Privacy Policy Template

Generate a Free Privacy Policy

A website’s privacy policy outlines if and how you collect, use, share, or sell your visitors’ personal information and is required under laws like the General Data Privacy Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Keep reading to learn more about privacy policies, why you need one for your website, see some examples, and download our free privacy policy template.

Table of Contents
  1. What Is a Privacy Policy?
  2. Why You Need a Privacy Policy
  3. Required Clauses in a Website Privacy Policy
  4. Where To Display Your Privacy Policy
  5. Website Privacy Policy Examples
  6. Why Start With a Generic Privacy Policy Template?
  7. Sample Privacy Policy for Website [Full Text and Download]
  8. Privacy Policy FAQ
  9. Summary

What Is a Privacy Policy?

A privacy policy on your website is a legal document informing users about how you collect and handle their personal data, who you share it with, if you sell it, and any other relevant details.

You might also call a privacy policy a:

  • Privacy Agreement
  • Privacy Clause
  • Privacy Notice
  • Privacy Page
  • Privacy Policy Statement

Specific platforms or services may also require a unique privacy policy template. Examples include:

However, a standard privacy policy template will likely satisfy user demands and legal requirements for your website.

Example of a Standard Privacy Policy for a Website

We’ll dive into further details later on in our required privacy policy clauses section, but a simple privacy policy outlines the following:

  • What information is collected
  • Where information is collected from
  • Why information is collected
  • How information is collected (including through cookies and other tracking technologies)
  • Who information is shared with or sold to
  • What rights users have over their data
  • The site’s contact details

Privacy policies should be clear, thorough, and easy for internet users to find on any given website.

Why You Need a Privacy Policy

Almost every business that collects data through a website, mobile app, or desktop app must publish a privacy policy due to one or all of the following:

  1. Data privacy laws
  2. Third-party service requirements
  3. Maintaining trust and transparency between your business and customers

Let’s examine these three requirements in more detail:

Privacy Policies are Required by Law

Privacy laws vary around the globe, and your website or app must abide by the regulations based on the location of your business, your targeted audience, and where you conduct business.

As data collection and processing becomes more ubiquitous across the internet, data privacy laws in the US and around the world set strict requirements for privacy policies.

The following laws impact if and when you legally need a privacy policy page for your website or app:

The General Data Privacy Regulation (GDPR)

The GDPR regulates privacy policy requirements for entities targeting users in the European Union (EU) and the European Economic Area (EEA), regardless of the company’s physical location.

Your business must comply with the GDPR if it targets EU consumers and meets one of the following thresholds:

  • It offers goods or services
  • It monitors online behavior

Chapter 3, Articles 13 and 14 of the law clarify that users have the right to be fully informed about the collection and use of their personal data.

Linking to a generic privacy policy is not enough under the GDPR; you also need freely given consent from users before collecting their personal information. Under the law, personal data refers to any information relating to an identifiable person, either directly or indirectly.

It’s important to note that different privacy laws use unique definitions for personal information, each with slight variations in meaning.

Your business can communicate all relevant data gathering and processing information in compliance with the GDPR and request user consent by publishing a privacy policy on your website.

The penalties for GDPR non-compliance are fines of up to 4% of your annual global turnover or €24 million ($23 million), whatever is highest.

The California Consumer Protection Act (CCPA)

The CCPA regulates privacy policy requirements for businesses targeting users in California, regardless of the company’s physical location.

Your business falls under the CCPA if it meets one of the following thresholds:

  • It generates over $25 million in annual gross revenue
  • It annually buys, receives, sells, or shares the personal information of 50,000 or more consumers (changing to 100,000 under the CPRA)
  • It derives 50% or more of its annual revenue from the sale of personal consumer data

Under the law,  you must inform users about the personal data you collect and how it’s processed.

The text of the CCPA defines personal data similarly to the GDPR but excludes publicly available information, like social media posts.

You must also provide a way for consumers to opt out of the sale of their data.

To comply with the CCPA, you can outline your data practices with our standard privacy policy template and include a conspicuous “Do Not Sell My Personal Information” link.

The penalties for CCPA non-compliance are fines of $2,5000 per violation or $7,500 per intentional violation.

The California Online Privacy Protection Act (CalOPPA)

The CalOPPA was adopted in 2004 and was one of the first data privacy regulations implemented in the United States. It set the standard for the presentation, wording, and implementation of privacy policies.

This law established the definition of personally identifiable information and introduced Do Not Track (DNT) requests for users to toggle data tracking preference settings online.

The penalties for CalOPPA non-compliance are fines of up to $2,500 per violation.

Children’s Online Privacy Protection Act (COPPA)

Any business marketing to children in the United States must follow strict rules and regulations following the Federal Trade Commission’s guidelines.

Under COPPA, federal law requires groups targeting an audience of 13 or younger to provide a comprehensive privacy policy posted on any part of your website or app that collects data from children. Consent from a parent or guardian is also required before data gathering begins.

The penalties for COPPA non-compliance are fines of up to $40,000 per violation.

Personal Information Protection and Electronic Documents Act (PIPEDA)

PIPEDA covers ten fair information privacy practices companies must follow to do business in Canada and applies to all businesses, not just those operating online.

Under the law, organizations must transparently inform the public about data handling practices, and a privacy policy can help meet these requirements.

The penalties for PIPEDA non-compliance are fines of up to $100,000 CAD ($80,000 USD) from federal prosecution.

Other Notable Laws

Depending on where your website is based, who your audience is, and what data you collect, there are various other laws that may apply to you and your privacy policy.

For example, if you send marketing emails or newsletters, you’re subject to comply with the CAN-SPAM Act, which requires a clearly posted privacy policy.

If your website is “significantly engaged” in financial activities, you may be subject to the Federal Trade Commission’s (FTC) Gramm-Leach-Bliley Act, which requires the publication of “clear, conspicuous and accurate statements” regarding information collection and sharing practices.

There are over one hundred privacy laws around the world and new internet laws coming out each year. Creating and maintaining a good privacy policy is essential to legally running your website or business.

Our legal team keeps our comprehensive privacy policy template up to date with ever-evolving data privacy laws.

Privacy Policies are Required by Third-Party Services

Do you use Google Analytics, WordPress plugins, or other third-party services? If so, you’ll need a privacy policy.

Many third-party companies require you to provide consumers with a privacy policy to use their tools and resources, even if your website doesn’t fall under laws like the GDPR or CCPA.

Examples of third-party services that require you to have a privacy policy:

  • Amazon
  • Apple
  • ClickBank
  • Google (AdSense, Ad Words, Analytics, and Play Store)
  • Facebook
  • Twitter Lead Generation

Your privacy policy should clearly state what third parties can access user data and explain how and why the information is shared.

You must also link the third parties’ privacy policies directly from your own privacy policy so your users can read through the other agreements and choose if they consent to how those services handle their data.

Privacy Policies Increase Transparency and Build Trust

Privacy is a primary concern for modern consumers. People want to know if websites are collecting information about them, what that data might be, how it’s getting stored, and what it’s used for.

Here are some eye-opening privacy statistics showcasing the growing demand from consumers for data transparency from companies.

  • 79% of Americans express concern with how companies use their personal data (Pew Research Center)
  • 60% of users say they would spend more money with a brand they trust to handle their information responsibly. (Global Consumer State of Mind Report 2021)
  • 48% of users have stopped buying from a company over privacy concerns. (Tableau)
  • 84% of users are more loyal to companies with strong security controls. (Salesforce)

A clear, precise, and easy-to-understand privacy policy ultimately builds trust between your company and the user. Being transparent helps customers feel secure while visiting your website or using your app.

A privacy policy is essential, even if you don’t collect data from your website visitors. If you do not post one, users might assume you are secretly collecting data without informing them, which could be detrimental to your business.

You can download our free website privacy policy template below to quickly customize a professional and accurate policy for your business.

Required Clauses in a Website Privacy Policy

The clauses required in your website’s privacy policy depend on applicable laws and the type of business you’re conducting. However, some clauses commonly appear in a boilerplate privacy policy.

Let’s look at some of the most common clauses in a basic privacy policy sample:

Last Updated Date, Intro, and Summary

You should introduce your business right at the start of your privacy policy. Take the time to explain who you are, what the privacy policy is for, what it applies to, and define how you’ll refer to the company (“we”,”us”,”our”) and any of your services.

The intro is also a great place to build transparency with your users. We recommend including contact information up front to help answer users’ questions that might come up while reading through your policy.

Take a look at the BBC for a great example of a privacy policy introduction clause that is simple, easy to read, and answers most questions a reader might have, like where to go to view the correct policy if you’re in the UK versus other parts of the world.


If you select the link to view the policy for users outside of the UK, the intro to the BBC privacy Policy changes slightly, but still provides a link back to the other version of the document, see below for an example.


Take a note from the BBC and use links to your advantage to make it easier for users to follow along or find what they’re looking for. You should also summarize the policy using a table of contents listing all clauses your users are about to read through.

Remember, laws and regulations frequently change, so you should expect to make regular updates and changes to your privacy policy.

Your introduction clause should establish how you will inform users about these updates or revisions to your privacy policy agreement. For accuracy and transparency, visibly provide the last updated date on the policy, like the BBC did in the examples above.

What Information You Collect and How

Under the GDPR and CCPA, users have the right to know what data you collect from them and how it gets used, making this a legally necessary clause.

Here are some common examples of information you might collect from users that belong in your privacy policy:

  • Personal data: Names, addresses, email addresses
  • Derivative data: IP addresses, browser types, geolocation
  • Cookie usage: What kinds and who else has access to them
  • Social network data: Login information for social media accounts
  • Mobile data: Mobile device IDs, mobile device manufacturers
  • Third-party data: Any data you might share with or sell to a third-party

We’re once again using the BBC as our privacy policy example. Take a look below to see how they communicate all data they collect from users within the UK.


By using headers in the style of an alphabetical list, the BBC makes it easy for users to find and understand exactly what information they collect, and if that data is collected voluntarily or automatically.

The GDPR created additional guidelines for businesses collecting any sensitive information from users that you must follow if you store and process things like biometric or health data, or information about users’ race, political affiliations, sexual orientation, or philosophical beliefs.

Users can provide the information actively or voluntarily, or websites might collect specific details automatically using cookies or other derivative data.

You must mention both types of data gathering because leaving something out could lead to legal repercussions under laws like the GDPR and the CCPA.

How You Use the Information You Collect

Businesses under specific laws must inform users about how their data gets used, making this a critical clause in your website’s privacy policy. You need to transparently explain what you do with the information you collect.

For example, your business might use it to create a user account, display personalized content based on user interests, conduct research and analysis, or send order confirmations.

Uber’s privacy policy does a great job summarizing how they use all data they collect from riders, order recipients, and drivers and delivery persons by organizing it into tables that can be opened through drop-down tabs.


If you select one of the drop down options, you get all relevant details outlined in an easy-to-read table. For example, we chose ‘To provide our services’, which you can see in the photo below.


Uber’s unique table not only tells users what information they gather about them, but it also expresses why and how they use the data, helping them comply with laws like the GDPR and CCPA.

How You Store and Protect the Information You Collect

Both the CCPA and GDPR have stipulations outlining the responsibilities of businesses to protect user data from cybersecurity breaches. If you’re processing personal data, you must securely store it and inform your users about your practices.

Include a clause about the security measures your company follows to keep consumer data private, like using firewalls or encryption methods.

Below, check out Disney’s privacy policy for a great example of a security clause.


Do You Share Personal Information, and with Whom

Your privacy policy must disclose any sharing of user data with third parties, as required by the GDPR and the CCPA. Both laws give consumers the right to know who has access to their personal information.

You also need to link to any third-parties’ privacy policies within your document, so users can read them and choose if they want to consent to how the other entity plans on using their data.

Below, see how the BBC handles this clause in their GDPR-compliant privacy policy.


Do You Use Cookies or Track Your Users

Cookies are considered personal data under laws like the GDPR and CCPA, and almost every website uses them. If your website uses cookies or other trackers, you’ll need a clause in your privacy policy outlining those details.

Below, see how Uber plainly describes their cookie usage, with relevant links to their cookie policy, directly in their privacy policy page.


To meet the GDPR and the CCPA requirements,  you also need to monitor how your website uses cookies, disclose to visitors what ones you intend to use, and ask for and track user consent separate from your privacy policy.

For more information and tips on ensuring your website or app is legally using cookies, read our guide on cookie compliance.

Opt-out Information

If your business falls under the CCPA, you must provide consumers with a way to opt out of the sale of their data, making this a legally necessary clause for some companies.

You are required to embed a “Do Not Sell My Personal Information” link on your website or app, per the CCPA, so users can easily follow through on their privacy rights and to ensure your business accurately keeps track of such requests.

See how Disney handles opt-out requirements in accordance with the CCPA in their privacy policy below.


Disney houses the California opt out information in a specific section of the website that includes all data privacy rights for California users.

Company Contact Information

It’s typical for a clause including company contact information to appear at the end of your privacy policy, like the following clause posted in the BBC’s privacy agreement.


Include at least your mailing address, customer support email, and phone number so consumers can easily reach you if they have questions or concerns or want to act on their privacy rights.

Additional Clauses

Many businesses require additional clauses in their privacy policies. Read through the following list and make a note of any sections that are relevant to your website.

Transferring Information Internationally

If you transfer data you’ve collected internationally, insert a business transfer clause into your privacy policy. The GDPR limits transferring personal data outside of Europe unless the other country has safeguards or is considered safe.

Data Retention

Some privacy policies have a data retention clause outlining how long the information is kept or stored. According to the GDPR, you should store data only for as long as necessary. But this information can also be included in other clauses of your policy, like how Disney incorporated it into their data security clause pictured above.

Collecting Information from Minors

Collecting information from minors under 13 requires additional regulations in adherence with laws like COPPA. You must include a clause expressing how you use the information you are gathering about children, and you need parent or guardian consent.

Below, see another example privacy policy photo from Disney, this time the clause clearly outlines the data collection protections they put in place to protect children, and provides a link to their COPPA-compliant children’s privacy policy.


Handling Social Media Logins

Websites and apps that use pre-existing social media logins also require an additional clause. In this case, your privacy policy must inform your user what data you share with those third parties, why, and how it gets used.

User Rights Over Their Data

Different laws outline data privacy rights consumers can legally act on, like opting out of the sale of data under the CCPA or opting into different personal data tracking under the GDPR.

Include a clause informing users of the process they can follow to act on their privacy rights.

Do-Not-Track Features and Controls

The GDPR and CCPA grant users the right to request access, change, or delete any data gathered about them.

Add a clause in your transparent privacy policy about DNT features and controls and state how your business responds to this type of request from users.

Special Privacy Rights for California Residents

To simplify CCPA compliance, many companies include a separate clause outlining the specific data privacy rights granted to California residents.

Links to Other Legal Documents

To make it easy on your consumers and to ensure they always have access to all necessary legal agreements, link those other documents within the clauses of your privacy policy.

For example, link to your cookie policy under the Cookies and Other Trackers clause in your privacy agreement.

You can even link to your privacy policy within those other legal documents, like your terms and conditions or disclaimer, this way you ensure your users can always find, access, and read all of your legal policies.

Where To Display Your Privacy Policy

You should display your privacy policy in multiple easy-to-find locations on your website, mobile app, or desktop app to comply with data privacy laws like the CCPA and GDPR.

Below, we cover the most common locations you might choose to display your privacy policy.

Pop-up Banner

Under laws like the GDPR, you need freely given consent from users before data collection begins. You can meet this guideline by linking to your privacy policy in a pop-up banner that appears as soon as users enter your website or app.

Provide a checkbox for users to select if they’ve read and agree to your privacy policy, and include a live link to the agreement. Asking for active user agreement in this way is known as clickwrap consent.

Website Footer

If you look at the footer of any major website, you’re going to find a link to their privacy policy. It’s the most popular place to link to your privacy agreement for a reason.

Your users can always access the links you post in your website footer, no matter what page they end up on, which is important if your company needs to comply with data privacy laws like the CCPA and the GDPR.

Privacy Center

Consider setting up a privacy center on your website or app that houses all relevant legal documents your users need access to, including your privacy policy, to help with compliance under data privacy laws like the GDPR and CCPA.

For tips on how to make one, read through our article covering all you need to know about privacy centers.

Additional Locations for your Privacy Policy

It’s in your best interest to post your privacy policy in multiple locations to ensure your users can always locate it.

You might also link to your policy in the following spots:

  • Checkout page
  • In other legal documents
  • Main menu
  • Sign-up page

Website Privacy Policy Examples

Good privacy policies are simple to read and easy to find on a website or app. Below we’ve gathered some privacy policy examples from larger companies to help inspire you as you work on your legal agreement.

The New York Times Privacy Policy

The New York Times is an excellent example of an easy-to-read, comprehensive, and well-organized privacy policy.

They include a clause explaining guidelines for children, and express that, in compliance with COPPA, their services are not direct to minors nor do they knowingly collect information from anyone under the age of 13.


They even provide an email address so parents or guardians can easily request the deletion of any data accidentally gathered about a minor, which makes addressing privacy concerns much easier for the company and the client.

Apple’s Privacy Policy

Apple also provides a good sample privacy policy to consider. The clause below highlights users’ rights over their data and clearly explains how users can exercise those rights, with convenient links and contact information provided directly in the privacy policy.


Follow Apple’s lead and provide relevant links for your users to follow through on their privacy rights directly within relevant clauses. This will also help you abide by laws like the CCPA and builds trust between your company and your users.

Google Privacy Policy

Google offers a unique privacy policy example that is incredibly easy for users to digest.

How so?

They post short, interesting videos explaining the different clauses in their privacy policy that are all under 60 seconds. Then they expand on the clauses in the text portion of the policy, which is very approachable for users.


When creating a privacy policy, keep your audience in mind. Make sure it’s easy to read and organized in a straightforward way.

While you don’t have to rely on video production, like tech-giant Google, some mindful formatting and design can turn a generic privacy policy from a wall of text into a readily accessible document for your users.

Why Start With a Generic Privacy Policy Template?

If you’re reading this, you’re probably already aware that a privacy policy is a challenging legal document to make from scratch. That’s why we recommend starting with privacy policy samples and templates, which are excellent free resources for business owners like you.

A major benefit to using a privacy policy template instead of writing your own privacy policy from scratch?

Some of the writing is already done for you. We’ve pre-filled our free privacy policy template with the most common clauses, and left plenty of room for you to customize it in whatever way your business needs.

Since you’re here for a privacy policy, you might also need additional legal agreements, like terms and conditions or maybe a cookie policy? We’ve got free templates for those, too.

Anyone can use our free privacy policy template, but it’s also helpful to have a basic understanding of the relevant laws that dictate how your business must communicate your data collection, storing, processing, and sharing practices.

If you leave something out or are inaccurate within your policy, your business could pay the price if it’s found in contention with laws like the CCPA or GDPR.

Luckily, we have another solution if you’re short on time or want more hands-on guidance and support while working on your company’s privacy policy. Meet our Privacy Policy Generator, pictured below.


Pretty nice, right? Our legal team and data privacy experts even provided helpful tips to assist you along the way if you get stuck on any questions, like the one below legally defining personal information.


Now that’s privacy compliance made simple.

If you’re interested in more comprehensive, all-in-one data privacy compliance, check out the various compliance products and payment plans we offer for our full suite of services.

Sample Privacy Policy for Website [Full Text and Download]

You can download our free privacy policy template below in Word Doc, PDF, or Google Doc format. You can also just copy & paste the HTML directly to your website.

Before using it, read through the entire privacy policy template – fill in all of the [brackets], remove any sections that do not apply to your app, and tweak any language as needed.

Website Privacy Policy Template [Text Format]


Last updated [Date]

This privacy notice for [Company Name] (doing business as [Company Short Name]) ("Company," "we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:

  • Visit our website at [Website URL], or any website of ours that links to this privacy notice
  • [Download and use our application(s), such as our mobile application — [Mobile App Name], our Facebook application — [Facebook App Name], or any other application of
Full View

Privacy Policy FAQ

Below, we answer some of the most frequently asked questions we get about privacy policies.

Do I need a privacy policy?

Yes, you most likely need a privacy policy, especially if your website, mobile app, or desktop app collects user information and falls under regional laws like the GDPR or CCPA.

Even if you don’t fall under any legal jurisdictions, consumers today expect to see privacy policies and may only trust your business if one is posted.

What laws require a privacy policy?

Technically, no federal law in America requires a privacy policy besides COPPA, which is for businesses that target children under 13.

But a privacy policy can help you meet the legal requirements of data privacy laws like the CCPA, GDPR, and PIPEDA.

What should my privacy policy include?

The exact details you should include in your privacy policy will depend on what kind of business you conduct and with whom.

That said, most privacy policies include clauses about the information you collect from users, how and why you gather that data, how you use it, any third party you share it with, and what your users’ rights are over their data.

Remember, cookies and other similar forms of data tracking are considered personal data and should also be outlined in your policy.

How often do I need to update my website’s privacy policy?

Under laws like the CCPA, you’re required to update your privacy policy once every 12 months and whenever you make any changes to it, like if you gather new data or use it in a new way.

Per the GDPR, you must also inform your users as soon as you make any changes to the privacy policy so they can choose if they still consent to it.

To make it easier on yourself, have a clause in your privacy policy outlining the process you’ll follow to keep users informed whenever you change or update the agreement.

Can I copy someone else’s privacy policy?

No, do not copy someone else’s privacy policy. Legal documents are copyrighted materials, and plagiarizing someone else’s policy won’t cover the individual needs of your business.

If you’re short on time, consider using our comprehensive Privacy Policy Generator.

Is a free privacy policy template enough for my website?

When filled out accurately, privacy policy templates like ours can be enough for business owners, website owners, and app developers to make a privacy agreement that adheres to relevant privacy regulations.


If you collect personal information from your users, you must publish a privacy policy to comply with global data privacy laws and regulations, including the CCPA, GDPR, and more.

These days, consumers want to know they can trust your business with their personal data. A privacy policy can help build transparency between you and your customers, increasing sales and setting you apart from the competition.

A simple privacy policy typically includes clauses about what data you collect, how it’s stored, who it’s shared with, and what rights the user has over their information. Additional clauses may be necessary depending on what type of business you conduct and where.

Now that you’re ready to get started, download our free sample privacy policy template and tailor it to your business needs.

If you’re looking for a different type of privacy policy template, have a look at our other options to find what you need:

Privacy Policy Description
GDPR Privacy Policy A GDPR-ready privacy policy for any online business.
Mobile App Privacy Policy A privacy policy for apps on the App Store and Google Play.
Ecommerce Privacy Policy A privacy policy built specifically for online eCommerce stores.
Email Marketing Privacy Policy A privacy policy for email newsletters and email marketing.
Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources