ContractsCounsel Logo

9 Things to Include in a Privacy Policy

Updated: March 28, 2023
Clients Rate Lawyers on our Platform 4.9/5 Stars
based on 9,759 reviews
No Upfront Payment Required, Pay Only If You Hire.
Home Blog 9 Things to Include in a Privacy Policy

Jump to Section


A privacy policy is a legal statement from a company in a terms and conditions user agreement that explains how it manages users’ data, such as:

  • How it collects user data
  • How it handles user data
  • How it processes user data
  • How it protects its users’ data

In today’s digital-centric era, most mobile applications, desktop applications, and web applications collect customers’ data for analytics and marketing purposes.

The privacy policy agreement shows how your business respects customers’ right to privacy and offers assurance that you will always handle their data in compliance with the law.

In industries like e-commerce, customers share personal information that could jeopardize their financial and personal security if leaked. Even blogs should include a terms and conditions page about how the site they’re hosted on collects and processes readers’ data.

In this guide, you can learn how to write a privacy policy by reviewing 9 things always to include. If you have further questions, such as the average privacy policy cost, you can use Contracts Counsel to connect with an attorney near you

1. Identify the Site or App Owner

The privacy agreement should begin with the clear identification of the site or app owner. If this is an individual, then their first and last legal names, along with the names of the site and app, should be clearly stated.

A company can use its name if it is a legally registered business entity. However, individuals running sites or apps must include their name if they do not have a DBA (doing business as) or are otherwise registered as a business in their state or province.

Here is an article about the basics of a privacy policy.

2. Effective Date of the Policy

List what date the policy takes effect. In privacy law, this is the date that the terms of the privacy policy are legally enforceable. Legal enforceability means a court of law can impose a contract, and any contract violations can result in legal penalties.

Enforceability is an integral part of any user agreement ; it ensures that all parties are in mutual understanding of the terms and conditions, as well as any obligations they agree to by assenting to the contract.

Here is an article where you can learn more about the effective date in a privacy policy.

3. Customer Data Collected

Data collection is an enormous concern for customers today. Breaches and cyberattacks can result in personal data losses, financial ruin, and even identity theft.

To build trust and demonstrate respect, a company can outline how data is collected and what type of data the company collects.

It is important to note that the data you collect and how you collect it will have limitations based on your location. Legal obligations regarding digital data collection companies must follow to avoid breaking the law. These include:

  • The Federal Trade Commission Act
  • The Computer Fraud and Abuse Act
  • The Electronic Communications Privacy Act
  • The Fair and Accurate Credit Transactions Act

Furthermore, states often have guidelines safeguarding internet users’ privacy. For example, the California Consumer Privacy Act (CCPA) is often used nationwide as a template for companies’ privacy policies.

Here is an article about the CCPA and user rights.

Meet some lawyers on our platform

Forest H.

184 projects on CC
View Profile

Daehoon P.

185 projects on CC
View Profile

Sara S.

102 projects on CC
View Profile

Ryenne S.

551 projects on CC
View Profile

4. How the Data Is Used

A company should clearly state how it uses the data it collects from its customers. For example, will this data be used for personalized advertising, marketing, or other uses?

Common uses for customer data are:

  • Improving products or services
  • Improving customer experience through behavioral data analysis
  • Refining a marketing strategy
  • Securing personal data by learning to capture and recognize specific users’ input

Data use varies widely by industry and organization. However, every privacy policy should explain exactly how you will use customers’ data and for what purposes.

Here is an article that explores how businesses use data in various contexts.

5. Data Storage and Protection

Will consumer data be cloud-hosted or hosted locally? What protective measures are in place to protect their personal information from theft? A company must protect the following user information from third parties:

  • Names
  • Email addresses
  • Passwords
  • Location
  • Uploaded media

Safeguarding this information is a vital part of customer assurance. It also influences how compliant a company is with specific privacy laws.

Even elements like data portability and the ability to move data from one application or hosting site to another are important considerations.

Here is an article that gives an example of a privacy policy that adheres to the European GDPR.

See Privacy Policy Pricing by State

6. Tracking Tools

Specify what tracking tools your product, website, or application uses to record and collect users’ data. Standard tracking tools include:

  • Adobe Analytics
  • Google Analytics
  • Clicky
  • Facebook Conversion Pixels
  • Hotjar
  • Unique identifier IDs (IDFAs)

Although web trackers are legal, businesses must follow limitations and regulations. Furthermore, consumers should always be fully aware of how a company intends to collect their data and what type of data each tracking tool collects.

Here is an article that explores how to track website users legally.

7. Third-Party Access

Many businesses share their users’ data with third parties. In this case, the privacy policy should explain how other parties will access customers’ data.

Companies can also use this privacy policy portion to assure users that they will never rent, sell, share, or otherwise distribute their personal data to third parties.

Here is an article about third-party access in privacy policies under the GDPR and CCPA regulations.

8. Opt-Out Clause

An opt-out clause gives users the right to withdraw or remove their information from the company’s data collection processes.

For example, a user may unsubscribe from a company’s mailing list or wish to opt out of sharing their usage data with an app developer.

Opt-out is also known as “consent withdrawal.” This is because it protects the user’s data by giving them complete freedom and control over what information they share.

Opt-out clauses are legally required in most situations. For example, the CAN-SPAM Act of 2003 requires all businesses and individuals that send commercial emails in the United States to offer an unsubscribe option to their recipients.

Here is an article that explores opt-ins and opt-outs in privacy policies further.

9. Description of Process for Changes and Updates to the Policy

You can close a privacy policy with a description of how you will modify or update it in the future. This includes how you will notify users of any changes to the policy. Users will need to consent to new privacy policies for their user agreement to stay valid.

Most companies have periodic reviews of their privacy policy to ensure it always offers the greatest protection to their consumers. However, keeping copies of all previous privacy policies and a detailed record of their updates is advisable.

Here is an article that explores when and how you should update your privacy policy, as well as how to notify users.

Post a project in ContractsCounsel’s marketplace to receive flat fee bids from lawyers for your project. All lawyers have been vetted by our team and peer-reviewed by our customers for you to explore before hiring.

Need help with a Privacy Policy?

Create a free project posting

Meet some of our Lawyers

Meghan T. on ContractsCounsel
View Meghan
4.8 (13)
Member Since:
February 1, 2022

Meghan T.

Free Consultation
5 Yrs Experience
Licensed in GA
Emory University

Meghan Thomas is an accomplished transactional attorney. She specializes in real estate transactional matters, property disputes, IP, tech and business contracts. Meghan's innovative leadership style has attributed to the firm's rapid development and presence in the metro-Atlanta market. She obtained her Doctor of Law from Emory University where she worked with the State Attorney General and litigated property disputes for disadvantaged clients. ​ Prior to practicing, Meghan negotiated complex transactions for Fortune 500 tech and healthcare companies. She lives with her family in Southwest Atlanta, enjoys cooking, travel, dance and continues to develop her research in the areas of transactional law and legal sustainability.

Faryal A. on ContractsCounsel
View Faryal
4.9 (81)
Member Since:
February 23, 2023

Faryal A.

Free Consultation
2 Yrs Experience
Licensed in TX
University of Houston

Ms. Ayub is an attorney licensed to practice in Texas. Before moving to the US, she has a number of years of experience in contract review, analysis and drafting. Ms. Ayub is available to help you with your legal problems, as well as filling LLC and other business entity formation documents. To know more about her practice, please visit

JOSEPH L. on ContractsCounsel
4.8 (15)
Member Since:
July 26, 2021


Free Consultation
Stratford, CT
41 Yrs Experience
Licensed in CT
Southwestern University School of Law

Mr. LaRocco's focus is business law, corporate structuring, and contracts. He has a depth of experience working with entrepreneurs and startups, including some small public companies. As a result of his business background, he has not only acted as general counsel to companies, but has also been on the board of directors of several and been a business advisor and strategist. Some clients and projects I have recently done work for include hospitality consulting companies, web development/marketing agency, a governmental contractor, e-commerce consumer goods companies, an online apps, a music file-sharing company, a company that licenses its photos and graphic images, a video editing company, several SaaS companies, a merchant processing/services company, a financial services software company that earned a licensing and marketing contract with Thomson Reuters, manufacturing companies, and a real estate software company.

Nuo Jia (Lois) L. on ContractsCounsel
View Nuo Jia (Lois)
Member Since:
February 7, 2024

Nuo Jia (Lois) L.

Managing Member
Free Consultation
New York
10 Yrs Experience
Licensed in MI, NY
University of Detroit Mercy

Attorney Lois Li is a bilingual business and commercial attorney licensed in Michigan, U.S. since 2014, in Ontario, Canada since 2015, and in New York, U.S. since 2020. As an attorney licensed in two countries, Lois leads Alpine Law’s US/China/Canada practice. She is experienced in legal and contractual transactions in both English and Chinese. Lois has over six years of experience in assisting clients with business operations and legal services, and is specialized in advising companies with legal needs in International Business, Securities law, Cryptocurrency – Block chain, and Fin-Tech. Having served as both an outside and an in-house counsel, Lois worked with many startup and small businesses. With a strong understanding of core business and the ability to translate business needs into legal requirements, Lois has assisted many companies to establish policies and procedures, and drafted and negotiated employment and transaction contracts. Further licensed as a Registered Nurse since 2010, Lois specializes in healthcare law and is experienced in FDA, HIPAA, Medicare and Medicaid regulations. She has assisted many businesses in the medical and healthcare industry.

Bill C. on ContractsCounsel
View Bill
Member Since:
January 29, 2024

Bill C.

Business Lawyer
Free Consultation
11 Yrs Experience
Licensed in IL
Arizona State University

I am a corporate business and securities attorney licensed in Illinois with more than a decade of legal experience holding both a J.D. and Master in Law in Taxation. I specialize in advising technology companies in the cryptocurrency space with regulatory compliance (eg. securities law, FinCen, and MSB rules) and cybersecurity matters (eg. GDPR, HIPAA, and CCPA), licensing agreements (SaaS, End User Licensing Agreement, Master License Agreement and etc), brokerage agreements, vendor agreements, revenue share agreements, affiliate agreements, and other related business and technology contracts. Having served as both an outside and an in-house counsel, I have worked with many early stage and mid-size companies, including blockchain companies with issued tokens in the top 100 ranking. With a strong understanding of core business needs for cryptocurrency companies and the ability to translate business needs into legal requirements, I have successfully helped businesses in the cryptocurrency space establishing their contracts, meeting regulatory compliance requirements (SEC, FinCen), and negotiating contracts with partners and vendors.

Dany C. on ContractsCounsel
View Dany
Member Since:
February 14, 2024

Dany C.

OnlyFans Attorney
Free Consultation
3 Yrs Experience
Licensed in CA
George Washington University Law School

Lawyer Vets APC is a digital legal practice founded on the idea that legal services should be available to all– Not just a privileged few. In support of this mission, we leverage technology to reduce overhead, increase productivity, and put more money in our client's pockets.

Sayema H. on ContractsCounsel
View Sayema
Member Since:
February 6, 2024

Sayema H.

Employment Attorney
Free Consultation
Pasadena, CA and Pleasant Hill, C
22 Yrs Experience
Licensed in CA
UCLA School of Law

Sayema Hameed is an experienced California attorney offering exceptional legal services in the field of employment law. With over two decades of legal experience, Sayema provides her clients with thoughtful and strategic advice and counsel, attention to detail, and high quality work to satisfy client goals and achieve successful outcomes. Helping clients maintain legal compliance, reduce liability exposure, and resolve conflicts efficiently are top priorities of Hameed Law Group. Sayema's practice includes preparation and update of employee handbooks, policies, and contracts, as well providing advice and counsel in all areas of employment in California. Sayema makes it a priority to stay up to date on the latest developments in California employment law. Sayema has been recognized as a Southern California Super Lawyer (2019-2024) and previously as a Rising Star (2009-2017) by Super Lawyers, a rating service of outstanding lawyers who have attained a high-degree of peer recognition and professional achievement.

Find the best lawyer for your project

Browse Lawyers Now

Need help with a Privacy Policy?

Create a free project posting
See All Technology Lawyers
Learn About Contracts
See More Contracts
other helpful articles

Quick, user friendly and one of the better ways I've come across to get ahold of lawyers willing to take new clients.

View Trustpilot Review

Contracts Counsel was incredibly helpful and easy to use. I submitted a project for a lawyer's help within a day I had received over 6 proposals from qualified lawyers. I submitted a bid that works best for my business and we went forward with the project.

View Trustpilot Review

I never knew how difficult it was to obtain representation or a lawyer, and ContractsCounsel was EXACTLY the type of service I was hoping for when I was in a pinch. Working with their service was efficient, effective and made me feel in control. Thank you so much and should I ever need attorney services down the road, I'll certainly be a repeat customer.

View Trustpilot Review

I got 5 bids within 24h of posting my project. I choose the person who provided the most detailed and relevant intro letter, highlighting their experience relevant to my project. I am very satisfied with the outcome and quality of the two agreements that were produced, they actually far exceed my expectations.

View Trustpilot Review

Need help with a Privacy Policy?

Create a free project posting

Want to speak to someone?

Get in touch below and we will schedule a time to connect!

Request a call

Find lawyers and attorneys by city