9 Things to Include in a Privacy Policy

Clients Rate Lawyers on our Platform 4.9/5 Stars
based on 2,247 reviews

Jump to Section

Need help with a Privacy Policy?

Post Project Now

A privacy policy is a legal statement from a company in a terms and conditions user agreement that explains how it manages users’ data, such as:

  • How it collects user data
  • How it handles user data
  • How it processes user data
  • How it protects its users’ data

In today’s digital-centric era, most mobile applications, desktop applications, and web applications collect customers’ data for analytics and marketing purposes.

The privacy policy agreement shows how your business respects customers’ right to privacy and offers assurance that you will always handle their data in compliance with the law.

In industries like e-commerce, customers share personal information that could jeopardize their financial and personal security if leaked. Even blogs should include a terms and conditions page about how the site they’re hosted on collects and processes readers’ data.

In this guide, you can learn how to write a privacy policy by reviewing 9 things always to include. If you have further questions, such as the average privacy policy cost, you can use Contracts Counsel to connect with an attorney near you

1. Identify the Site or App Owner

The privacy agreement should begin with the clear identification of the site or app owner. If this is an individual, then their first and last legal names, along with the names of the site and app, should be clearly stated.

A company can use its name if it is a legally registered business entity. However, individuals running sites or apps must include their name if they do not have a DBA (doing business as) or are otherwise registered as a business in their state or province.

Here is an article about the basics of a privacy policy.

2. Effective Date of the Policy

List what date the policy takes effect. In privacy law, this is the date that the terms of the privacy policy are legally enforceable. Legal enforceability means a court of law can impose a contract, and any contract violations can result in legal penalties.

Enforceability is an integral part of any user agreement ; it ensures that all parties are in mutual understanding of the terms and conditions, as well as any obligations they agree to by assenting to the contract.

Here is an article where you can learn more about the effective date in a privacy policy.

3. Customer Data Collected

Data collection is an enormous concern for customers today. Breaches and cyberattacks can result in personal data losses, financial ruin, and even identity theft.

To build trust and demonstrate respect, a company can outline how data is collected and what type of data the company collects.

It is important to note that the data you collect and how you collect it will have limitations based on your location. Legal obligations regarding digital data collection companies must follow to avoid breaking the law. These include:

  • The Federal Trade Commission Act
  • The Computer Fraud and Abuse Act
  • The Electronic Communications Privacy Act
  • The Fair and Accurate Credit Transactions Act

Furthermore, states often have guidelines safeguarding internet users’ privacy. For example, the California Consumer Privacy Act (CCPA) is often used nationwide as a template for companies’ privacy policies.

Here is an article about the CCPA and user rights.

Meet some lawyers on our platform

Max M.

87 projects on CC
View Profile

Tabetha H.

6 projects on CC
View Profile

Craig M.

4 projects on CC
View Profile

Samuel R.

22 projects on CC
View Profile

4. How the Data Is Used

A company should clearly state how it uses the data it collects from its customers. For example, will this data be used for personalized advertising, marketing, or other uses?

Common uses for customer data are:

  • Improving products or services
  • Improving customer experience through behavioral data analysis
  • Refining a marketing strategy
  • Securing personal data by learning to capture and recognize specific users’ input

Data use varies widely by industry and organization. However, every privacy policy should explain exactly how you will use customers’ data and for what purposes.

Here is an article that explores how businesses use data in various contexts.

5. Data Storage and Protection

Will consumer data be cloud-hosted or hosted locally? What protective measures are in place to protect their personal information from theft? A company must protect the following user information from third parties:

  • Names
  • Email addresses
  • Passwords
  • Location
  • Uploaded media

Safeguarding this information is a vital part of customer assurance. It also influences how compliant a company is with specific privacy laws.

Even elements like data portability and the ability to move data from one application or hosting site to another are important considerations.

Here is an article that gives an example of a privacy policy that adheres to the European GDPR.

6. Tracking Tools

Specify what tracking tools your product, website, or application uses to record and collect users’ data. Standard tracking tools include:

  • Adobe Analytics
  • Google Analytics
  • Clicky
  • Facebook Conversion Pixels
  • Hotjar
  • Unique identifier IDs (IDFAs)

Although web trackers are legal, businesses must follow limitations and regulations. Furthermore, consumers should always be fully aware of how a company intends to collect their data and what type of data each tracking tool collects.

Here is an article that explores how to track website users legally.

7. Third-Party Access

Many businesses share their users’ data with third parties. In this case, the privacy policy should explain how other parties will access customers’ data.

Companies can also use this privacy policy portion to assure users that they will never rent, sell, share, or otherwise distribute their personal data to third parties.

Here is an article about third-party access in privacy policies under the GDPR and CCPA regulations.

8. Opt-Out Clause

An opt-out clause gives users the right to withdraw or remove their information from the company’s data collection processes.

For example, a user may unsubscribe from a company’s mailing list or wish to opt out of sharing their usage data with an app developer.

Opt-out is also known as “consent withdrawal.” This is because it protects the user’s data by giving them complete freedom and control over what information they share.

Opt-out clauses are legally required in most situations. For example, the CAN-SPAM Act of 2003 requires all businesses and individuals that send commercial emails in the United States to offer an unsubscribe option to their recipients.

Here is an article that explores opt-ins and opt-outs in privacy policies further.

9. Description of Process for Changes and Updates to the Policy

You can close a privacy policy with a description of how you will modify or update it in the future. This includes how you will notify users of any changes to the policy. Users will need to consent to new privacy policies for their user agreement to stay valid.

Most companies have periodic reviews of their privacy policy to ensure it always offers the greatest protection to their consumers. However, keeping copies of all previous privacy policies and a detailed record of their updates is advisable.

Here is an article that explores when and how you should update your privacy policy, as well as how to notify users.

Post a project in ContractsCounsel’s marketplace to receive flat fee bids from lawyers for your project. All lawyers have been vetted by our team and peer-reviewed by our customers for you to explore before hiring.

How ContractsCounsel Works
Hiring a lawyer on ContractsCounsel is easy, transparent and affordable.
1. Post a Free Project
Complete our 4-step process to provide info on what you need done.
2. Get Bids to Review
Receive flat-fee bids from lawyers in our marketplace to compare.
3. Start Your Project
Securely pay to start working with the lawyer you select.

Meet some of our Lawyers

View Natalie
Member Since:
November 12, 2021

Natalie A.

Commercial Counsel
Free Consultation
Get Free Proposal
Montreal, Quebec, Canada
16 Yrs Experience
Licensed in AK
Université de Sherbrooke, Sherbrooke, Quebec - LLB Civil Law

I am an experienced in house counsel and have worked in the pharmaceutical, consumer goods and restaurant industry. I have experience with a variety of agreements, below is a non-exhaustive list of types of agreements I can help with: Supply Agreements Distribution Agreements Manufacture Agreements Service Agreements Employment Agreements Consulting Agreements Commercial and residential lease agreements Non-compete Agreements Confidentiality and Non-Disclosure Agreements Demand Letters Termination notice Notice of breach of contract My experience as in house counsel has exposed me to a wide variety of commercial matters for which I can provide consulting and assistance on. I have advised US, Canadian and International entities on cross-functional matters and have guided them when they are in different countries and jurisdictions as their counterparties. I can provide assistance early on in a business discussion to help guide you and make sure you ask the right questions even before the commercial agreement needs to be negotiated, but if you are ready to put a contract in place I can most definitely help with that too.

View Terrence
Member Since:
November 14, 2021

Terrence R.

Free Consultation
Get Free Proposal
Ann Arbor, Michigan
14 Yrs Experience
Licensed in MI
Wayne State University Law School

I represent technology and emerging growth companies at all stages of growth, from startups to mature companies. My practice includes corporate and securities law matters, corporate governance, venture capital financings, and commercial transactions, including software and technology licensing agreements, and strategic alliances. I regularly provide guidance on a range of business and legal issues, including business modeling and go-to-market strategies.

View Jeff
Member Since:
November 16, 2021

Jeff C.

Free Consultation
Get Free Proposal
Denver, Colorado
36 Yrs Experience
Licensed in CO
Creighton University

Jeff Colerick has been practicing law for over 30 years and has devoted his professional career to providing clients with intelligent representation and personal care. His experience as a lawyer involving complex matters has resulted in a long history of success. Jeff has built a practice based on a deep understanding of real estate assets and corporate activities. He combines his industry knowledge with a practical and collaborative approach to problem solving. Jeff’s client relationships are strong because they are built on mutual respect. Jeff talks the language of real estate and understands that it is a vehicle to deliver your business strategy. Jeff provides practical, responsive, and strategic advice related to real estate acquisition, construction, leasing, and sale of a wide range of real property types, including office, retail, medical, industrial, industrial flex-space, mixed-use condominium, multifamily and hospitality. As leader of the Goodspeed Merrill real estate practice group, Jeff represents clients with commercial and residential transactions, purchases and sales, land acquisition and development, real estate investment and financing, financing liens and security interests, and commercial leasing and lease maintenance, including lease enforcement support and advice. The firm represents clients in matters concerning construction, lending, developers, contractors and subcontractors, cell site leasing, property and boundary disputes, common interest community law, and residential condominiums and planned communities.

View Harrison
Member Since:
November 16, 2021

Harrison K.

Attorney and Executive
Free Consultation
Get Free Proposal
Los Angeles
27 Yrs Experience
Licensed in CA, MD
California Western School of Law

Harrison Kordestani is an executive with over twenty-five years experience in entertainment and media, energy, technologies, and start-ups. Mr. Kordestani has also developed a specialized legal and strategic consulting practice representing select entertainment, oil and gas, mortgage lending, and technology start-up clientele. He is also deeply passionate about new technologies and has also actively worked in building companies in the video-on-demand, wearable tech, information of things, demand prediction and app-marketing spaces. As an attorney, Mr. Kordestani's focus has been on transactional drafting and negotiation and providing ongoing legal counsel, corporate compliance, and contract interpretation to numerous private individuals as well as companies in varied fields.

View Moss
Member Since:
November 17, 2021

Moss S.

Free Consultation
Get Free Proposal
Boca Raton, FL
34 Yrs Experience
Licensed in FL, MA, RI
Suffolk Law School

Over 30 years of experience practicing commercial real estate and complex business litigation law.

View Abraham
Member Since:
November 18, 2021

Abraham W.

Free Consultation
Get Free Proposal
Nashville, TN
3 Yrs Experience
Licensed in NY, TN
Harvard Law School

Abraham's practice focuses on counseling emerging group companies in the technology and other commercial agreements, and assisting equity financings (specifically venture capital).

View Patricia
Member Since:
November 22, 2021

Patricia L.

Transactional Lawyer
Free Consultation
Get Free Proposal
Cincinnati, OH
18 Yrs Experience
Licensed in NY
Washington College of Law - American University (LL.M)

Transactional Lawyer with 15+ years of international experience working for large corporations in commercial and regulatory matters, contracts, partnerships, mergers and acquisitions, arbitration, and governance. Highly experienced in structuring, drafting, negotiating, and managing a wide range of contracts. Provide training for lawyers and non-lawyers in contract negotiation and management. Effective deal counsel and conflict mediator. A strong business strategy background coupled with business plan development, risk assessment, due diligence, and partnerships.

View Dave
Member Since:
November 22, 2021

Dave Y.

Free Consultation
Get Free Proposal
Colorado Springs
1 Yr Experience
Licensed in CO
University of Denver

I am available for data privacy and cybersecurity projects. I am CIPP/US certified through the IAPP. I have also taken coursework focused on the GDPR through the London School of Economics. In my past career I was an intelligence officer. I am well acquainted with information security best practices and I have experience developing and implementing administrative controls for classified information and PII. I have worked extensively overseas and I am comfortable integrating with remote teams. Feel free to reach out any time if you have any additional questions on my areas of expertise or professional background.

View Peter W.
Member Since:
January 24, 2022

Peter W. Y.

Free Consultation
Get Free Proposal
23 Yrs Experience
Licensed in CT, NY, PA
Haub School of Law at Pace University

Perceptive, solution-driven counselor and experienced attorney. Record of successful verdicts, settlements, negotiations, arbitrations, mediations, and deals. Effective claims management, litigation strategy, and risk consulting. Proven ability to oversee litigation teams, communicate to stakeholders, manage multiple projects effectively, and expand business relationships. Extensive experience handling legal issues in engineering and construction, environmental litigation, corporate and contractual, and insurance issues.

View Daehoon
Member Since:
November 26, 2021

Daehoon P.

Corporate Lawyer
Free Consultation
Get Free Proposal
New York, NY
7 Yrs Experience
Licensed in NY
American University Washington College of Law

Advised startups and established corporations on a wide range of commercial and corporate matters, including cross-border deals, technology law, and M&A. Commercial and Corporate • Advised companies on commercial and corporate matters and drafted corporate documents and commercial agreements—including but not limited to —Convertible Note, SAFE, Promissory Note,Terms and Conditions, SaaS Agreement, Employment Agreement, Contractor Agreement, Joint Venture Agreement, Stock Purchase Agreement, Asset Purchase Agreement, Shareholders Agreement, Partnership Agreement, Franchise Agreement, License Agreement, and Financing Agreement. • Drafted and revised internal regulations of joint venture companies (board of directors, employment, office organization, discretional duty, internal control, accounting, fund management, etc.) • Revised joint venture agreements and master land lease agreements, and so forth. • Drafted legal memos on finance regulations Global Blockchain Projects • Advised blockchain startups ICOs, securities law, business license, regulatory compliance, and other commercial and corporate matters. • Drafted or analyzed coin or token sale agreements for global ICOs. • Assisted clients with corporate formations, including filing incorporation documents and foreign corporation registrations, drafting operating and partnership agreements, creating articles of incorporation and bylaws. Litigation and Dispute Resolution • Conducted legal research, document review, and drafted pleadings, motions, and other trial documents. • Advised the client on strategic approaches to discovery proceedings and settlement negotiation. • Assisted clients with business dispute settlements.

View Bruce
Member Since:
January 11, 2022

Bruce B.

Free Consultation
Get Free Proposal
Tampa, FL
7 Yrs Experience
Licensed in FL
University of South Carolina

Bruce Burk practice is in the area of small business, labor and employment, contracts, real estate and civil litigation. Bruce has litigated over 40 trials as well as many appeals. He prioritizes client communication and satisfaction as well as delivering high quality work product.

Find the best lawyer for your project

Browse Lawyers Now

Want to speak to someone?

Get in touch below and we will schedule a time to connect!

Request a call