A portfolio website is a great way to showcase your skills and get clients to hire you for their next project, but if you collect any personal data from website vitiors, you need a privacy policy.
In this guide, I explain why you need a portfolio website privacy policy, what goes into one, the laws that impact it, how to make your own, and where to post it on your site.
- How To Make a Portfolio Site Privacy Policy
- Does Your Portfolio Website Need a Privacy Policy?
- What Are the Benefits of Having a Privacy Policy on Your Portfolio Website?
- Which Privacy Laws Affect Your Portfolio Website?
- What Should You Include in Your Portfolio Site’s Privacy Policy?
- Where To Display Your Portfolio Website’s Privacy Policy
- Summary
How To Make a Portfolio Site Privacy Policy
You can take several routes to make a privacy policy for your portfolio that complies with privacy regulations.
Use a Privacy Policy Generator
You can create a comprehensive privacy policy for your portfolio website with Termly’s free privacy policy generator.
Our automatic solution is a great way to make a customized privacy policy that complies with privacy laws and takes just minutes to complete.
You answer straightforward questions about your portfolio site and its data processing activities, and the generator makes a unique privacy policy based on your answers.
Use a Privacy Policy Template
You can also create a privacy policy with our free privacy policy template, which gives you a jump start.
It features proper formatting and some pre-filled standard clauses you can modify to suit the needs of your portfolio.
If your portfolio doesn’t collect personal data or fall under privacy laws, consider using a free template to put up a privacy policy on your website to help with SEO and marketing.
Write It Yourself
You can also write your privacy policy independently, but you should only attempt this if you have a firm grasp of privacy regulations.
If you leave something out, even by mistake, you could still be penalized under the various data privacy laws.
For some extra help, check out our comprehensive guide on how to write a privacy policy.
Does Your Portfolio Website Need a Privacy Policy?
Your portfolio website needs a privacy policy if you collect personal information from visitors.
Privacy laws regulate how to legally handle personal data collected from individuals, such as their name, email address, or phone number, and most require some form of a privacy policy.
Your portfolio website likely uses forms prompting visitors to input personal data to contact you and inquire about your services.
In addition, many third-party applications and platforms also require you to post a privacy policy to use their services, such as:
- Google Analytics
- Cloud providers
- Email marketing platforms
- CRM providers
These third parties may require you to have a privacy policy on your website as part of their terms of service.
For example, Google Analytics’ terms of service require users to display a privacy policy informing visitors of their use of cookies, as shown in the screenshot below.
Finally, posting a comprehensive privacy policy shows your commitment to handling user data responsibly, which develops a relationship of trust between your business and consumers.
What Are the Benefits of Having a Privacy Policy on Your Portfolio Website?
Having a privacy policy on your portfolio website is a simple and effective way to build a responsible online presence and can benefit your business by:
- Helping you avoid potential lawsuits and fines for violating data protection laws.
- Building trust with your visitors by demonstrating a commitment to promptly, responsibly, and securely handling their data.
- Informing and educating visitors about their rights regarding their data.
- Acting as proof of handling data responsibly in case of a lawsuit.
- Informing users how third-party tools use their data.
- Some search engines may rank websites with privacy policies better.
- Demonstrating your professionalism to visitors.
- Shows your commitment to your brand.
Which Privacy Laws Affect Your Portfolio Website?
Some of the privacy laws that may affect your portfolio website include the:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- California Online Privacy Protection Act (CalOPPA)
- Children’s Online Privacy Protection Act (COPPA)
- Colorado Privacy Act (CPA)
- Utah Consumer Privacy Act (UCPA)
- Virginia Consumer Data Protection Act (VCDPA)
- Personal Information Protection and Electronic Documents Act (PIPEDA)
Let’s briefly discuss the implications of these laws and their effect on your portfolio website privacy policy in more detail.
General Data Protection Regulation (GDPR)
If your portfolio services people within the European Union (EU) or European Economic Area (EEA), you might be subject to following the General Data Protection Regulation (GDPR).
Under the GDPR, organizations must have a privacy policy to inform site visitors of the following details:
- What data you collect from website visitors
- How the website collects user data
- The purpose for collecting the data (legal basis)
- How long you’ll retain the data
- How users can opt out of specific data processing activities
- If you share or sell it with third parties
- If you transfer the data internationally
Additionally, the United Kingdom’s (UK) privacy law is nearly identical to the GDPR but accounts for the succession of the UK from the EU.
California Consumer Privacy Act (CCPA)
If you provide your services to people in California, there’s a chance you fall under the threshold of the CCPA and require a CCPA-compliant privacy policy.
The CCPA requires your privacy policy to inform clients of all of the following:
- Their right to know the personal data you collect about them
- The data you have about them
- How you collect and use this data
- Their right to opt out of the sale or sharing of their data
- How they can opt-out
California Online Privacy Protection Act (CalOPPA)
If your website has visitors from California and collects personal data, you must follow the requirements written by CalOPPA.
Under CalOPPA, your privacy notice must contain the following details:
- The privacy policy’s effective date
- Categories of personal information you collect
- Categories of personal information you share with third parties
- Process for reviewing and altering personal information
- How you’ll notify users of any significant privacy policy change
You must also display the privacy policy conspicuously, either by posting it on your website’s homepage or via a link or icon clearly labeled “privacy” in a color that makes it stand out.
Children’s Online Privacy Protection Act (COPPA)
If your portfolio website is marketing a service you provide to kids, for example, teaching kids a musical instrument, then your privacy policy must comply with COPPA.
COPPA provides specific privacy protections for children in the United States and applies to any website that may be accessed by children under 13.
Colorado Privacy Act (CPA)
The Colorado Privacy Act may apply to your portfolio if you offer services to Colorado residents.
Under the CPA, your privacy policy needs all of the following details:
- What personal data you collect
- Why you collect the data
- What categories of data you share with third parties
- The categories of the third parties you share data with
Utah Consumer Privacy Act
On December 31, 2023, Utah’s Consumer Privacy Act enters into action, giving Utah residents the right to know the data a business collects about them through its website.
Under this law, residents of Utah can access the data that a business has collected about them and opt out of certain kinds of data processing.
If you intend to offer your services to residents of Utah, your portfolio website privacy statement should address the following:
- The data you collect
- How you’ll use the data
- How users can access their data that you have collected
- The user’s right to opt out of the processing of their data and data deletion
Virginia Consumer Data Protection Act (VCDPA)
If your services are available to people in Virginia, you might fall under the Virginia Consumer Data Protection Act.
You must include all of the following information in your website portfolio’s privacy policy to meet the VCDPA requirements:
- What data you collect
- Your purposes for processing the data
- Categories of data shared with or sold to third parties
- The categories of the third parties themselves
- An explanation of how consumers can submit requests to follow through on their rights
- A mechanism for appeal decisions related to consumer requests
- A disclosure explaining if you process personal data for targeted advertising
Additionally, your privacy policy must inform consumers of their rights under the VCDPA, including their right to:
- Opt out of data processing
- Access any data you collected
- Delete any data you collected via your website
Personal Information Protection and Electronic Documents Act (PIPEDA)
If you offer services to people residing in Canada, your portfolio website must comply with PIPEDA, the country’s privacy law.
The law requires that you let site visitors know how you collect their data, the type of data you’re collecting, and how they can consent or opt out.
You can include this information in a privacy policy and present it to your users before data collection occurs.
What Should You Include in Your Portfolio Site’s Privacy Policy?
To comply with privacy regulations, your privacy policy for your portfolio website must include specific information, which I’ve covered in detail in the following sections.
Introduction
Start your privacy policy by making a clear, thorough introduction section.
It should include the full name of your company, state who the policy applies to, define all applicable terms, and lead to a table of contents.
The Personal Data You Collect
Your website portfolio’s privacy policy should describe the type of data you collect from your visitors, such as:
- Their names
- Location
- Email addresses
- Social media handles
- Credit card information
- IP addresses.
You can present it in a list or table format for clear understanding.
For example, Jon Morrow’s website privacy policy describes what type of data the site may collect from its visitors in a list format, as shown below.
Why and How You Collect the Data
Your portfolio privacy policy must include your methods of collecting visitors’ data, such as contact forms, tracking cookies, surveys, and mailing lists.
The policy should also explain if you collect personal information automatically or whether it is limited to the information users personally provide.
You should also clearly state why you collect visitors’ data and how you use it.
The reasons might include:
- Providing users with a product or service
- Sending them promotional materials
- Processing orders
- Improving site performance
Ensure that clauses used in your privacy policy address the potential ways you use the collected data and meet any legal obligations you’re subject to.
An excellent example of this clause comes from Justin Welsh’s personal website privacy policy, pictured below.
Children’s Data
You must include a clause in your privacy policy explaining if your portfolio website collects data from known children or not.
If you do collect data from minors, you’re subject to following strict additional laws, like the Children’s Online Privacy Protection Act (COPPA).
Otherwise, use this clause to inform parents and legal guardians about how they can contact you if they believe you’ve accidentally collected information from their child.
State Whether You Share the Data With Third Parties
Disclose in your website portfolio’s privacy policy whether you sell or share visitor data with third parties and the type of data involved.
Remember, one of the primary functions of a privacy policy is to build transparency in the data collection process and to foster trust between data collectors and website users.
If you share users’ data with any third-party applications, such as Google Analytics or Google AdSense, you must clearly state who these third parties are and their data-handling practices.
Failing to inform visitors about this in your privacy policy is unethical and prohibited under several privacy laws.
How Long You Will Retain Visitor Data
Your website portfolio’s privacy policy should clearly explain your data retention policy. Data privacy law requirements often determine this.
For instance, the GDPR requires that you keep visitors’ data only as long as necessary and for the reasons it was initially obtained.
Specify a timeframe within which you’ll delete collected data once it is no longer needed.
How You Store and Protect the Data
Data protection laws also require website owners to protect the data collected from visitors, so include this information in a clause in your portfolio website’s privacy policy.
Use strong security measures to protect the data you collect to ensure it doesn’t fall victim to a data leak or other unauthorized access.
Some good examples of security measures are multi-factor authentications, complex passwords, firewalls, data encryption, and secured access.
The privacy policy on Miles Becker’s website is a good example, as shown in the screenshot.
Your Use of Internet Cookies
Under privacy laws like the GDPR and the CCPA, internet cookies qualify as personal data.
Add a clause to your portfolio website’s policy that explains how and why your site uses cookies and link to an external cookie policy if necessary.
What Rights Your Users Have over Their Data
Include a clause in your portfolio website privacy policy that tells users what rights they have over their data and how they can act on them.
If you’re subject to following multiple laws, make a different section for each one so users can easily find the relevant information.
Updates to Your Privacy Policy
Explain in a clause in your privacy policy how you’ll explain to users about any changes or updates you make to your privacy policy.
You might:
- Send them an email
- Add a last update date to your policy
- Keep an archive of past iterations
How You Handle Data Transfers
Laws like the GDPR and others require you to explain in a clause in your privacy policy if you transfer data internationally.
You’re obligated to only transfer data to locations with the same levels of protection as the laws that apply to you and your users’ data.
Company Contact Information
Add a clause to your portfolio website’s privacy policy that features contact information so users know how to reach you if they have comments, questions, or concerns regarding your policy.
Where To Display Your Portfolio Website’s Privacy Policy
There are several places you can link to your portfolio website’s privacy policy that are easy for users to find.
- Website Footer: This is a static part of your site that everyone sees, which helps ensure people can access your policy no matter what page of your portfolio they end up on.
- Sign-up Forms: Data collection occurs wherever a website form appears, so putting your privacy policy here helps you meet the requirements of different data privacy laws.
- Pop-up Banners: If you use any pop-up banners on your portfolio website to express your use of cookies, this is also a good place to put a link to your privacy policy.
Summary
Portfolio websites often need privacy policies and be subject to different data privacy laws, especially if you collect personal information from website visitors.
Users expect to find one on your site, even it’s just a basic portfolio that showcases your work.
Use Termly’s free privacy policy generator and privacy policy template to make a privacy policy for your portfolio website easily.