A Privacy Policy is a legal document the outlines how a company gathers and handles personal information from its clients or customers.
Companies utilize Privacy Policies as a way of being transparent to their users and customers about how their personal information will be used, with or without their knowledge.
Websites and apps have Privacy Policies that are available to their customers and site visitors. These policies display what personal information is being gathered, such as:
A Privacy Policy will be be part of a website, or displayed on a device screen on mobile apps.
Cookies, which are used to analyze web traffic and let applications respond to users needs individually, will be addressed in a Privacy Policy, as well as whether or not any personal data will be sold or shared with third parties.
Privacy policies often include how the customer can reach an organization to update contact information, access and control the personal data that is collected and used for marking actives or get answers to questions about the Privacy Policy practices.
As a web owner or an app developer, most countries require you by law to include a privacy policy to disclose your data collection and use policies to your users.
If you collect or share personal user information like names and emails in any way that could be considered "commercial," you may be engaging in practices where a Privacy Policy is mandatory.
Privacy Policy requirements vary county to county and sometimes state to state, but they are all very similar.
Let's take a look at the California Online Privacy Protection Act (CalOPPA) as an example:
In California, you are required to have a Privacy Policy if you are:
"An operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service shall conspicuously post its privacy policy on its Web site."
"Operator of a commercial Web site or online service" is a very wide spectrum or people, and includes app developers.
CalOPPA has a wide reach, and even if your site isn't operated in California, it could impact how you collect personal information from users who reside in California, so CalOPPA will likely extend to you wherever you are.
The EU now has the General Data Protection Regulation (GDPR) that affects businesses and individuals worldwide by requiring among many things a Privacy Policy when personal data is collected and used.
Personal data means any information that relates to an identifiable natural person; a person who can be identified, directly or indirectly, by a reference to a personal identification number or to factors the specify physical, mental, physiologic, cultural, economic, or social identity.
The best way to comply with privacy laws and regulations is to have a readable, easy to understand, accessible Privacy Policy which informs the user about:
Here are a few additional reasons why, aside from the law, you would need a Privacy Policy:
It may be required by a third-party service. Services that collect user information from your website, like Amazon Affiliates and Google AdSense, require that you have a Privacy Policy. Always check the Terms of Use of any third parties you use.
For example, Google AdSense requires that its users must have a Privacy Policy that discloses the following:
For Amazon Affiliates, your users will need to be informed of:
Additionally, having a Privacy Policy is considered the right thing to do. You can establish a lot of trust with your users by being honest about how you collect their data and how it will be used. Taking and using personal information without consent is deceitful, and illegal in most countries. Your customers and clients expect a Privacy Policy.
If you are not sure you need a Privacy Policy, it's better to have one and be safe rather than sorry.
When drafting a Privacy Policy, the information included will depend on the specific laws and policies that apply.
Generally, most laws require that your users are informed of:
Always try to avoid jargon, complex writing, or legalese when drafting a Privacy Policy. The Policy is just as much about informing your user as it is about protecting you. Try to keep it short, simple, and easy to understand.
The most important clauses to include in your Privacy Policy are as follows:
1. Personal data and third-party disclosure
Your users need to know that you'll never sell their personal data and that you'll only disclose it to third parties to improve service.
Here is an example from Apple:
2. Acquisition by another company - Business Transfer Clause
There is always the possibility that any commercial entity may be acquired by another company. The users should know what will happen to their personal information if such an acquisition were to take place.
If you intend to one day sell your business or think it might be possible, it's important to include a Business Transfer clause in the privacy agreement.
Here's an example of a Business Transfer Clause from Chartbeat:
3. Cookie Practices
Cookies are everywhere and almost all third parties used on your website could be serving cookies on a user device.
It's very important that you make sure your users are notified that they are receiving cookies from you or a third parity partners.
This can be done with a Cookie Policy agreement, but you can simplify the process by just including it as a clause in your Privacy Policy in most cases.
Here's an example of how Amazon includes its cookie practices in its Privacy Policy:
Cookies can be a confusing concept to your users, so it's helpful to inform users of the following:
Google Analytics offers an opt-out browser add-on that helps to make it convenient for their users to opt-out.
4. Commercial Emails
If your site collects email addresses and you plan on sending them promotional or marketing emails, you need to disclose this in your Privacy Policy.
Here's an example of a Communications clause from the Sass News Privacy Policy:
Every email you send needs to have an unsubscribe link.
The bottom of every email is a great place to place include the "Unsubscribe" link, as you've likely seen before in your own inbox.
5. Contact Us
If done right, a Privacy Policy clearly and simply communicates to the user everything they need to know. In case a user is confused, or has a question about anything regarding your Privacy Policy, it's a good idea to provide this information in the Privacy Policy so your users know they can contact you.
Here's how Apple let's their users know they are welcome to ask questions about Apple's Privacy Policy:
Your Privacy Policy needs to be highly visible and easily accessible.
Any legal agreement needs to be accessible to all users, without them having to click through multiples pages of your website to find it.
Most websites place the Privacy Policy link in the footer of the site on each page. This makes it easily accessible to your users regardless of which page they are visiting.
Here's an example from Upwork's footer.
In your mobile app, place your Privacy Policy in a menu that your users can always access, like an "About the App" menu.
Even though it may seem like a hassle, putting a Privacy Policy into place is an important aspect of your business, and putting it off could mean trouble down the line.
You don't want to risk losing your affiliate ad networks, be sued by a customer or get fines for violating international privacy laws.
Protect yourself and your business by creating a Privacy Policy today.