A Privacy Policy is a document where you disclose what personal data you collect from your website’s visitors, how you collect it, how you use it and other important details about your privacy practices.

In this post, we’ll take a look at what Privacy Policies are and why you likely need to have one posted on your website. We’ll also go over some important clauses that are useful to include in your Privacy Policy. Finally, we’ll look at how different websites display their Privacy Policies.

Contents

Privacy Policies are legally binding agreements you are required to post on your website if you’re collecting any sort of personal information from your site’s visitors or customers.

A Privacy Policy is an important legal document that lets users understand the various ways a website might be collecting personal information. The purpose of a Privacy Policy is to inform users of your data collection practices in order to protect the customer’s privacy.

Your Privacy Policy should disclose how the website/app collects information, how the information is used, whether or not it is shared with third parties and how it is protected and stored.

There are 3 main reasons for having a Privacy Policy: (1) you’re required by law, (2) you’re required by third party services, (3) you want to be transparent.

Required by Law

Required by Law

The most important reason Privacy Policies are useful is because you’re most likely required by the law to have one posted on your website. The applicable laws in your region or the region you’re conducting business in may require you to include and abide by certain clauses in your Privacy Policy.

For instance, in the United States, the California Online Privacy Protection Act (CalOPPA) requires websites that collect personal information from the residents of the state of California to include a statement in their Privacy Policy that discloses how you handle their information. Since there isn’t a way to filter out visitors from California, you’re likely required to comply with CalOPPA even if your website is ran from a location nowhere near California.

Forever 21’s Privacy Policy agreement has a separate section on California Residents that explains the rights of the residents of California in compliance with CalOPPA.

Forever 21 Privacy Policy: California Residents Clause

Similarly, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), the EU’s General Data Protection Regulation (GDPR) act, and Australia’s Privacy Act of 1988 also require you to post a Privacy Policy and include certain clauses in it if you’re collecting any personal information from the residents of these regions.

Required by Third Party Services

Privacy Policies Required by Third Parties

Most of the third party services you use to improve your website’s user experience, monitor analytics or display advertisements also require you to post a Privacy Policy on your website.

According to their requirements, you should include clauses that disclose how you use these third party services, APIs, SDKs, plugins, etc.

Some of the most popular third party services that require you to post a Privacy Policy on your website include:

Analytics services work by placing cookies on your visitors’ devices and then collecting information about them when they visit your website, such as which device(s) they use, browsing activities, etc.

This is why third party services (like Google Analytics) require you to post a Privacy Policy that discloses your usage of their services and cookies.

Logo of Google Analytics

Google Analytics’ Terms of Service agreement states in its Privacy section that you must post a Privacy Policy on your website that discloses your use of cookies and your use of Google Analytics and how it collects and processes data.

Google Analytics Terms of Service requires a Privacy Policy

Websites and web applications that use analytics services to improve the user experience they deliver must therefore abide by these rules.

If you’re a Facebook app developer, you’re required by Facebook to post a Privacy Policy on your website that’s easily accessible and discloses the information you collect and how you will use that information.

Facebook Terms for App Developers: Give People Control Clause

Transparency

Transparency

As more and more people online are becoming aware of privacy laws, having a Privacy Policy displayed on your website that discloses how you gather and handle your visitors’ personal information is a great way to build trust and help your website users feel secure.

It’s a good practice to follow even if you’re not collecting any sort of personal information from your website’s visitors. This is because Privacy Policies are increasingly prevalent. If a visitor sees that you don’t have one published, she may be led to believe that you do, in fact, collect information from your visitors but aren’t disclosing it. It’s better to have one posted that states that you do not collect any information from your site’s visitors. This is especially true for blogs.

DuckDuckGo, for example, has a Privacy Policy posted on its website that simply states that it doesn’t collect any personal information from visitors.

DuckDuckGo: Screenshot of Privacy Policy page with highlighted excerpt - does not collect or share personal information

Recommended Clauses for Privacy Policies

Recommended Clauses for Privacy Policies

A Privacy Policy should be organized in a way that helps the reader understand key categories of information. This is best done with well-structured and clearly written clauses, neatly identified with descriptive headlines.

The clauses you include in your Privacy Policy depend on a number of factors including the type of business you’re running and the applicable law. However, there are some clauses that just about every website that collects personal information from visitors includes in a Privacy Policy.

Let’s take a look at some examples of clauses that are useful to add in a Privacy Policy agreement:

Type of Information You Collect

Most Privacy Policies start out by disclosing the type of information the business collects from its visitors or customers. It lets the end user know which type of personal information they can expect to provide, whether required or optional.

Let’s take a look at MailChimp’s Privacy Policy agreement:

MailChimp Privacy Policy: Information We Collect clause excerpt

MailChimp has an incredibly detailed Your Information section which explains what information it collects from users. It’s been divided into several sections – Information you provide to us, Information we collect automatically, Information we collect from other sources, Information from the use of our mobile apps.

It identifies the personal information you provide when you sign up with them and/or purchase their services such as name, address, email address, IP address, and credit card information.

Some web applications, like GitHub, collect information from their site’s visitors in addition to their end users.

Here’s a look at how GitHub explains this in its Privacy Policy agreement:

GitHub Privacy Policy: Information from Website Browsers and users with accounts clauses

GitHub explains that it collects personally-identifying information from website’s visitors and why it’s collected. The type of information collected from users who have accounts on GitHub is also disclosed.

How the Collected Information is Processed and Shared

You’re required to disclose how you process and share the personal information you collect from your site’s visitors. It should explain what you do with the information after you’ve collected it.

For example, in its Privacy Policy, LogMeIn explains the different ways it uses the personal information it collects:

LogMeIn Privacy Policy: How We Use the Information We Collect and Receive clause

LogMeIn also has a section in its Privacy Policy that explains how it shares visitors’ personal information with third parties:

LogMeIn Privacy Policy: Information Sharing clause discussing third party disclosure

Use of Cookies and Tracking

Websites that use cookies or other technologies to obtain personal information from their website’s visitors or customers include a cookies clause in their Privacy Policies. Generally, the cookies clause states that the website uses cookies, why it uses them, and how users can disable cookies on their devices.

Canva’s Privacy Policy has a section on Cookies information that explains cookies usage.

Canva Privacy Policy: Cookies Information Clause

It says that Canva uses cookies to improve your experience with their website by helping you log in faster and making their on-site navigation better. Cookies are also placed in order to track how you use the website. Canva discloses that its business partners also receive this information. Finally, it’s noted that if you disable cookies, some features of Canva might not work properly.

Changes to the Privacy Policy

You will likely have to change the content of your Privacy Policy at some time. For this reason, most Privacy Policies have a clause that states how they will inform users about updates and revisions to the agreement.

Let’s take a look at LogMeIn’s Privacy Policy again:

LogMeIn Privacy Policy page: Changes to this Statement - Contact Us clause

This clause states that the Policy may be updated and discloses how notifications of material changes will be given. It also says that if you continue to use the services after the update then you automatically agree to the revised Privacy Policy.

Examples of Websites with Privacy Policies

Regardless of whether you’re running a website, web app, mobile app or desktop app, if you’re collecting personal information from your end users then you’re required to post a Privacy Policy.

Most websites provide a link to their Privacy Policy in their homepage footer, main navigation, or an appropriate sub-menu.

Let’s take a look at the Privacy Policy agreements of some popular websites.

Reddit

Reddit links to its Privacy Policy from the fine print in the footer of the homepage:

Reddit website footer with links

The Privacy Policy itself follows the same format and theme as the rest of the website and includes anchor navigation links in the left sidebar.

It includes the following clauses:

  1. What We Collect
  2. How We Use Information About You
  3. How Information About You is Shared
  4. Ads and Analytics Partners
  5. Your Choices
  6. Other Information
  7. Contact Us

Reddit: Screenshot of Privacy Policy page intro and table of contents

Canva

Canva’s Privacy Policy uses short summaries to the right of the clauses to help summarize information for readers. This helps make the Policy easier to understand and more user-friendly.

Canva Privacy Policy: Information we collect from you automatically and Cookies information clauses

The New York Times

The New York Times has a link to the Privacy Policy in the website’s footer:

The New York Times website footer with links

The Privacy Policy includes anchor navigation links, a search bar and a button to initiate chat. The benefit in this formatting is that it makes it easy for the site visitor to find information they need to fully understand their privacy rights.

The New York Times: Screenshot of Privacy Policy intro - excerpt

Summary

If you’re collecting any sort of personal information from your website’s visitors, end users, subscribers, customers, or clients then you’re most likely required by law or by third party services to post a Privacy Policy on your website.

You need to be aware of: