How to write your own privacy policy

A privacy policy is a written statement on how your business collects and uses personal information. It declares to your organisation and to your audience how you approach user privacy.

As the owner of an online business, a privacy policy is one of the most important things to have in order to protect your business and customers. Having one is also a legal requirement in most parts of the world.

What does it take to write a good privacy policy?

A good privacy policy is transparent, easy to understand, and accessible to your users. At a minimum, your privacy policy must disclose the following:

• Personal information you collect about your users
• Why you need this information
• How you collect this information
• Where and how this information is stored
• How you keep this information safe
• Details around sharing this information with third parties
• How your users can exercise their rights over their personal information
• The risk to the user when they share their personal information
• The steps users can take to protect their privacy (including opting out of any tracking or data processing)
• How users can contact you to make a complaint or request about their information

GetTerms 5-point policy guidelines

To ensure that your policy doesn’t mislead users or leave your business exposed, we’ve put together a 5-point guideline that we recommend reviewing your policy against:

1. Who and/or what is included in your policy’s scope?

Are you writing a bespoke policy for one business, or a blanket policy for multiple websites or apps?

Take the time to review all products, services and processes involved — depending on their respective functions and types of data being processed, you may need to create separate privacy policies that specifically cover each of your offerings.

2. Which privacy laws apply to you and what are their requirements?

Have you covered all the laws that apply to you and your business? Besides the laws local to your area, consider also where your customers are based, and any additional laws you will need to comply with as a result.

(You can check out our earlier blog posts about the GDPR and CCPA, which are amongst the most widespread and stringent data privacy regulations passed to date.)

3. Is your privacy policy easy to read and understand?

Is your privacy policy written in clear, everyday language with visually prominent headings to separate each section? Try not to overdo it with legal jargon or unnecessarily complex language.

Remember, a privacy policy is intended for both your consumer audience and privacy regulators.

4. Does your policy address current user concerns?

As more high-profile data breaches and privacy scandals seem to unfold every day, it’s wise to confront current concerns that users and regulators may have about issues such as email spam, data storage and security.

5. Is your policy specific enough?

No part of your policy should be left open to interpretation — it should be as clear and precise as possible. Scan your policy for any ambiguous wording or legal gaps where you should include a limitation of liability clause.

As your business grows and data privacy regulation continues to evolve, so too should your privacy policy.

Just like any other important business document, we advise engaging a legal professional to review your policy and ensure all bases are covered.

Save time with GetTerms.io

As a “one size fits most” solution, our content generators give businesses a head start in developing their own privacy policies. Generate a privacy policy now.