How to Create a Privacy Policy for My Website | A Guide for Beginners

Collecting information from visitors of websites and mobile apps is common. Because of this, many countries require a standard privacy policy.

When you write a privacy policy, you should identify what data you are collecting and how you are going to use it.

You should EXPLAIN how you protect the data and the recourse for privacy violations.

This article will guide you to the basics of making a privacy policy, additional tips to make it user-friendly, and many more.

Do I Need a Privacy Policy for My Website?

Data collection results in privacy concerns and misuse worries. You need to inform users exactly what information your site is collecting, how you use it, and why you have to collect it. This allows you to strengthen their confidence and trust in your site.

Having to write a privacy policy is one of the legal requirements of several privacy and consumer protection laws.

You need one if your business, website, or mobile app collects personal information from its users.

The following are some of the laws and regulations that require a privacy policy:

General Data Protection Regulation (GDPR)

The GDPR benefits European Economic Area (EEA) residents. This set of regulations applies regardless of where the site or app is located, as long as its audience is EEA residents.

It revolves around giving users more rights as to how and when their personal data is collected.

It incorporates a “Privacy by Design” model. This requires businesses to consider their users’ data privacy in the design of their business practices, systems, and processes.

Its effectiveness has made it become the basis of succeeding modern data privacy laws.

California Consumer Privacy Act (CCPA)

The CCPA is remarkable because it is the first comprehensive data privacy law that a US state passed.

It gives users, particularly residents of California, rights over the information that businesses collect.

ePrivacy Directive and Regulation

The ePrivacy Directive and Regulation is also referred to as the EU cookie law.

This was the main regulator of EU internet privacy. It ensured that websites got user consent first to place unrelated cookies in their browsers.

Personal Information Protection and Electronic Documents Act (PIPEDA)

The PIPEDA gives Canadian users the right to consent to their personal data collection.

It also allows them access to their information and dispute inaccuracies. It also limits the data collection to its specified purpose only.

What Kind of Privacy Policy Do I Need for My Website?

What Kind of Privacy Policy Do I Need for My Website

Most countries require a privacy policy, and it shouldn’t just be any privacy policy. It should be a detailed privacy policy.

Your privacy policy should indicate what data you collect, why you collect it, and how you use it, among others.

You should be able to reflect on how much you value your users’ privacy and patronage!

How to Create a Privacy Policy for Your Website

The ideal privacy policy that could incorporate the uniqueness of your business is one that a lawyer makes. This policy would be precise and binding, but may be costly.

You can create a basic website privacy policy through free online privacy policy generators. A privacy policy generator provides you with a ready-made template.

You can use this tool as a starting point for your business. You can add or remove policies to make them more applicable to your business.

Aside from this, you can also edit the language and technicalities to make it a better fit for you and your business.

Regardless of your choice, creating a good privacy policy involves only less than 10 steps, which are as follows:

Step 1: Identify All the Personal Information You Gather When You Collect Data

A privacy policy is a legal document that describes how your online business or site gathers, uses, and protects the personal information of its users.

Gathered basic information includes the following:

  • Names
  • Birthdays
  • Addresses
  • Contact information
  • Locations
  • Activity
  • IP addresses
  • Payment information

The first section of your privacy policy should enumerate all the personal data you collect.

You should be keen as to WHEN and WHERE you collect personal data. You should do a thorough review of your site to determine where you collect data.

For example, if you have online forms to fill up, you should let your users know about this in your privacy policy.

Step 2: Explain How You Use Your Data Collection

The next step is informing users how you plan to use the data you collect.

Be transparent with your users to put them at ease!

Let them know if you are using the information for product recommendations or custom promotions.

It helps to let them know that you’re using their information to provide them with special offers.

Step 3: Address Child Privacy Issues

Provide a clause that addresses child privacy in your privacy statement. This is regardless if the audience of your website or mobile app is children or adults.

If your target audience is adults, a simple statement in your privacy policy is enough.

On the other hand, the Children’s Online Privacy Protection Act (COPPA) forbids you to knowingly collect private information from children aged 18 and younger.

You must follow a specific protocol in the COPPA guidelines to do so. Your children’s privacy policy should be more detailed for this.

Step 4: Explain How You Protect Personal Information

The US Federal Trade Commission fair information practice principles require a portion of security measures in a privacy policy.

As such, you should explain how you will protect the personal information that your website or mobile app collects.

Show how you can prevent possible security breaches and prohibited access. The level of your security measures depends on the sensitivity of the data you gather.

FOR EXAMPLE: Banking and payment details are considered highly sensitive information. Your website privacy policy should provide the details of the security encryptions in force on your website.

You should make your users feel safe and secure when they provide sensitive information.

If they do not feel confident in giving their banking and payment information, you may miss out on possible sales revenues.

Step 5: Provide a Recourse Policy

There may be situations where you may not have honored your users’ data privacy or your own policy. To prepare for times like these, provide a portion of recourse.

This portion tells visitors who to contact in cases of policy violations and gives them the alternative to opt out of it.

This will reflect how much you value the privacy of your users and the respect you have for them.

Step 6: Disclose if You Plan to Share Data With Third Parties

You can turn to third parties to collect personal information from your users or share the personal information and contact information collected.

In any of the two cases where a third party is involved, you should let your users know about this.

Third-party tools can help you with content optimization, lead generation, site analytics, affiliate marketing, and even customer service.

IMPORTANT TIP: If you are not yet involved with any third party, it is still best to disclose the possible involvement in your privacy statement.

Step 7: Indicate the Use of Cookies and Tracking Technologies

Site visitors commonly encounter cookies and other tracking technologies. Their use should be disclosed in your privacy policy.

Your cookies clause can be short, as long as you provide a link to your detailed cookies policy.

What is more important is that you give your users the choice to opt out to disable cookies if they want to.

Step 8: Explain How Users Access and Control Their Data

At the end of the day, the data you have collected is still your users’.

Let them know about their rights relating to the personal information you collect.

For example, they have the right to access the data collected again or have them permanently deleted from your databases.

You can include a Data Subject Access Request (DSAR) form in your privacy policy.

A DSAR form gives your users the option to access, edit, transfer, and delete their personal data.

Step 9: Notify Users of Future Policy Changes

It is unavoidable that your business will change or grow in a period.

You may update your privacy policy to keep up with specific changes and maybe even laws. When you do so, you should notify your users.

You may indicate in your original privacy statement your right to change it whenever the situation calls for change.

You should also include the right of your users to be informed about any revision.

How Do I Add a Privacy Policy to My Website?

Most companies have a link or button to their privacy policies in the footer of their website.

You can link your privacy policy to multiple areas of your site. Other common places to add a privacy policy include sign-up forms, checkout pages, and banners on landing pages.

Laws like the GDPR require you to show a link to your site’s privacy policy in every area that collects data.

According to the GDPR provision on consent obligations, certain kinds of information need consent to your privacy policy.

Additional Tips When Writing Privacy Policies

Tips on writing privacy policy

When you compose your privacy policy, you cannot just write anything. There are a few more things you should consider when you do so, such as the following:

#1 Consider Supplementary Clauses

Aside from the non-negotiable portions of your privacy policy, there are also additional clauses you can include.

For example, you can include a communications clause. This should contain all your contact information for your app users to reach you.

If you have a chat box on your website, let your users know that their personal information, like their name, contact information, and email address, is part of the data you are collecting.

Another supplementary clause you can consider is a business transfer clause. The future is uncertain, and you can never know for sure if you will have to sell your business later on.

This clause will help you minimize your potential liabilities when it comes to that point. It will give your users a heads-up on how their personal data may be passed on to a new owner when you decide to sell your business.

The most common example of an additional clause is the terms and conditions agreement. It is not always mandated by law, but it can help you avoid unacceptable user behavior.

It serves as the rules and guidelines for your website or mobile app. It acts as a contract between you and your users.

#2 Make Your Privacy Policy User-Friendly

A great consideration when you create your entire privacy policy is its user-friendliness.

It helps in getting the consent and confidence of your users when they clearly understand what you are trying to say.

It is easier when you have a table of contents to show the outline of your privacy policy. It provides your users with easier navigation.

Your users can also skip to the more important parts that concern them more.

Make sure you use direct and plain language when creating your privacy policy. Avoid the use of legal and technical jargon. These are terms that your users will not directly understand.

Many users may doubt the technicalities to be misleading. As such, they may not give you their consent to get their personal data.

Frequently Asked Questions

Is It Illegal to Copy a Privacy Policy?

Yes, it is illegal to copy a privacy policy. Copyright protects privacy policies. When you write a privacy policy that is copied word for word from another company, you are at risk of legal sanctions and penalties.

However, you can use a privacy policy generator to get an example of a well-written policy.

Make sure that you add in, remove, and edit clauses. Your privacy policy should match the unique needs of your business.

What Is Considered a Violation of Privacy?

The main factor that constitutes a violation of privacy is the absence of consent.

Common types of this violation include the appropriation of name or likeness, intrusion upon seclusion, false light, and public disclosure of private facts.

All these become problems when the owner of the data collected does not give you their consent to do so.

What Happens if I Break a Privacy Policy?

Breaking a privacy policy harms your reputation and puts you in violation of the law.

When you do so, you lose the trust of your users and waste plenty of your resources in attempts to redeem your reputation.

To add to this, you will have to face certain sanctions, fines, and legal claims.


You are legally required to have a privacy policy for your website or mobile app.

To create your own privacy policy, you can check any online privacy policy generator for templates you can work on.

However, it is still best to seek legal advice to ensure that you cover all the important details.