Jump to Section
Need help with a Privacy Policy?
Post Your Project (It's Free)
Get Bids to Compare
Hire Your Lawyer
What Is a Privacy Policy?
A privacy policy is a legal statement explaining how a company collects, handles, processes, and respects its customers' personal data on a website or app. Most privacy policies use clear and explicit language to ensure that their customers or website visitors understand what personal data the company collects and how the company will use that information.
Privacy policies are necessary for any digital medium that collects user data, such as websites, e-commerce sites, blogs, web applications, mobile applications, and desktop applications.
You might also know privacy policies by other names, such as:
- Privacy statement.
- Privacy page.
- Privacy notice.
- Privacy information.
What Information Do You Collect?
The information your company collects through digital customer visits usually depends on the purpose of your website or app and your industry. Common examples of personal information collected digitally include:
- First name and last name.
- Mailing address.
- Billing address.
- Email address.
- Phone number.
- Age.
- Sex.
- Marital status.
- Race.
- Nationality.
- Religious beliefs.
- Credit card information.
Other information might relate specifically to customer actions within the site. For example, if your website allows users to share pictures, comment on posts, or like other user's information, you might collect all that data, as well.
The Necessity of a Privacy Policy
Privacy policies are not just a good way to build trust with and offer transparency to your customers — they're also legally necessary and required by most third-party applications.
Legal Obligations
Digital privacy laws and regulations exist all over the world, so if your website draws visitors from outside of your state or country, you need to abide by their local privacy laws in addition to your own. It's absolutely vital that you research the legal obligations relevant to your customer base to ensure you're abiding by the necessary laws.
There is no single federal privacy law in the U.S. Instead, individual states set digital privacy laws, and a few federal regulations create a patchwork of legal protections for consumers. If your customers come from all over the U.S., these federal regulations can help you structure your privacy policy:
- The Federal Trade Commission Act: Regulates commercial practices.
- Electronic Communications Privacy Act: Protects certain digital communications from unauthorized use.
- Computer Fraud and Abuse Act: Makes unauthorized computer and data access illegal.
- Children's Online Privacy and Protection Act: Requires parental consent before collecting information from children under the age of 13.
- Controlling the Assault of Non-Solicited Pornography and Marketing Act: Governs deception and disclosure through email marketing.
- Financial Services Modernization Act: Governs personal information use by financial institutions.
- Fair and Accurate Credit Transactions Act: Requires creditors and other financial institutions to maintain identity theft prevention programs.
Many states also have specific privacy laws. California's law, called the California Online Privacy Protection Act , is the most comprehensive and strict nationwide, so most companies use it for guidance when structuring their privacy policies.
If you have customers or website visitors from all over the world , you should refer to international privacy laws to ensure you're meeting all the necessary legal requirements.
Third-Party Obligations
Many third-party services require privacy policies. For example, if your blog hosts ads from Google Ads, you must abide by Google's privacy policy and post the language of its policy on your website. This is true of most major third-party services, like Amazon, Facebook, and Apple.
Building Trust
Providing a straightforward privacy policy also helps to build trust with your customers. They'll see that you respect their data and personal information and will appreciate your willingness to abide by regulations and your transparency in making it easy to see what data you collect and what you do with it.
Even if your website or app doesn't collect any personal information, you might consider posting a privacy policy anyway. Many customers expect to see a privacy policy when they visit a website or app, so the lack of one might confuse or mislead them. Instead, post a notice stating you don't collect any personal information.
See Privacy Policy Pricing by State
- Alabama
- Alaska
- Arizona
- Arkansas
- California
- Colorado
- Connecticut
- Delaware
- District of Columbia
- Florida
- Georgia
- Hawaii
- Idaho
- Illinois
- Indiana
- Iowa
- Kansas
- Kentucky
- Louisiana
- Maine
- Maryland
- Massachusetts
- Michigan
- Minnesota
- Mississippi
- Missouri
- Montana
- Nebraska
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- North Carolina
- North Dakota
- Ohio
- Oklahoma
- Oregon
- Pennsylvania
- Rhode Island
- South Carolina
- South Dakota
- Tennessee
- Texas
- Utah
- Vermont
- Virginia
- Washington
- West Virginia
- Wisconsin
- Wyoming
What Does a Privacy Policy Include?
Privacy policies vary greatly depending on your business, your industry, and your customers' geographical location. Generally, your privacy policy should provide information regarding notice, choice, access, and security. Most privacy policies contain the following elements at a minimum:
- Customer data: List the types of information you collect and explain how it's collected.
- Usage: Explain how you use the information you collect.
- Storage and protection: Describe how you store and protect customer information to keep it safe from hackers.
- Company information: Provide contact information for the company should customers want further information regarding the privacy policy.
- Tracking: Explain how your company uses tools like cookies, log files, and other tracking tools.
- Opt out: Provide the option to opt out of data collection.
Depending on the specifics of your company, you might also consider including these elements in your privacy policy:
- Public data: Explain how you control and share any public data.
- Third-party access: Describe what access third-party services will have to your customers' data.
- Changing or removing: Explain how you go about modifying or deleting customer data.
- Transfers: Offer information on if, how, and when you'll share personal information with other businesses.
- Marketing: Give notice if you'll use the provided email address to send marketing information from your company.
- Changes: Provide any updates to the privacy policy.
- Questions: Offer frequently asked questions and answers regarding data collection and usage.
These elements generally abide by U.S. regulations. If you have customers in other parts of the world, such as the EU, make sure you assess privacy laws in the region when writing your privacy policy.
Image via Unsplash by benji3pr
How To Create a Privacy Policy
You have several options when creating your privacy policy. First, you can write your own by reviewing legislation, reading the policies of other companies in your industry, and creating your document. However, writing your own can be time-consuming, and if you don't have adequate information, you might accidentally miss a critical, legally necessary element of your policy.
The simplest and most effective way to create a privacy policy is to seek guidance from a contract lawyer. They have the necessary skills and knowledge to help you structure an appropriate and comprehensive privacy policy that will meet the needs of your company and industry while satisfying legal and third-party services obligations.
How To Enforce Your Privacy Policy
You want to ensure that your customers know where to find your privacy policy and either agree to the terms or opt out if they want. The easiest way to do this is to create an immediate pop-up when your customer enters your website or before they submit personal data, like billing information for a purchase. Ask them to agree to the terms before proceeding.
Most companies provide a short snippet of their privacy policy with a link to the full text, which customers can also access on your website if they'd like to read the entire document.
An effective privacy policy is not just a great way to build customer trust. It's a legal necessity. If you're not sure how to get started, use the expertise of a contract attorney to help you create a customized privacy policy perfect for your business.
Meet some of our Privacy Policy Lawyers
Agnes M.
Agnes Mombrun Geter is the Founder and Managing Attorney of Mombrun Law, PLLC. She is an experienced attorney and is a member of the Florida Bar, New Jersey Bar, and the Pennsylvania Bar. The firm's practice focuses on Estate Planning, Business Law, and Debt Settlement including IRS Debt Relief. The firm's goal is to simplify the law and provide clients with the confidence and information necessary to make their decisions. The firm also provides project-based legal services to other attorneys and law firms, along with assisting as personal counsel and local counsel on legal matters.
Richard P.
Have over 40+ years of corporate and commercial law experience.
Julian H.
I am a business attorney with years of experience advising individual entrepreneurs and small businesses on issues ranging from entity selection/formation to employment law compliance, to intellectual property protection and exploitation. I often act as General Counsel for my clients fulfilling the legal function as part of a team of managers. I look forward to learning more about your business and how I may be of assistance.
Christopher R.
Corporate and transactional attorney in sixth year of practice. Focus areas include general corporate counsel, labor and employment law, business partnership matters, securities matters related to privately-held companies, and regulatory compliance in securities and finance matters.
Forest H.
Forest is a general practice lawyer. He provides legal advice regarding small business law, contracts, estates and trusts, administrative law, corporate governance and compliance. Forest practiced complex commercial litigation in Florida for eight years, representing clients such as Host Marriott, Kellogg School of Business, and Toyota. Since moving to Nashville in 2005, he has provided legal advice to clients forming new businesses, planning for the future, and seeking funding through the use of equity and/or debt in their businesses. This advice has included the selection of business type, assistance in drafting and editing their business plans and offering material, reviewing proposed term sheets, and conducting due diligence. Forest is a member of the Florida, Tennessee, and Texas Bars; in addition. Forest has held a Series 7, General Securities Representative Exam, Series 24, General Securities Principal, and Series 63, Uniform Securities Agent State Law.
Anjali S.
CA, NY, and FL licensed attorney with nearly a decade of experience in intellectual property, data privacy, commercial contracts, and employment. I also have both the CIPP/US and CIPP/E privacy credentials. Basically, everything your business needs!
July 13, 2020
Dillon N.
I joined Enterprise Law Group, LLP as an Associate in March 2020. My practice has involved a wide range of legal matters from commercial real estate, finance and international business transactions to litigation matters including commercial disputes, personal injury and medical malpractice. Proficient in Spanish, I graduated from the University of Kentucky College of Law, the Patterson School of Diplomacy and International Commerce, and the University of Southern California. Prior to my legal career, I sought diverse professional experiences. After graduating from college, I orchestrated my own volunteering experience in southern Peru with a small non-profit organization. Later I gained valuable professional experience as part of a U.S. Senate campaign, and after that I joined the public policy team at Greater Louisville, Inc., Louisville's Chamber of Commerce affiliate. Prior to law school, I embarked on a month long excursion with the Northern Outdoor Leadership School in Alaska, which gave me a new found appreciation for sustainability.