementation in regards to the enforceability of a legal agreement: browsewrap and clickwrap.

For more information on legal agreements enforceability, read the Browsewrap vs. Clickwrap guide.

A browsewrap is commonly found in the footer of the web site:

Facebook Footer is Unchanged

In a clickwrap implementation, the business is informing users of the legal agreements that they will be bound to, wen they sign up to your service:

Zappos Register Account Must Agree to Terms of Use and Privacy Policy

A business can use both: browswrap and clickwrap.

eBay is using a browsewrap technique by informing users of the legal agreements (User Agreement and Privacy Policy) in the footer of the website:

eBay footer with User Agreement and Privacy Policy links

Then, eBay uses the clickwrap when users are creating a new account:

eBay Privacy Policy Agreement To Signup

Notice the mandatory requirements of new users to agree that they have read eBay’s User Agreement and Privacy Policy:

By clicking “Submit” I agree that:

  • I have read and accepted the User Agreement and Privacy Policy.
  • I may receive communications from eBay and can change my notification preferences in My eBay.
  • I am at least 18 years old.

Download Privacy Policy Template

Download the Privacy Policy template (.PDF)

This template available for download, for free, includes these sections:

  • Information Collection And Use
  • Log Data
  • Cookies
  • Security
  • Links To Other Sites
  • Changes To This Privacy Policy
  • Contact Us

Example of Privacy Policy - Screenshot

Use the Privacy Policy Generator to create your own custom agreement.