Privacy Policy 101: The Ultimate Guide You Need To Protect Your Website

If you’re building an online business and want to protect your website with no fuss and no muss, this ultimate privacy policy guide is for you! After reading this guide,...

Image of an iPad showing the legal guide.

FREE ONLINE Business Legal GUIDE

Get a quick crash course in the laws that affect your business and other ways you can protect yourself from legal headaches.

Privacy Policy 101: The Ultimate Guide You Need To Protect Your Website

If you’re building an online business and want to protect your website with no fuss and no muss, this ultimate privacy policy guide is for you! After reading this guide,...

Image of an iPad showing the legal guide.

FREE ONLINE Business Legal GUIDE

Get a quick crash course in the laws that affect your business and other ways you can protect yourself from legal headaches.

If you’re building an online business and want to protect your website with no fuss and no muss, this ultimate privacy policy guide is for you! After reading this guide, you’ll know how to create a privacy policy for your website and understand what the heck it means. 

As an added bonus, you won’t be lulled to sleep with boring legalese… because we’ll be keeping things light and maybe even a bit amusing.  Let’s be honest, the last thing you want or need is a stiff, boring post that reads like it’s written by a lawyer. 

Luckily, you’ve found a guide written by a Harvard Law Grad turned online entrepreneur who sounds NOTHING like a lawyer because he probably hates legalese more than you do! (That’d be ME!) 

Since you’re here reading this post, I’m gonna take two wild guesses about you…

First, you’re building an online business. 

That’s a pretty easy one because there aren’t a lot of offline business owners (or people who aren’t business owners at all) reading guides about creating a website privacy policy! 

(If you are not an online business owner and you’re reading a post about online business legal stuff, seek help…)

Second, I’m gonna go out on a limb and say that the idea of having to create a privacy policy has you somewhat confused, overwhelmed, and maybe a wee bit scared. 

I mean, freaking lawyers like their legalese even more than they like dressing up in boring suits, and they always tend to make things harder to understand than they really need to be…

If my guesses were right (or even close), then you’re going to love this post. After reading this guide, you’ll know exactly how to create a privacy policy and actually understand what the different parts of it mean. 

You’re welcome. 😉

What We'll Cover...

What is a privacy policy?

Woman standing with hand on her hip while scratching her head with her other hand questioning "what is a privacy policy?".

If you want the definition of a privacy policy in lawyer-speak, it would be something like this: 

A privacy policy is a legal document that sets out what information you collect from website visitors, how you collect that information, why you collect that information, how you use that information, who you share that information with, and what visitors can do to limit your use or collection of that information. 

But since I’m guessing you’d like to avoid hearing from Lawyer Man (insert charismatic superhero voiceover here for full effect), how about we put it into plain English…

Your privacy policy helps your website visitors understand what the heck is going on with their data and information when they visit your website. 

The good news is that in spite of my joke about “above-mentioned,” “heretofore,” “foregoing,” and “whereof” above, your privacy policy shouldn’t include any of that kind of stilted language. 

And it certainly shouldn’t include a bunch of legalese.

There will be some technical language (about pixels, cookies, tracking codes, and the like…), but not a lot of legal sounding words.

Because your privacy policy is to provide some clarity and transparency to your website visitors… most of whom aren’t lawyers. So you don’t need to talk to them like one! 

Unless you serve lawyers, in which case… I’m sorry for you. But I digress. Moving on! 

Why is a privacy policy important?

Man standing with both arms open to the side, palm facing up, looking out the side of his eyes. Topic: privacy policy

There are a few reasons why your privacy policy is important to your business. 

First… because the law says so!

But I’m betting you want more of an explanation as to why you’re legally required to have one (because you are… just in case that wasn’t clear). 

We’ll cover that in the next section. 

Second, a well-written policy can build trust for your brand. 

Look, I’m not going to oversell this because the reality is that most people are never going to read your privacy policy or even give it a second thought. 

But let’s get real for a second, given all the scammy crap that happens on the internet. It’s a good idea to do everything you can to create trust with your website visitors. 

Having a privacy policy that is well written (and not simply copied and pasted from someone else) is one of those trust-building indicators. 

Third, most online advertisers won’t let you run ads without a privacy policy.

Yep, you read that right. Many online ad sellers (think Facebook and Google) won’t let you advertise on their platforms if you don’t have a privacy policy on your website. 

So… unless your goal is to break the law while building a scammy looking site that can’t advertise, you’re gonna need to create and post a privacy policy on your website. 

Is a privacy policy required?

Woman with thick eyeglasses looking to the viewer with one eye open and one eye closed, appears to be closely focusing on viewer. Topic: privacy policy

Um… yeah.

If you are collecting any “personally identifiable information” about your website visitors, you are legally required to have a privacy policy on your site. 

Apologies for the fancy sounding phrase “personally identifiable information,” but that’s a word that pops up in a lot of the privacy policy laws so I kinda had to use it!

Before you ask, “personally identifiable information” is a really broad term. Basically anything that you could use to identify a person (alone or when combined with other info) qualifies. 

It includes the obvious things like names, email addresses, addresses, and the like. 

As you build your business, you’ll obviously be collecting this stuff ‘cause converting visitors into leads and leads into buyers is kinda the whole point of being online, right?

And you kinda need their information to do that. 

But it also includes the not-so-obvious things that your website is probably collecting in the background like IP Addresses and info collected by the cookies and pixels you have installed for tracking purposes.

We could get all nuanced and technical, but that wouldn’t do you any good. Let me just say this simply: If you are building an online business, you are collecting personally identifiable information. 

Because you’re collecting that information on your website, there are various laws that might come into play to require a privacy policy (or other privacy disclosure), including:

  • California Online Privacy Protection Act (CalOPPA)
  • California Consumer Privacy Act (CCPA) 
  • The United States Child Online Privacy Protection Act (COPPA)
  • The European Union’s General Data Protection Regulation (GDPR)
  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) 
  • The Australia Privacy Law

Reading that list, you might be thinking: “Woohoo! I don’t live in one of those jurisdictions, so I don’t have to worry about creating a privacy policy.”

Not so fast, my friend. 

These laws don’t only apply to businesses located in those places. Under these laws, if you are collecting personal information from people who live or are present in those places, you are subject to the privacy requirements. 

You read that right. It’s not about where YOU are… it’s about where your website VISITOR is.

Again, we could get all technical about it, but let’s just be simple… if you are building an online business, you are going to be collecting info from people in at least ONE of these jurisdictions. 

The end result is that you are (or will be) legally required to create a privacy policy. 

What’s included in a standard privacy policy?

Woman standing in the middle of the frame, both palms are facing upward as her eyes looking to the side with expression of uncertainty. Topic: privacy policy

Although it might seem kinda overwhelming when you look at a standard website privacy policy, it doesn’t need to be. 

Your privacy policy will include some boilerplate language, but is mainly about including clauses related to the purpose of a privacy policy.

Or really, the purposes… because yes, there are many.

Remember that technical-sounding definition of the term privacy policy above? The one where I said it sets out:

  • What information you collect from website visitors
  • How you collect that information
  • Why you collect that information
  • How you use that information 
  • Who you share that information with
  • What visitors can do to limit your use or collection of that information

Broadly speaking those are the major topics you include in your policy. 

See, there is a method to the madness of this guide! I included the boring, technical definition of the term because it helps you understand what to include.

And call me crazy, but I think business owners should be able to easily understand their legal policies. (I’m pretty sure other lawyers hate me for this, but whatevs.)

Beyond those clauses, there are a few specific things nearly every policy will include. 

Here in the US, it is illegal to collect personal information from children who are younger than 13 without the express consent of their parents. 

So standard privacy policies should include a clause saying children under 13 are not to use the site and providing an email address for parents to reach out if there is an issue. 

The EU’s regulation sets out certain rights that people have and requires us to tell people about those rights. Kinda like the Miranda warnings that cops have to give, but related to privacy rights. 

So, your privacy policy needs to set those rights out for people.  

Rather than bore you to tears with all the details, the easiest way for you to understand what to include is to see an example of a privacy policy.  Here’s the policy on my website

Should I copy and paste a privacy policy?

Woman standing in the middle of the frame with expression of looking uncomfortable. Has her hands in the front of her body at chest level with fingers curled back. Topic: privacy policy

Gotta be honest here. Few things scare me more than when I see an online discussion where one business owner tells someone else to just go “copy” someone else’s legal policy. 

(It scares me whether it’s a privacy policy or any other policy or agreement!)

That “copy and paste” mentality is how I once saw a Canadian homebuilder with a website terms of service that said that Swedish law would apply to its music streaming services. 

Music. Streaming. Services… on a home builder website. 🙄

I was utterly perplexed until I realized that someone had literally copied the Spotify terms of service and posted them as the website policy for this Canadian homebuilder. 

No bueno, my friends. 

Aside from these kinds of comical results, the other problem is that you have no idea whether the policy you’re copying and pasting is any good. 

True story, one of the sites that has a privacy policy generator (and appears on the first page of Google results) is giving out policies that CLEARLY do not comply with the GDPR… even though it says it does!

Yikes! 

Not to mention the other laws mentioned above that they don’t comply with. 

The key takeaway here is that you should NOT copy and paste a privacy policy or any other legal document for your business from another business.

You should make sure your privacy policy comes from a reputable and knowledgeable source and that it’s customized for YOUR business.

No copying and pasting the privacy policy from Spotify, your favorite influencer, Wal-Mart, or any other place. Mkay?

Should I use a privacy policy template?

Man giving large smile with mouth open, has both hands at shoulder level giving thumbs up. Topic: privacy policy

While copying and pasting is a horrible idea, using a good template is a great idea!
There is literally no reason you should try to write a privacy policy from scratch. 

Seriously. Don’t. Your time is more valuable than that.

Heck, I don’t know any lawyers who would craft a privacy policy from scratch. We would start with our own templates and modify them for our clients needs. (The truth is out, lawyers! #sorrynotsorry)

This is probably the ONLY time you’ll ever hear me say this…

Be like lawyers!

As annoying as we lawyers are, we have certainly mastered the art of not reinventing the wheel, and you should follow suit. 

Find yourself a great privacy policy template to use to create your own policy. 

With Plainly Legal™’s smart Legal Doc Generator, you can draft your privacy policy in minutes ensuring your website and business are legally protected!

Click here to learn more about how Plainly Legal™ can help you protect your online business

Get the guide right in your inbox now!

    We respect your privacy. That’s why we never sell your information to anyone and only send you emails you’ve expressed interest in. Read our entire privacy policy.

    Get the guide right in your inbox now!

      We respect your privacy. That’s why we never sell your information to anyone and only send you emails you’ve expressed interest in. Read our entire privacy policy.

      Access the replay before it expires in...

      Days
      Hrs
      Mins
      Secs
      This replay has expired!

      Get Instant Access to the tutorial now!

      Get the guide right in your inbox now!

        We respect your privacy. That’s why we never sell your information to anyone and only send you emails you’ve expressed interest in. Read our entire privacy policy.

        See Plainly Legal™ In Action

        Get notified when the
        Plainly Legal™ Affiliate Program
        opens!

        Fill out the form below to be notified as soon as the Plainly Legal™ affiliate program opens for registration!