Please ensure Javascript is enabled for purposes of website accessibility

Privacy Policy 101: The Ultimate Guide You Need To Protect Your Website

If you’re building an online business and want to protect your website with no fuss and no muss, this ultimate privacy policy guide is for you! After reading this guide, you’ll know how to create a privacy policy for your website and understand what the heck it means. 

As an added bonus, you won’t be lulled to sleep with boring legalese… because we’ll be keeping things light and maybe even a bit amusing.  Let’s be honest, the last thing you want or need is a stiff, boring post that reads like it’s written by a lawyer. 

Luckily, you’ve found a guide written by a Harvard Law Grad turned online entrepreneur who sounds NOTHING like a lawyer because he probably hates legalese more than you do! (That’d be ME!) 

Since you’re here reading this post, I’m gonna take two wild guesses about you…

First, you’re building an online business. 

That’s a pretty easy one because there aren’t a lot of offline business owners (or people who aren’t business owners at all) reading guides about creating a website privacy policy! 

(If you are not an online business owner and you’re reading a post about online business legal stuff, seek help…)

Second, I’m gonna go out on a limb and say that the idea of having to create a privacy policy has you somewhat confused, overwhelmed, and maybe a wee bit scared. 

I mean, freaking lawyers like their legalese even more than they like dressing up in boring suits, and they always tend to make things harder to understand than they really need to be…

If my guesses were right (or even close), then you’re going to love this post. After reading this guide, you’ll know exactly how to create a privacy policy and actually understand what the different parts of it mean. 

You’re welcome. 😉

Create Your Privacy Policy With Our Free Generator

Happy man holding up his phone that says, "It's free!" while giving a thumbs up. Grab your FREE privacy policy template and use our privacy policy generator to customize it in one click!

We’re gonna get to the learning in a second, but first let’s take some concrete action. 

Since it’s a good bet that you’d probably prefer NOT having to spend your time writing legal policies, my team and I created a FREE privacy policy generator that does the work for you. 

Simply answer a few questions, and our system will create a custom policy for your business. 

Seriously, you can have your privacy policy created in 5 minutes flat without having to write a single “above-mentioned,” “heretofore,” “foregoing,” or “whereof.” 

Again, you’re welcome. 😎

Oh, and unlike other “free privacy policy generators” or templates out there that claim compliance with the GDPR and other fancy schmancy privacy laws, ours actually is.But more on that stuff later…

After you create your custom policy using our generator, come back to read the rest of this post…
…it’s okay, I’ll wait. 

***Bobby waiting patiently***

Cool, you’re back. Now on to the learning!

What is a privacy policy?

Woman scratching her head with a confused look on her face in front of a yellow background, wondering "What is a privacy policy?"

If you want the definition of a privacy policy in lawyer-speak, it would be something like this: 

A privacy policy is a legal document that sets out what information you collect from website visitors, how you collect that information, why you collect that information, how you use that information, who you share that information with, and what visitors can do to limit your use or collection of that information. 

But since I’m guessing you’d like to avoid hearing from Lawyer Man (insert charismatic superhero voiceover here for full effect), how about we put it into plain English…

Your privacy policy helps your website visitors understand what the heck is going on with their data and information when they visit your website. 

The good news is that in spite of my joke about “above-mentioned,” “heretofore,” “foregoing,” and “whereof” above, your privacy policy shouldn’t include any of that kind of stilted language. 

And it certainly shouldn’t include a bunch of legalese.

There will be some technical language (about pixels, cookies, tracking codes, and the like…), but not a lot of legal sounding words.

Because your privacy policy is to provide some clarity and transparency to your website visitors… most of whom aren’t lawyers. So you don’t need to talk to them like one! 

Unless you serve lawyers, in which case… I’m sorry for you. But I digress. Moving on! 

Why is a privacy policy important?

A man shrugging in front of a yellow background wondering, "What is a privacy policy important?"

There are a few reasons why your privacy policy is important to your business. 

First… because the law says so!

But I’m betting you want more of an explanation as to why you’re legally required to have one (because you are… just in case that wasn’t clear). 

We’ll cover that in the next section. 

Second, a well-written policy can build trust for your brand. 

Look, I’m not going to oversell this because the reality is that most people are never going to read your privacy policy or even give it a second thought. 

But let’s get real for a second, given all the scammy crap that happens on the internet. It’s a good idea to do everything you can to create trust with your website visitors. 

Having a privacy policy that is well written (and not simply copied and pasted from someone else) is one of those trust-building indicators. 

Third, most online advertisers won’t let you run ads without a privacy policy.

Yep, you read that right. Many online ad sellers (think Facebook and Google) won’t let you advertise on their platforms if you don’t have a privacy policy on your website. 

So… unless your goal is to break the law while building a scammy looking site that can’t advertise, you’re gonna need to create and post a privacy policy on your website. 

Is a privacy policy required?

A woman with a red sweater and glasses leans toward the camera holding one side of her glasses with an inquisitive look on her face, wondering "Is a privacy policy required?"

Um… yeah.

If you are collecting any “personally identifiable information” about your website visitors, you are legally required to have a privacy policy on your site. 

Apologies for the fancy sounding phrase “personally identifiable information,” but that’s a word that pops up in a lot of the privacy policy laws so I kinda had to use it!

Before you ask, “personally identifiable information” is a really broad term. Basically anything that you could use to identify a person (alone or when combined with other info) qualifies. 

It  includes the obvious things like names, email addresses, addresses, and the like. 

As you build your business, you’ll obviously be collecting this stuff ‘cause converting visitors into leads and leads into buyers is kinda the whole point of being online, right?

And you kinda need their information to do that. 

But it also includes the not-so-obvious things that your website is probably collecting in the background like IP Addresses and info collected by the cookies and pixels you have installed for tracking purposes.

We could get all nuanced and technical, but that wouldn’t do you any good. Let me just say this simply: If you are building an online business, you are collecting personally identifiable information. 

Because you’re collecting that information on your website, there are various laws that might come into play to require a privacy policy (or other privacy disclosure), including:

  • California Online Privacy Protection Act (CalOPPA)
  • California Consumer Privacy Act (CCPA) (read more about the California privacy policy laws here)
  • The United States Child Online Privacy Protection Act (COPPA)
  • The European Union’s General Data Protection Regulation (GDPR)
  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) 
  • The Australia Privacy Law

Reading that list, you might be thinking: “Woohoo! I don’t live in one of those jurisdictions, so I don’t have to worry about creating a privacy policy.”

Not so fast, my friend. 

These laws don’t only apply to businesses located in those places. Under these laws, if you are collecting personal information from people who live or are present in those places, you are subject to the privacy requirements. 

You read that right. It’s not about where YOU are… it’s about where your website VISITOR is.

Again, we could get all technical about it, but let’s just be simple… if you are building an online business, you are going to be collecting info from people in at least ONE of these jurisdictions. 

The end result is that you are (or will be) legally required to create a privacy policy. Even if you aren’t there yet, you might as well create your policy now to get it out of the way. 

I mean, it’s free right here and only takes 5 minutes. 

What’s included in a standard privacy policy?

A woman with a black and white striped shirt shrugging with a questioning look on her face, asking "What's included in a standard privacy policy?"

Although it might seem kinda overwhelming when you look at a standard website privacy policy, it doesn’t need to be. We break down how to write your own privacy policy in this post (although I’m pretty sure you’d be way better served just grabbing my template or using my generator!).

Your privacy policy will include some boilerplate language, but is mainly about including clauses related to the purpose of a privacy policy.

Or really, the purposes… because yes, there are many.

Remember that technical-sounding definition of the term privacy policy above? The one where I said it sets out:

  • What information you collect from website visitors
  • How you collect that information
  • Why you collect that information
  • How you use that information 
  • Who you share that information with
  • What visitors can do to limit your use or collection of that information

Broadly speaking those are the major topics you include in your policy. 

See, there is a method to the madness of this guide! I included the boring, technical definition of the term because it helps you understand what to include.

And call me crazy, but I think business owners should be able to easily understand their legal policies. (I’m pretty sure other lawyers hate me for this, but whatevs.)

Beyond those clauses, there are a few specific things nearly every policy will include. 

Here in the US, it is illegal to collect personal information from children who are younger than 13 without the express consent of their parents. 

So standard privacy policies should include a clause saying children under 13 are not to use the site and providing an email address for parents to reach out if there is an issue. 

The EU’s regulation sets out certain rights that people have and requires us to tell people about those rights. Kinda like the Miranda warnings that cops have to give, but related to privacy rights. 

So, your privacy policy needs to set those rights out for people.  

Rather than bore you to tears with all the details, the easiest way for you to understand what to include is to see an example of a privacy policy.  Here’s the policy on my website

Should I copy and paste a privacy policy?

A woman with a red shirt in front of a yellow background has a disturbed look on her face, holding her hands closer to her, reacting to the question, "Should I copy and paste a privacy policy?"

Gotta be honest here. Few things scare me more than when I see an online discussion where one business owner tells someone else to just go “copy” someone else’s legal policy. 

(It scares me whether it’s a privacy policy or any other policy or agreement!)

That “copy and paste” mentality is how I once saw a Canadian homebuilder with a website terms of service that said that Swedish law would apply to it’s music streaming services. 

Music. Streaming. Services… on a home builder website. 🙄

I was utterly perplexed until I realized that someone had literally copied the Spotify terms of service and posted them as the website policy for this Canadian homebuilder. 

No bueno, my friends. 

Aside from these kinds of comical results, the other problem is that you have no idea whether the policy you’re copying and pasting is any good. 

True story, one of the sites that has a privacy policy generator (and appears on the first page of Google results) is giving out policies that CLEARLY do not comply with the GDPR… even though it says it does!

Yikes! 

Not to mention the other laws mentioned above that they don’t comply with. 

The key takeaway here is that you should NOT copy and paste a privacy policy or any other legal document for your business from another business.

You should make sure your privacy policy comes from a reputable and knowledgeable source and that it’s customized for YOUR business.

No copying and pasting the privacy policy from Spotify, your favorite influencer, Wal-Mart, or any other place. Mkay?

Should I use a privacy policy template?

A happy smiling man with a yellow shirt in front of a blue background has both thumbs up, reacting to the question, "Should I use a privacy policy template?"

While copying and pasting is a horrible idea, using a good template is a great idea!
There is literally no reason you should try to write a privacy policy from scratch. 

Seriously. Don’t. Your time is more valuable than that.

Heck, I don’t know any lawyers who would craft a privacy policy from scratch. We would start with our own templates and modify them for our clients needs. (The truth is out, lawyers! #sorrynotsorry)

This is probably the ONLY time you’ll ever hear me say this…

Be like lawyers!

As annoying as we lawyers are, we have certainly mastered the art of not reinventing the wheel, and you should follow suit. 

Find yourself a great privacy policy template to use to create your own policy. 

If you take me up on my offer to use my FREE privacy policy generator, you’ll also get access to our privacy policy template as a Google Doc. You can modify it to your heart’s content! 

So that’s in… a privacy policy in a nutshell.

If you’ve made it down to the bottom of this post, you’re clearly an overachiever and I applaud you! Legal stuff is hard to stomach, but hopefully I made it as entertaining and easy to read as possible.

Because believe it or not, I hate lawyers and legalese more than you do. But that’s for another post another day. 

Now go get your privacy policy set up if you haven’t already!

Seriously, go now. 😁

About Bobby Klinck

Harvard Lawyer and Online Entrepreneur

About Bobby Klinck