Privacy Policy for a Portfolio Website: How To Create One

A portfolio website is a great way to showcase your skills and convince potential clients to hire you for their next project.

But if you collect personal data from your website visitors, you most likely need a privacy policy.

In this guide, I’ll teach you why you need a portfolio website privacy policy, what goes into one, how to make your own, and where to post it on your site.

How To Make a Portfolio Site Privacy Policy

You can take several routes to make a privacy policy for your portfolio that complies with privacy regulations.

Use a Privacy Policy Template

You can also create a privacy policy with our free privacy policy template, which gives you a jump start.

It features proper formatting and some pre-filled standard clauses you can modify to suit the needs of your portfolio.

If your portfolio doesn’t collect personal data or fall under privacy laws, consider using a free template to put up a privacy policy on your website to help with SEO and marketing.

Write It Yourself

You can also write your privacy policy independently, but you should only attempt this if you have a firm grasp of privacy regulations.

If you leave something out, even by mistake, you could still be penalized under the various data privacy laws.

For some extra help, check out our comprehensive guide on how to write a privacy policy.

Does Your Portfolio Website Need a Privacy Policy?

Your portfolio website needs a privacy policy if you collect personal information from visitors.

Privacy laws regulate how to legally handle personal data collected from individuals, such as their name, email address, or phone number, and most require some form of a privacy policy.

Your portfolio website likely uses forms prompting visitors to input personal data to contact you and inquire about your services.

In addition, many third-party applications and platforms also require you to post a privacy policy to use their services, such as:

• Google Analytics
• Cloud providers
• Email marketing platforms
• CRM providers

These third parties may require you to have a privacy policy on your website as part of their terms of service.

For example, Google Analytics’ terms of service require users to display a privacy policy informing visitors of their use of cookies, as shown in the screenshot below.

Finally, posting a comprehensive privacy policy shows your commitment to handling user data responsibly, which develops a relationship of trust between your business and consumers.

What Are the Benefits of Having a Privacy Policy on Your Portfolio Website?

Having a privacy policy on your portfolio website is a simple and effective way to build a responsible online presence and can benefit your business by:

Which Privacy Laws Affect Your Portfolio Website?

Some of the privacy laws that may affect your portfolio website include the:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• California Online Privacy Protection Act (CalOPPA)
• Children’s Online Privacy Protection Act (COPPA)
• Colorado Privacy Act (CPA)
• Utah Consumer Privacy Act (UCPA)
• Virginia Consumer Data Protection Act (VCDPA)
• Personal Information Protection and Electronic Documents Act (PIPEDA)

Let’s briefly discuss the implications of these laws and their effect on your portfolio website privacy policy in more detail.

General Data Protection Regulation (GDPR)

If your portfolio services people within the European Union (EU) or European Economic Area (EEA), you might be subject to following the General Data Protection Regulation (GDPR).

Under the GDPR, organizations must have a privacy policy to inform site visitors of the following details:

• What data you collect from website visitors
• How the website collects user data
• The purpose for collecting the data (legal basis)
• How long you’ll retain the data
• How users can opt out of specific data processing activities
• If you share or sell it with third parties
• If you transfer the data internationally

Additionally, the United Kingdom’s (UK) privacy law is nearly identical to the GDPR but accounts for the succession of the UK from the EU.

California Consumer Privacy Act (CCPA)

If you provide your services to people in California, there’s a chance you fall under the threshold of the CCPA and require a CCPA-compliant privacy policy.

The CCPA requires your privacy policy to inform clients of all of the following:

• Their right to know the personal data you collect about them
• The data you have about them
• How you collect and use this data
• Their right to opt out of the sale or sharing of their data
• How they can opt-out

California Online Privacy Protection Act (CalOPPA)

If your website has visitors from California and collects personal data, you must follow the requirements written by CalOPPA.

Under CalOPPA, your privacy notice must contain the following details:

• The privacy policy’s effective date
• Categories of personal information you collect
• Categories of personal information you share with third parties
• Process for reviewing and altering personal information
• How you’ll notify users of any significant privacy policy change

You must also display the privacy policy conspicuously, either by posting it on your website’s homepage or via a link or icon clearly labeled “privacy” in a color that makes it stand out.

Children’s Online Privacy Protection Act (COPPA)

If your portfolio website is marketing a service you provide to kids, for example, teaching kids a musical instrument, then your privacy policy must comply with COPPA.

COPPA provides specific privacy protections for children in the United States and applies to any website that may be accessed by children under 13.

Colorado Privacy Act (CPA)

The Colorado Privacy Act may apply to your portfolio if you offer services to Colorado residents.

Under the CPA, your privacy policy needs all of the following details:

• What personal data you collect
• Why you collect the data
• What categories of data you share with third parties
• The categories of the third parties you share data with

Utah Consumer Privacy Act

On December 31, 2023, Utah’s Consumer Privacy Act enters into action, giving Utah residents the right to know the data a business collects about them through its website.

Under this law, residents of Utah can access the data that a business has collected about them and opt out of certain kinds of data processing.

If you intend to offer your services to residents of Utah, your portfolio website privacy statement should address the following:

• The data you collect
• How you’ll use the data
• How users can access their data that you have collected
• The user’s right to opt out of the processing of their data and data deletion

Virginia Consumer Data Protection Act (VCDPA)

If your services are available to people in Virginia, you might fall under the Virginia Consumer Data Protection Act.

You must include all of the following information in your website portfolio’s privacy policy to meet the VCDPA requirements:

• What data you collect
• Your purposes for processing the data
• Categories of data shared with or sold to third parties
• The categories of the third parties themselves
• An explanation of how consumers can submit requests to follow through on their rights
• A mechanism for appeal decisions related to consumer requests
• A disclosure explaining if you process personal data for targeted advertising

Additionally, your privacy policy must inform consumers of their rights under the VCDPA, including their right to:

• Opt out of data processing
• Access any data you collected
• Delete any data you collected via your website

Personal Information Protection and Electronic Documents Act (PIPEDA)

If you offer services to people residing in Canada, your portfolio website must comply with PIPEDA, the country’s privacy law.

The law requires that you let site visitors know how you collect their data, the type of data you’re collecting, and how they can consent or opt out.

You can include this information in a privacy policy and present it to your users before data collection occurs.

What Should You Include in Your Portfolio Site’s Privacy Policy?

To comply with privacy regulations, your privacy policy for your portfolio website must include specific information, which I’ve covered in detail in the following sections.

Introduction

Start your privacy policy by making a clear, thorough introduction section.

It should include the full name of your company, state who the policy applies to, define all applicable terms, and lead to a table of contents.

The Personal Data You Collect

Your website portfolio’s privacy policy should describe the type of data you collect from your visitors, such as:

• Their names
• Location
• Email addresses
• Social media handles
• Credit card information
• IP addresses.

You can present it in a list or table format for clear understanding.

For example, Jon Morrow’s website privacy policy describes what type of data the site may collect from its visitors in a list format, as shown below.

Why and How You Collect the Data

Your portfolio privacy policy must include your methods of collecting visitors’ data, such as contact forms, tracking cookies, surveys, and mailing lists.

The policy should also explain if you collect personal information automatically or whether it is limited to the information users personally provide.

You should also clearly state why you collect visitors’ data and how you use it.

The reasons might include:

• Providing users with a product or service
• Sending them promotional materials
• Processing orders
• Improving site performance

Ensure that clauses used in your privacy policy address the potential ways you use the collected data and meet any legal obligations you’re subject to.

An excellent example of this clause comes from Justin Welsh’s personal website privacy policy, pictured below.

Children’s Data

You must include a clause in your privacy policy explaining if your portfolio website collects data from known children or not.

If you do collect data from minors, you’re subject to following strict additional laws, like the Children’s Online Privacy Protection Act (COPPA).

Otherwise, use this clause to inform parents and legal guardians about how they can contact you if they believe you’ve accidentally collected information from their child.

State Whether You Share the Data With Third Parties

Disclose in your website portfolio’s privacy policy whether you sell or share visitor data with third parties and the type of data involved.

Remember, one of the primary functions of a privacy policy is to build transparency in the data collection process and to foster trust between data collectors and website users.

If you share users’ data with any third-party applications, such as Google Analytics or Google AdSense, you must clearly state who these third parties are and their data-handling practices.

Failing to inform visitors about this in your privacy policy is unethical and prohibited under several privacy laws.

How Long You Will Retain Visitor Data

Your website portfolio’s privacy policy should clearly explain your data retention policy. Data privacy law requirements often determine this.

For instance, the GDPR requires that you keep visitors’ data only as long as necessary and for the reasons it was initially obtained.

Specify a timeframe within which you’ll delete collected data once it is no longer needed.

How You Store and Protect the Data

Data protection laws also require website owners to protect the data collected from visitors, so include this information in a clause in your portfolio website’s privacy policy.

Use strong security measures to protect the data you collect to ensure it doesn’t fall victim to a data leak or other unauthorized access.

Some good examples of security measures are multi-factor authentications, complex passwords, firewalls, data encryption, and secured access.

The privacy policy on Miles Becker’s website is a good example, as shown in the screenshot.

Your Use of Internet Cookies

Under privacy laws like the GDPR and the CCPA, internet cookies qualify as personal data.

Add a clause to your portfolio website’s policy that explains how and why your site uses cookies and link to an external cookie policy if necessary.

What Rights Your Users Have over Their Data

Include a clause in your portfolio website privacy policy that tells users what rights they have over their data and how they can act on them.

If you’re subject to following multiple laws, make a different section for each one so users can easily find the relevant information.

Updates to Your Privacy Policy

Explain in a clause in your privacy policy how you’ll explain to users about any changes or updates you make to your privacy policy.

You might:

• Send them an email
• Add a last update date to your policy
• Keep an archive of past iterations

How You Handle Data Transfers

Laws like the GDPR and others require you to explain in a clause in your privacy policy if you transfer data internationally.

You’re obligated to only transfer data to locations with the same levels of protection as the laws that apply to you and your users’ data.

Company Contact Information

Add a clause to your portfolio website’s privacy policy that features contact information so users know how to reach you if they have comments, questions, or concerns regarding your policy.

Where To Display Your Portfolio Website’s Privacy Policy

There are several places you can link to your portfolio website’s privacy policy that are easy for users to find.

Website Footer

A great place to put your portfolio website’s privacy policy is in the footer since this is a static part of your site that everyone sees.

It also ensures people can access your privacy policy no matter what page of your portfolio they end up on.

For example, HubSpot places its privacy policy in the website footer, as shown below.

Sign-up Forms

If your portfolio website allows people to sign up and create an account or fill in any website forms, place your privacy policy in these locations.

Typically, data collection occurs wherever a website form appears, so putting your privacy policy here helps you meet the requirements of different data privacy laws.

For example, below shows Klaviyo’s sign-up form with a link to its website privacy policy.

Pop-up Banners

If you use any pop-up banners on your portfolio website to express your use of cookies, this is also a good place to put a link to your privacy policy.

Below, for example, is Gap’s pop-up banner, which contains a link to its privacy policy.

Summary

Portfolio websites often need privacy policies. You might be subject to different data privacy laws, primarily if you collect personal information from your website visitors.

Additionally, users expect to find a privacy policy on your site, even if it’s a basic portfolio showcasing your work.

With so many privacy laws to keep in mind when creating your policy, writing one yourself can be a hassle. Fortunately, our free privacy policy generator and privacy policy template allows you to make a privacy policy for your portfolio website easily.

More about the author

Written by Etienne Cussol CIPP/E, CIPM

Etienne is an Information Privacy professional and compliance analyst for Termly. He has been with us since 2021, managing our own compliance with data protection laws and participating in our marketing researches. His fields of expertise - and interest - include data protection (GDPR, ePrivacy Directive, CCPA), tracking technologies (third-party cookies, fingerprinting), and new forms of privacy management (GPC and the Google Privacy Sandbox). Etienne studied International Economic Affairs at the University of Toulouse, and graduated with a Masters in 2017. More about the author