Home > Templates

Free, Customizable Privacy Policy Template




Get this template > 

What is a privacy policy?Privacy-1024x682

A privacy policy is a legal document that outlines how a user's data will be collected, processed, handled, and stored. It also outlines why the business collects the information and how users can opt out. Most privacy policies are hyperlinked at the bottom of a website page or presented as a clickwrap agreement during sign up and check out flows. Unlike Terms and Conditions, privacy policies are required by law.

Any website, app, or online store that handles users' personal information or uses third-party services like Google Analytics (which collects data on your behalf) to do so needs a privacy policy. While there are common clauses to include in a privacy policy, the content will vary for each business depending on the information they collect, the country they operate in, and the country or state in which their users are based.


Intro to Privacy Laws

While privacy policies are not new, they have been widely talked about with the quickly evolving privacy laws which have made waves in the last few years.  Many of these new laws come with hefty fines for non-compliance. This is why it's important for businesses that transact with residents or citizens of these places  to comply with country-specific data regulations.


Privacy laws in the EU - GDPR

The EU's 1995 Data Protection Directive got a major update in 2018 as the General Data Protection Regulation (GDPR) came into effect. As of May 25, 2018, any entity doing business with and collecting data from EU citizens must have a privacy policy.

The GDPR also requires ethical and transparent data collection, that data controllers and processors outline what information is collected, how it will be used, for how long, and how users can opt out — all of which must be outlined in the privacy policy. Businesses that fail to comply can face up $20 million or 4% of annual revenue in fines.

Privacy Laws in the US - CalOPPA and CCPA

While the US does not have a general, nation-wide privacy law, some states have individual privacy laws that govern the data of their residents. California, for example, has been leading the charge on data privacy regulation in the United States.

Their current privacy law, California Online Privacy Protection Act (CalOPPA), protects the data of California users on websites or online services. The California Consumer Protection Act, on the other hand, protects the personal data of California users from big business. The CCPA will be stricter on businesses than CalOPPA, and businesses that bring in large revenue or make money selling information will need to comply.

Both CalOPPA and CCPA have specific mandates of what to include in a privacy policy. Businesses that are transacting with California residents must comply with the CCPA by January 2020.

Because the world is now more digitally connected than ever before, country- and state-specific privacy laws must be considered when writing a privacy policy.


Privacy Laws in Canada  - PIPEDA

The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy law for private-sector organizations in Canada. PIPEDA originally went into law on April 13, 2000 and targeted e-commerce, but has since expanded to include other industries. Any private enterprise in Canada that collects personal information during the course of  business activity is subject to PIPEDA.

Similar to GDPR, individuals under PIPEDA have the right to access their personal information and to challenge its accuracy. One important aspect of PIPEDA is that it's designed to keep Canada's privacy requirements consistent with the country's trading partners, specifically the European Union.

Privacy Policy FAQ

Answers to frequently asked questions about privacy policies.


[fa icon="plus-square"] Who needs a privacy policy?
Any website, app, online store, or other business entity that collects and stores personal data from users is legally required to have a privacy policy. In this case, the definition of personal information includes name, address, phone number, date of birth, social security number, or anything else that personally identifies a user.
[fa icon="plus-square"] What should I include in a privacy policy?
The goal of a privacy policy is to outline a business' data practices to users. While the content of each business' policy will vary, there are some common clauses to include:
  • Information you collect
  • Why you collect information
  • How you use and share information
  • Third-party content and integrations
  • How long you keep data
  • User rights/opting out
Country-specific data privacy requirements will also determine what is included in the policy and how you present it to users — for example, the EU's GDPR, California's CalOPPA, or Canada's PIPEDA.
[fa icon="plus-square"] Why is everyone updating their privacy policy?
Between 2016 and 2018, there was a flurry of emails that informed users about a business' change in privacy policy. This peaked in 2018 because companies without a GDPR-compliant privacy policy (or any at all) rushed to update their practice.

While businesses are always making changes to their policies, it was never before required that they inform customers of these changes. The GDPR now imposes a very large fine on businesses whose privacy practices do not comply with its mandates.
[fa icon="plus-square"] Is a cookie policy different from a privacy policy?
Whereas a privacy policy outlines the general use, processing, and storage of a user's data, a cookie policy outlines only one way of collecting, using, and storing information: via cookies. A cookie is a text file on your device that remembers things like browsing data. Because cookies are another way of capturing data from users, sites that use these are required to have cookie consent notices and have the user accept before cookies are placed on their device. While a cookie policy can be part of your privacy policy, it can also be its own legal document.
[fa icon="plus-square"] How can I track consent of my privacy policy?

Poor policy and consent tracking can be costly. Having a privacy policy on your website or in your app is not enough. It's also critical that you track who opted in to your policy, when they consented and what version of the policy they saw.  This can be built by a development team or you can elect to use a 3rd party privacy and consent management tool.



Power better Privacy Policies & agreements with PactSafe

Transform the way you capture acceptance with clickwrap agreements, the modern signature solution.

Track Acceptance

 Track who accepted what and when, and manage version history in one simple interface accessible by any team member.  

Stay Compliant

Privacy compliance is no longer optional. PactSafe's consent tracking API will help you become, and stay, compliant.  

Rest Easy

Avoid costly fines and rest assured your acceptance records are being handled by experts.

See it in action ›