Privacy Policy for Church Websites

Generate a Free Privacy Policy
Privacy Policy for Church Websites-01

We’re used to seeing privacy policies on ecommerce and business websites — but nonprofits and community organizations like churches often need them as well.

A privacy policy is a legally required document explaining what personal data your church website collects from visitors, how and why it’s used, and what rights your visitors have over it.

Keep reading to learn why publishing a privacy policy is essential if your congregation uses your website to facilitate activities, sign-ups, newsletters, or educational programs.

Table of Contents
  1. How To Make a Church Site’s Privacy Policy
  2. What Is a Privacy Policy?
  3. Which Privacy Laws Affect Church Websites?
  4. Does Your Church Website Legally Need a Privacy Policy?
  5. What Are the Benefits of Having a Privacy Policy on Your Church Website?
  6. What Should You Include in Your Church Website’s Privacy Policy?
  7. Where To Display Your Church Site’s Privacy Policy
  8. Summary

How To Make a Church Site’s Privacy Policy

Let’s discuss the most common ways to make a privacy policy for your church website so you can choose the best solution for your needs.

Use a Privacy Policy Generator

The simplest way to make a church website privacy policy is to use Termly’s free Privacy Policy Generator.

Our comprehensive solution asks easy questions about your church and helps you comply with applicable laws.

It then generates a unique policy based on your answers that you can embed directly on your site, taking all the hassles and guesswork out of data privacy compliance.

See what it looks like in the screenshot below.


Use a Privacy Policy Template

If you want to be more hands-on with your privacy policy, use our free privacy policy template.

Templates are good for any community organization or small business, especially when you want to tailor the sections to your specific congregation.

Fill in the blank sections of the template with information about your church and choose if you’d like to download it or copy and paste it as HTML code to your site.

Write It Yourself

You and your church leadership might want to write your privacy policy from scratch, and Termly can help you do that, too.

We’ve developed a comprehensive guide on how to write a privacy policy in nine steps.

The guide lets you tick the boxes for the sections and points you know you must include while allowing you to develop a privacy policy that’s exactly right for your church and its members.

However, this method is not recommended unless you are well-versed in data privacy law.

What Is a Privacy Policy?

A privacy policy is a legal document that lets visitors to your church website know how you collect and use their personal information, including:

  • What data you collect
  • Why you collect it
  • How it’s used
  • Who you share it with
  • What rights users have over that information

Posting a privacy policy helps you comply with privacy laws and reassures your website visitors that they can trust you with their personal information.

Which Privacy Laws Affect Church Websites?

There are a significant number of state, federal, and international privacy laws that regulate the collection and use of data from website visitors, like the:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • California Online Privacy Protection Act (CalOPPA)
  • Colorado Privacy Act (CPA)
  • Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Virginia Consumer Data Protection Act (VCDPA)

These laws apply to businesses and organizations; nonprofits are not always exempt.

Even if your church is tax-exempt, it doesn’t guarantee that you’re exempt from privacy laws because each piece of legislation has its own language about what organizations it applies to.

Does Your Church Website Legally Need a Privacy Policy?

Your church’s site may legally need a privacy policy if it falls under any data privacy laws.

For example, if your church is based in the EU, you fall under the GDPR and must follow its strict data collection and processing requirements.

Large churches with a significant online presence reaching audiences in various locations also likely legally need a privacy policy.

Church websites may collect personal information from congregation members in the following different ways:

You and your church leadership should ask if you engage in any of the following activities, and if so, make a privacy policy for your website.

Additionally, if your site uses third-party services like Google Analytics or AdSense, you must post a privacy policy as part of their terms of use.

What Are the Benefits of Having a Privacy Policy on Your Church Website?

Posting a privacy policy to your church website can benefit your congregation in several ways:

What Should You Include in Your Church Website’s Privacy Policy?

A privacy policy for church websites should contain some key pieces of information, which I’ve covered for you in the following sections.


All privacy policies should start with an introduction section that names your business, defines all relevant terms, and says who the policy applies to.

Consider adding a table of contents here so people can easily read through your church’s website privacy policy.

What Personal Data You Collect

All privacy policies must inform website visitors about what personal data you collect from them.

List out everything in a way that’s clear and easy to read — for example, you might use a bullet list or table to organize all of the details.

How and Why You Use the Data

Many privacy laws require websites to explain how and why they use personal data, so plan to include this information in your church website’s policy.

If you fall under laws like the GDPR, you must also prove a legal basis for using the information.

Children’s Data

If you collect data from minors under age 13, you’re subject to following child protection laws like the Children’s Online Privacy Protection Act (COPPA).

You should include this clause in your policy even if your church website doesn’t knowingly collect data from children and explain how legal guardians can contact you if they believe you’ve mistakenly gathered details about their child.

If You Share Data With Third Parties

Explain in your church’s website privacy policy if you share any data you collect with external entities or third parties.

List what categories of data you share with those third parties, and list the categories of the third parties themselves. If you don’t share any data, say as much in this clause.

Your Data Retention Policy

Laws like the GDPR require you to say how log you retain data for and your process for determining this timeline in a clause in your privacy policy.

To ensure legal compliance, put these details in your church website privacy policy.

Safety and Security Measures

Data privacy laws hold you accountable for protecting the data you collect from data breaches or unauthorized access.

Explain in your privacy policy if you use measures to de-identify or pseudonymize the data in your possession.

Remember, you must protect digital and physical information about your churchgoers, including printed-out paper documents.

Your Use of Internet Cookies

If your website uses cookies, include that information in your privacy policy, as internet cookies qualify as personal information under most data privacy laws.

Consider posting a separate cookie policy on your website as well.

What Rights Users Have over Their Data

If you fall under laws like the GDPR, you must inform your website visitors in your privacy policy about their rights over their data and how they can act on them.

Include this information in your policy and consider linking to a Data Subject Access Request (DSAR) form so it’s easier to receive and respond to such requests.

Updates to Your Policy

You should update your privacy policy whenever you change how you collect, process, or use personal information.

Add a clause to your policy explaining how you’ll inform users when an update occurs.

How You Handle Data Transfers

If you transfer any data your church website collects internationally, you must include a clause in your policy stating so.

For compliance reasons, ensure you only transfer data to countries with equal protection as all applicable privacy laws or use standard contractual clauses as necessary.

Your Contact Information

Your website visitors must know how to easily contact you if they have questions or comments about your church site’s privacy policy, so include a phone number, email, or physical address.

Where To Display Your Church Site’s Privacy Policy

Once you’ve developed a privacy policy, put it in the following places so it’s easily accessible to anyone who wants to read it:

  • The footer of your website
  • In your privacy center or legal page, if applicable
  • Within other legal documents (i.e., your cookie policy or terms and conditions)
  • On your consent banner, if applicable


A privacy policy is essential for churches that use their websites to interact with congregants and members of the public.

It provides valuable reassurance to members of your community who share their information with you online.

A privacy policy is also necessary if you fall within the scope of state, federal, or international privacy laws.

Make it extra easy and use our free Privacy Policy Generator to quickly make a document that covers all of your church site’s activities, now and in the future.

Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources