Generic Privacy Policy

A Privacy Policy is a legal document the outlines how a company gathers and handles personal information from its clients or customers.

Companies utilize Privacy Policies as a way of being transparent to their users and customers about how their personal information will be used, with or without their knowledge.

Websites and apps have Privacy Policies that are available to their customers and site visitors. These policies display what personal information is being gathered, such as:

  • Names
  • Addresses
  • Browsing history
  • Browsing habits
  • Device information
  • Email addresses
  • IP addresses

A Privacy Policy will be be part of a website, or displayed on a device screen on mobile apps.

Cookies, which are used to analyze web traffic and let applications respond to users needs individually, will be addressed in a Privacy Policy, as well as whether or not any personal data will be sold or shared with third parties.

Privacy policies often include how the customer can reach an organization to update contact information, access and control the personal data that is collected and used for marking actives or get answers to questions about the Privacy Policy practices.

Why Are Privacy Policies Legally Required?

As a web owner or an app developer, most countries require you by law to include a privacy policy to disclose your data collection and use policies to your users.

If you collect or share personal user information like names and emails in any way that could be considered "commercial," you may be engaging in practices where a Privacy Policy is mandatory.

Privacy Policy requirements vary county to county and sometimes state to state, but they are all very similar.

Let's take a look at the California Online Privacy Protection Act (CalOPPA) as an example:

In California, you are required to have a Privacy Policy if you are:

"An operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service shall conspicuously post its privacy policy on its Web site."

"Operator of a commercial Web site or online service" is a very wide spectrum or people, and includes app developers.

CalOPPA has a wide reach, and even if your site isn't operated in California, it could impact how you collect personal information from users who reside in California, so CalOPPA will likely extend to you wherever you are.

The EU now has the General Data Protection Regulation (GDPR) that affects businesses and individuals worldwide by requiring among many things a Privacy Policy when personal data is collected and used.

Personal data means any information that relates to an identifiable natural person; a person who can be identified, directly or indirectly, by a reference to a personal identification number or to factors the specify physical, mental, physiologic, cultural, economic, or social identity.

The best way to comply with privacy laws and regulations is to have a readable, easy to understand, accessible Privacy Policy which informs the user about:

  • Who you are
  • What type of personal data the website or app will collect
  • What the data will be used for
  • Whether the data will be given to third parties
  • What rights the user has in terms of consent withdraw and data deletion

Other Reasons Why You Need a Privacy Policy

Here are a few additional reasons why, aside from the law, you would need a Privacy Policy:

It may be required by a third-party service. Services that collect user information from your website, like Amazon Affiliates and Google AdSense, require that you have a Privacy Policy. Always check the Terms of Use of any third parties you use.

For example, Google AdSense requires that its users must have a Privacy Policy that discloses the following:

  • Google and other third-party vendors use cookies to serve ads based on a user's prior visits to your website.
  • Google's use of the DoubleClick cookie (a cookie that is activated when users visit a partner's website and view or click on an ad) enables Google and its partners to serve ads to your users based on their visit to your sites and/or other sites on the Internet.
  • Users can opt out of the use of the DoubleClick cookie for interest-based advertising by visiting Google Ads Settings.
  • Inform them of any third-party vendors and ad networks serving ads on your site, and provide a link to them.
  • Users that they may visit those websites to opt out of the use of cookies for interest-based advertising (if the vendor or ad network offers this capability). Alternatively, you can direct users to opt out of some third-party vendor's use of cookies for interest-based advertising by visiting aboutads.info.

For Amazon Affiliates, your users will need to be informed of:

  • How you collect, use, store, and disclose data collected from users
  • That third parties (including Amazon or other advertisers) may serve content and advertisements, collect information directly from users, and place or recognize cookies on their browsers

Additionally, having a Privacy Policy is considered the right thing to do. You can establish a lot of trust with your users by being honest about how you collect their data and how it will be used. Taking and using personal information without consent is deceitful, and illegal in most countries. Your customers and clients expect a Privacy Policy.

If you are not sure you need a Privacy Policy, it's better to have one and be safe rather than sorry.

What Should Be Included in a Privacy Policy?

When drafting a Privacy Policy, the information included will depend on the specific laws and policies that apply.

Generally, most laws require that your users are informed of:

  • Your business name, contact information, and location
  • What information is being collected from them (names, IP addresses, email addresses)
  • How the information is being collected and what it will be used for
  • How the information will be kept safe
  • If and how the user can opt-out of sharing their information
  • All third-party services that will be used to collect and store the information

Always try to avoid jargon, complex writing, or legalese when drafting a Privacy Policy. The Policy is just as much about informing your user as it is about protecting you. Try to keep it short, simple, and easy to understand.

The most important clauses to include in your Privacy Policy are as follows:

1. Personal data and third-party disclosure

Your users need to know that you'll never sell their personal data and that you'll only disclose it to third parties to improve service.

Here is an example from Apple:

Apple Privacy Policy Third Party Disclosure clause

2. Acquisition by another company - Business Transfer Clause

There is always the possibility that any commercial entity may be acquired by another company. The users should know what will happen to their personal information if such an acquisition were to take place.

If you intend to one day sell your business or think it might be possible, it's important to include a Business Transfer clause in the privacy agreement.

Here's an example of a Business Transfer Clause from Chartbeat:

Chartbeat Privacy Policy: Business Transfers clause

3. Cookie Practices

Cookies are everywhere and almost all third parties used on your website could be serving cookies on a user device.

It's very important that you make sure your users are notified that they are receiving cookies from you or a third parity partners.

This can be done with a Cookie Policy agreement, but you can simplify the process by just including it as a clause in your Privacy Policy in most cases.

Here's an example of how Amazon includes its cookie practices in its Privacy Policy:

Amazon Privacy Notice cookies clause

Cookies can be a confusing concept to your users, so it's helpful to inform users of the following:

  • What cookies are
  • That cookies are used on your website
  • Why cookies are being used and how they collect data
  • What types of cookies are used by you and by third parties
  • How your users can opt out of having cookies put on their devices

Google Analytics offers an opt-out browser add-on that helps to make it convenient for their users to opt-out.

4. Commercial Emails

If your site collects email addresses and you plan on sending them promotional or marketing emails, you need to disclose this in your Privacy Policy.

Here's an example of a Communications clause from the Sass News Privacy Policy:

Sass News Privacy Policy communications clause

Every email you send needs to have an unsubscribe link.

The bottom of every email is a great place to place include the "Unsubscribe" link, as you've likely seen before in your own inbox.

5. Contact Us

If done right, a Privacy Policy clearly and simply communicates to the user everything they need to know. In case a user is confused, or has a question about anything regarding your Privacy Policy, it's a good idea to provide this information in the Privacy Policy so your users know they can contact you.

Here's how Apple let's their users know they are welcome to ask questions about Apple's Privacy Policy:

Apple Privacy Policy: Privacy Questions contact clause

Where to Display Your Privacy Policy

Your Privacy Policy needs to be highly visible and easily accessible.

Any legal agreement needs to be accessible to all users, without them having to click through multiples pages of your website to find it.

Most websites place the Privacy Policy link in the footer of the site on each page. This makes it easily accessible to your users regardless of which page they are visiting.

Here's an example from Upwork's footer.

Upwork website footer showing links

In your mobile app, place your Privacy Policy in a menu that your users can always access, like an "About the App" menu.

Even though it may seem like a hassle, putting a Privacy Policy into place is an important aspect of your business, and putting it off could mean trouble down the line.

You don't want to risk losing your affiliate ad networks, be sued by a customer or get fines for violating international privacy laws.

Protect yourself and your business by creating a Privacy Policy today.