9 Things to Include in a Privacy Policy

Clients Rate Lawyers on our Platform 4.9/5 Stars
based on 4,036 reviews

Jump to Section

Need help with a Privacy Policy?

Post Project Now

Post Your Project (It's Free)

Get Bids to Compare

 Hire Your Lawyer

A privacy policy is a legal statement from a company in a terms and conditions user agreement that explains how it manages users’ data, such as:

  • How it collects user data
  • How it handles user data
  • How it processes user data
  • How it protects its users’ data

In today’s digital-centric era, most mobile applications, desktop applications, and web applications collect customers’ data for analytics and marketing purposes.

The privacy policy agreement shows how your business respects customers’ right to privacy and offers assurance that you will always handle their data in compliance with the law.

In industries like e-commerce, customers share personal information that could jeopardize their financial and personal security if leaked. Even blogs should include a terms and conditions page about how the site they’re hosted on collects and processes readers’ data.

In this guide, you can learn how to write a privacy policy by reviewing 9 things always to include. If you have further questions, such as the average privacy policy cost, you can use Contracts Counsel to connect with an attorney near you

1. Identify the Site or App Owner

The privacy agreement should begin with the clear identification of the site or app owner. If this is an individual, then their first and last legal names, along with the names of the site and app, should be clearly stated.

A company can use its name if it is a legally registered business entity. However, individuals running sites or apps must include their name if they do not have a DBA (doing business as) or are otherwise registered as a business in their state or province.

Here is an article about the basics of a privacy policy.

2. Effective Date of the Policy

List what date the policy takes effect. In privacy law, this is the date that the terms of the privacy policy are legally enforceable. Legal enforceability means a court of law can impose a contract, and any contract violations can result in legal penalties.

Enforceability is an integral part of any user agreement ; it ensures that all parties are in mutual understanding of the terms and conditions, as well as any obligations they agree to by assenting to the contract.

Here is an article where you can learn more about the effective date in a privacy policy.

3. Customer Data Collected

Data collection is an enormous concern for customers today. Breaches and cyberattacks can result in personal data losses, financial ruin, and even identity theft.

To build trust and demonstrate respect, a company can outline how data is collected and what type of data the company collects.

It is important to note that the data you collect and how you collect it will have limitations based on your location. Legal obligations regarding digital data collection companies must follow to avoid breaking the law. These include:

  • The Federal Trade Commission Act
  • The Computer Fraud and Abuse Act
  • The Electronic Communications Privacy Act
  • The Fair and Accurate Credit Transactions Act

Furthermore, states often have guidelines safeguarding internet users’ privacy. For example, the California Consumer Privacy Act (CCPA) is often used nationwide as a template for companies’ privacy policies.

Here is an article about the CCPA and user rights.

Meet some lawyers on our platform

Matthew S.

2 projects on CC
View Profile

Michael M.

180 projects on CC
View Profile

Justin K.

3 projects on CC
View Profile

Michael K.

70 projects on CC
View Profile

4. How the Data Is Used

A company should clearly state how it uses the data it collects from its customers. For example, will this data be used for personalized advertising, marketing, or other uses?

Common uses for customer data are:

  • Improving products or services
  • Improving customer experience through behavioral data analysis
  • Refining a marketing strategy
  • Securing personal data by learning to capture and recognize specific users’ input

Data use varies widely by industry and organization. However, every privacy policy should explain exactly how you will use customers’ data and for what purposes.

Here is an article that explores how businesses use data in various contexts.

5. Data Storage and Protection

Will consumer data be cloud-hosted or hosted locally? What protective measures are in place to protect their personal information from theft? A company must protect the following user information from third parties:

  • Names
  • Email addresses
  • Passwords
  • Location
  • Uploaded media

Safeguarding this information is a vital part of customer assurance. It also influences how compliant a company is with specific privacy laws.

Even elements like data portability and the ability to move data from one application or hosting site to another are important considerations.

Here is an article that gives an example of a privacy policy that adheres to the European GDPR.

6. Tracking Tools

Specify what tracking tools your product, website, or application uses to record and collect users’ data. Standard tracking tools include:

  • Adobe Analytics
  • Google Analytics
  • Clicky
  • Facebook Conversion Pixels
  • Hotjar
  • Unique identifier IDs (IDFAs)

Although web trackers are legal, businesses must follow limitations and regulations. Furthermore, consumers should always be fully aware of how a company intends to collect their data and what type of data each tracking tool collects.

Here is an article that explores how to track website users legally.

7. Third-Party Access

Many businesses share their users’ data with third parties. In this case, the privacy policy should explain how other parties will access customers’ data.

Companies can also use this privacy policy portion to assure users that they will never rent, sell, share, or otherwise distribute their personal data to third parties.

Here is an article about third-party access in privacy policies under the GDPR and CCPA regulations.

8. Opt-Out Clause

An opt-out clause gives users the right to withdraw or remove their information from the company’s data collection processes.

For example, a user may unsubscribe from a company’s mailing list or wish to opt out of sharing their usage data with an app developer.

Opt-out is also known as “consent withdrawal.” This is because it protects the user’s data by giving them complete freedom and control over what information they share.

Opt-out clauses are legally required in most situations. For example, the CAN-SPAM Act of 2003 requires all businesses and individuals that send commercial emails in the United States to offer an unsubscribe option to their recipients.

Here is an article that explores opt-ins and opt-outs in privacy policies further.

9. Description of Process for Changes and Updates to the Policy

You can close a privacy policy with a description of how you will modify or update it in the future. This includes how you will notify users of any changes to the policy. Users will need to consent to new privacy policies for their user agreement to stay valid.

Most companies have periodic reviews of their privacy policy to ensure it always offers the greatest protection to their consumers. However, keeping copies of all previous privacy policies and a detailed record of their updates is advisable.

Here is an article that explores when and how you should update your privacy policy, as well as how to notify users.

Post a project in ContractsCounsel’s marketplace to receive flat fee bids from lawyers for your project. All lawyers have been vetted by our team and peer-reviewed by our customers for you to explore before hiring.

How ContractsCounsel Works
Hiring a lawyer on ContractsCounsel is easy, transparent and affordable.
1. Post a Free Project
Complete our 4-step process to provide info on what you need done.
2. Get Bids to Review
Receive flat-fee bids from lawyers in our marketplace to compare.
3. Start Your Project
Securely pay to start working with the lawyer you select.

Meet some of our Lawyers

Wendy C. on ContractsCounsel
View Wendy
5.0 (2)
Member Since:
January 17, 2023

Wendy C.

Free Consultation
Get Free Proposal
5 Yrs Experience
Licensed in AZ, TX
Arizona Summit Law School

Business transactions attorney who is well-verse in general corporate matters, fundraising, and negotiation in technology, blockchain, and consumer product industry

Christopher N. on ContractsCounsel
View Christopher
Member Since:
January 10, 2023

Christopher N.

Managing Partner
Free Consultation
Get Free Proposal
25 Yrs Experience
Licensed in PA
Widener University Commonwealth School of Law

Christopher Nuneviller has practiced in the securities, venture capital, corporate and emerging business sectors, and as a contract-advisor to the federal government, a federal government senior level executive, and as Army Judge Advocate. Like you, he also he is a partner in other business ventures and faces the same pressure to succeed, be profitable, and stay sane, all while making his clients, employees, family and business partners happy. As the managing partner for Philadelphia's MNB Meridian Law, Ltd., his focus is on assisting small and mid-sized businesses grow and thrive. As a business generalist, Christopher provides advice and counsel to businesses, their owners, investors and shareholders on matters ranging from formation, organization, governance, routine and special operations, and growth toward IPO. Christopher is also a former U.S. Army Judge Advocate having served seven years in Washington, D.C. where he gained significant experience with "above the fold" matters of great import and an unhealthy insight into the internal workings of the "beltway" underbelly. Mr. Nuneviller is admitted to practice in the Commonwealth of Pennsylvania, and before the Supreme Court of the United States, the Court of Federal Claims, and the Court of Appeals for the Armed Forces.

Patrick N. on ContractsCounsel
View Patrick
Member Since:
January 18, 2023

Patrick N.

Attorney at Law
Free Consultation
Get Free Proposal
6 Yrs Experience
Licensed in MA
Suffolk University Law School

Before attending law school, I had a prior career in business performance reporting. This experience differentiates me from other attorneys. I can readily read, interpret, and synthesize financial reporting. I also have a passion for legal research and writing.

Dayton M. on ContractsCounsel
View Dayton
Member Since:
January 17, 2023

Dayton M.

Free Consultation
Get Free Proposal
1 Yr Experience
Licensed in WV
West Virginia University College of Law

Business Law - Criminal Defense - Immigration

Jonathan M. on ContractsCounsel
View Jonathan
Member Since:
January 18, 2023

Jonathan M.

Free Consultation
Get Free Proposal
Charlotte, NC
13 Yrs Experience
Licensed in NC, SC, VA
Charlotte School of Law

Owner and operator of Meek Law Firm, PC. Meek Law Firm provides comprehensive business law representation, precise and informed representation for real estate transactions in the commercial and residential markets of North and South Carolina and efficient succession and estate planning for business owners and individuals.

David A. on ContractsCounsel
View David
Member Since:
January 23, 2023

David A.

Family Lawyer
Free Consultation
Get Free Proposal
41 Yrs Experience
Licensed in FL
University of Florida

Graduated UF Law 1977. 40 years experience in Family Law/Divorce and Prenuptial Agreements. Rated "AV Preeminent" By Martindale Hubble, the oldest lawyer rating firm in the USA. Top 5% of attorneys in Florida as reviewed by Judges and other Lawyers (not client reviews). Personal prompt service and easy to contact--available 24/7. Good negotiator and very personable. My clients are my priority.

Judi P. on ContractsCounsel
View Judi
Member Since:
January 26, 2023

Judi P.

Free Consultation
Get Free Proposal
New Mexico
3 Yrs Experience
Licensed in NM
Arizona Summit Law School

Driven attorney with a knack for alternative dispute resolution, real estate, corporate law, immigration, and basic estate planning, with superb people skills and high emotional intelligence, and for working smart and efficiently, as well as time and financial management skills to deliver excellent legal work and solutions to legal issues. Seasoned with 20+ years of law firm and legal experience (real estate/corporate).

Brittany T. on ContractsCounsel
View Brittany
Member Since:
January 26, 2023

Brittany T.

Free Consultation
Get Free Proposal
9 Yrs Experience
Licensed in GA
Florida Coastal Law School

Brittany is an experienced attorney specializing in transactional and complex contract matters including but not limited to SaaS development and product implementation, technology/data agreements, licensing, and compliance. She has over 7 years of experience providing strategic legal advice to individuals and business clients of all sizes, from start-ups to large corporations. Brittany has a strong understanding of the legal issues related to technology and software and is well-versed in drafting and negotiating contracts ranging from software licenses to data sharing agreements. She is a highly-skilled negotiator and is adept at finding creative solutions to challenging legal issues.

Karen S. on ContractsCounsel
View Karen
Member Since:
January 31, 2023

Karen S.

Free Consultation
Get Free Proposal
12 Yrs Experience
Licensed in GA
Georgia State University

I'm an attorney available to help small businesses in Georgia get started with initial business set-up, required filings, tax strategies, etc. I'm also available to draft, review, and negotiate contracts. My experience areas include small business startups, information technology, technology innovation, real estate transactions, taxes, community associations, intellectual property, electrical engineering, the business of video game development, higher education, business requirements definition, technology consulting, program management, and the electric utility industry. I work part-time for a firm practicing community association law and part-time in my solo practice. I'm also an adjunct professor at Southern New Hampshire University teaching business innovation and business law. In addition, I'm part owner, legal counsel to, and a board member of a virtual reality video game development company. I am a member of the Georgia Bar Association. Please reach out if you need attorney, documentation or consulting help in any of those areas!

Find the best lawyer for your project

Browse Lawyers Now

Want to speak to someone?

Get in touch below and we will schedule a time to connect!

Request a call