« go to the main website

iubenda blog

iubenda's blog, privacy policy generator for websites and apps

Posted on by Simon Schmid


A little earlier we've announced the integration with an image processing service called Cloudinary. Now I'm happy to let you know our integration with an affiliate tool called Referral Candy. This means you can now easily browse the collection of services/clauses within iubenda and find & add Referral Candy to your privacy policies.


What is Referral Candy?

Referral Candy helps you acquiring new customers & increase sales with a referral program. You'll use it to amplify Word-of-mouth, increase sales and have richer customer insights. The set up is very flexible and lets you completely integrate it with your app, or test some campaigns manually.

Why include a privacy policy for Referral Candy?

Referral Candy collects the e-mail addresses of users, aggregates information on what pages consumers access or visit, and information volunteered by the consumer (such as survey information and/or site registrations). They also collect the total invoice amount and timestamp for purchases made by customers of retailers on their service. 

The data collection happening is something that should be disclosed and go into a privacy policy.

By using iubenda for your site this becomes as easy as choosing the Referral Candy clause and adding it to your privacy policy. Let us help you with it.


Generate Privacy Policy for Referral Candy

Posted on by Simon Schmid | Posted in Category

Leave a comment

Posted on by Simon Schmid


We've recently integrated Cloudinary with our privacy policy generator. This means you can now easily browse our ever growing collection of services/clauses and find & use Cloudinary in your privacy policies.

This is how you add a Cloudinary clause to your privacy policy

What is Cloudinary?

Cloudinary makes image management in the cloud simple. They can be used for web and mobile applications. Some of the features include: 

  • Upload images to a cloud-based storage
  • Tons of image manipulations & effects
  • PDFs, sprites, watermarks, social profile pictures
  • Fast CDN delivery for better user experience
  • Powerful dashboard, media library and reports
  • Comprehensive image management APIs

Why include a privacy policy for Cloudinary?

Using Cloudinary you may be uploading content to the service that includes personal information. The data collection happening is therefore something that should be disclosed and go into a privacy policy.

Cloudinary has a paragraph for your privacy compliant behaviour in their terms

You represent that your disclosure of privacy practices to Authorized Users will cover the Service's use of personal information pursuant to the Service's privacy policy, located at http://cloudinary.com/privacy.

By using iubenda for your site this becomes as easy as choosing the Cloudinary clause and adding it to your privacy policy. Let us help you with it.


Generate Privacy Policy for Cloudinary

Posted on by Simon Schmid | Posted in Category | Tagged , ,

Leave a comment

Posted on by Simon Schmid

Last year we've written about the so called Internet Sweep Day which was a coordinated audit by 19 members of the GPEN (Global Privacy Enforcement Networt) looking at over 2000 popular sites and applications worldwide.

Between the May 12 and 18 the GPEN went ahead with organizing an international privacy sweep, specifically targeted at mobile applications, this time around involving 27 data protection authorities around the world.

The communicated issues to be examined before the sweep were as follows:

Sweep participants will be looking at the types of permissions an app is seeking, whether those permissions exceed what would be expected based on the app’s functionality, and most importantly from a transparency perspective, how the app explains to consumers why it wants the personal information and what it will do with it.

Participating authorities will look at some of the most popular apps or apps that are of particular interest in their country or region. For example, some authorities plan to focus on health-related apps or apps developed by public sector organizations.

A little later in the year we plan to take a look at some of the reactions from the sweep. This should help form an understanding of which elements are being closely looked at and therefore should be closely looked at by you. 

Some of the interesting results will be found in Australia, UK, Spain, New Zealand, Mexico, Italy, Ireland, France, Germany and Canada.



Posted on by Simon Schmid | Posted in Category

Leave a comment

Posted on by Simon Schmid

Ever since the Do Not Track amendments have been passed and have become effective on January, 1st, the world website and app owners have wondered how they could best comply with the changes.

The amendment added two new requirements to Californias so called CALOPPA:

  1. the operator’s response to a browser DNT signal or to “other mechanisms,” and
  2. the possible presence of other parties conducting online tracking on the operator’s site or service.

Now the Attorney General's office of California has released another guide for website owners and developers (yes mobile app owners as well). This time the guides covers the Do Not Track requirement and how to make sure you comply with it.

You can read and download the Do Not Track guide "Making your Privacy Practices Public" here.

The key takeaways of the guide can be summarized like this:

  • Prominently label the section of your policy regarding online tracking, for example: “California Do Not Track Disclosures.”
  • Describe how you respond to a browser’s Do Not Track signal or similar mechanisms within your privacy policy instead of providing a link to another website.
  • If third parties are or may be collecting personally identifiable information, say so in your privacy policy.
  • Explain your uses of personally identifiable information beyond what is necessary for fulfilling a customer transaction or for the basic functionality of the website or app.
  • Describe what personally identifiable information you collect from users, how you use it and how long you retain it.
  • Describe the choices a consumer has regarding the collection, use and sharing of his or her personal information.
  • Use plain, straightforward language that avoids legal jargon and use a format that makes the policy readable, such as a layered format. Use graphics or icons instead of text.

As you can see only the first two takeaways are about Do Not Track itself.  That's because the underlying goal is quite simple. Tell your visitors what Do Not Track does on your site, or what it doesn't.

I'm pasting in the larger recommendations regarding Do Not Track in their entirety for you below:

Make it easy to find the Do Not Track section of your policy.

Clearly identify the section in which you describe your specific policy regarding online tracking or how you respond to consumers’ DNT signals. Use a header, for example “How We Respond to Do Not Track Signals,” “Online Tracking” or “California Do Not Track Disclosures.”

Describe how you respond to a browser’s DNT signal or to another such mechanism.

Describing your response in your privacy policy statement is preferable to simply providing a link to a related “program or protocol” (hereinafter referred to as a “program”) because it provides greater transparency to consumers.


If you decide not to describe your response to a DNT signal or to another mechanism, provide a clear and conspicuous link in your privacy policy statement to a program that offers consumers a choice about online tracking.

In our policies we have a statement that per default assumes that you do not honor or react to Do Not Track requests.

Generate a privacy policy with iubenda

Posted on by Simon Schmid | Posted in Category

Leave a comment

Posted on by Simon Schmid

We’ve just made our referral system much more valuable to our existing users. By referring future users and customers to iubenda, you can now earn 30% of the price they pay. This includes their next purchase, but it also includes purchases they make in the future.

To offer a better incentive to your friends, you can brush off 10% of our usual price.

Instead of the standard $27 for the first year, they will pay $24.30. You will get over $7 for that purchase.

It’s also very simple. You’ll find a link in your dashboard’s “Love and Rewards” tab. Share it and profit.


By visiting your sharing page you will find a couple of pre-crafted sharing possibilities. Instead of these options you can also simply copy paste the provided link and share it with whoever you like.


Here are some facts about the referral system:

What is the referral reward?

It’s a cash reward that gives the user 30% of the friend's referred purchase. The user can receive the reward through PayPal, donate it to a charity of their choice, or send cash (via PayPal) to the person he/she referred.

What purchases count toward a reward?

A friend's first purchase and all of that friend's subsequent purchases. Those purchases have no minimum price attached to it.

How many referred purchases does it take to get a reward?

Each time a user brings in one referred purchase. No cumulation necessary.

Where can I get that referral link again?


P.S. please note that by visiting that tab you’ll automatically enroll with Referral Candy, who handles the referrals and sends email reminders about your personal campaign.

Posted on by Simon Schmid | Posted in Category

Leave a comment

Posted on by Simon Schmid

With this post I'd like to highlight some of the changes that we've applied to the way policies can be embedded into websites.

So far you had 3 options:


  1. Embedding code: this is the default way of using iubenda's privacy policy. The code gives you a button/link that you can add in your site's footer. The policy will open in a modal window.
  2. Direct link: the direct link gives you a link to your privacy policy. People will read your privacy policy on iubenda.com/yourpolicy.
  3. Direct text embedding: this is the option that allows you to directly embed the text of the policy into a page on your site. Therefore it will look like the policy has been directly integrated into your site. This policy can also be styled via CSS, but a lot of iubenda's original style comes with it.

What's new with the integration options from today on?

No-styling embedding options

Now there are two additional easy ways to embed the generated policy into your pages with no styling. It's still located in the "Direct text embedding" tab:

  • Embed via Javascript with no styling attached;
  • Embed via an API call with no styling attached;

For it to work like this and strip all of the styling altogether, make sure to have the "Use plain HTML" option checked at the bottom.

Some other things we’ve been working on:

  • https:// vs http:// the right protocol for your website is now automatically chosen
  • for staying up to date you can now choose from a list of over 210 integrated services
  • we have started heavily custom-crafting terms of service in Europe/USA/Australia

If you want more details about the embedding part, head over to our help section.

Posted on by Simon Schmid | Posted in Category

Leave a comment