Privacy Policy Template

In short

Searching for a privacy policy template? You’re in the right place. This starter template works as a simple privacy policy example, with sample privacy policy options you can adapt to your needs.

Let’s start by answering some frequently asked questions.

In this article

• What is a privacy policy?
• Do I need a privacy policy for website?
• Can I write my own privacy policy for my website?
• What should I put in my standard privacy policy for websites?
• Can I use a simple template?
• Privacy policy FAQs
• Website privacy policy examples
• Download our sample privacy policy template for your website
• Summary in 10 points
• Easily create your privacy policy in minutes

Are you looking for privacy policy templates in different languages?

Our template is also available in:
🇮🇹 Privacy policy template in Italian: Modello di Informativa sulla Privacy
🇩🇪 Privacy policy template in German: Vorlage für Datenschutzerklärung
🇪🇸 Privacy policy template in Spanish: Plantilla de Política de Privacidad
🇫🇷 Privacy policy template in French: Modèle de Politique de Confidentialité

What is a privacy policy?

A privacy policy is a document in which the data owner (the person or entity that runs a website/app) outlines the methods, purposes and in some cases legal justification, of its processing of personal data. Privacy policies should also outline the rights that users have in relation to the processing of their data.

Privacy policies typically include information about:

• the types of data collected,
• how and why it is used,
• with whom it is shared,
• how it is protected, and
• users’ rights over this data.

You have probably seen privacy policy links on most, if not all websites you’ve visited. It is commonly included in the footer so users can access it at all times.

Do I need a privacy policy for website?

No matter if you’re running a small or large website, a web or mobile app, a blog, an e-commerce or a newsletter (just to name a few examples): if you collect personal information from users, you need a privacy policy. It’s required by law and by third-party services you may use.

All that is required to trigger this obligation is the presence of a simple contact form, Google Analytics, a cookie or even a social widget: if you’re processing any kind of personal data, you definitely need one (even IP addresses can be considered personal data!).

Privacy policies are required by law

The most important reason you need a privacy policy is to comply with data privacy laws.

Under the vast majority of legislations, including the GDPR in Europe and most US state laws, if you’re processing personal data, you’re generally required to make disclosures related to your data processing activities via a complete privacy notice.

As a result, this legal document is required by law to inform users and meet disclosure and transparency requirements.

Here is a table with the main laws that may affect you:

🇪🇺🇬🇧 General Data Protection Regulation (GDPR)	This legislation is applicable to businesses that collect user data in Europe. It requires the inclusion of a privacy policy that discloses the methods of collecting, processing, and storing personal data, along with the user’s ability to manage their data.
🇺🇸 California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), and other US state laws	They apply to businesses that collect data from residents of these States. It requires the inclusion of a data privacy policy that mentions the categories of personal information are collected, how it’s used, and with whom it’s shared, among other things.
🇧🇷 Lei Geral de Proteção de Dados (LGPD)	They apply to businesses that collect data from residents of these States. It requires the inclusion of a data privacy policy that mentions the categories of personal information collected, how it’s used, and with whom it’s shared, among other things.

Privacy policies are required by third-party services

A significant number of B2B third-party apps and services require their users and partners to comply with applicable law and have a privacy policy available.

Some examples of third-party services that require you to have a privacy policy page for website or app are:

• Google Analytics (+ AdSense, AdWords)
• Google Play Store
• Apple App Store
• Facebook, X/Twitter Lead Generation
• Amazon
• Click Bank

All these services specifically require privacy policies from everyone with whom they collaborate.

Privacy policies help build transparency and trust

Individuals value their privacy. The multitude of data breaches reported frequently in the media can make anyone feel vulnerable.

As a website owner, you are responsible for your users’ personal data, such as their names, dates of birth, mailing addresses, phone numbers, email addresses, and other identifying information including location data, purchasing habits, educational and medical history, as well as email and message content.

Given how much data companies collect and use, more people are educating themselves about privacy and want to make sure their information is safe. That means paying attention to how privacy-friendly and transparent a company is in its practices.

A good privacy policy does two jobs: it meets a legal obligation and shows your users you care about transparency.

Can I write my own privacy policy for my website?

As privacy policies are essentially legal documents, you probably should not try to write one yourself, unless you’re a legal professional. Privacy policies contain legally mandated disclosures that may vary based on things like:

• where you’re based,
• where your users are based,
• which data you process and why,
• the services you have running on your site,
• the age range of your users,
• the location of the data servers of the services you use, and much more.

Drafting the clauses of a privacy agreement is best handled by professionals. We suggest either hiring a good lawyer or using a professional generator like iubenda, which allows you to customize from over 2000 lawyer-crafted clauses and offers much more than a static privacy policy template. This way, you can still do it yourself, drawing on the expertise of an international legal team.

What should I put in my standard privacy policy for websites?

These are the most basic elements that a standard privacy policy for websites should include:

• Who is the site/app owner?
• What data is being collected? How is that data being collected?
• What is the legal basis for the collection?
• For which specific purposes are the data collected?
• The categories of sources from which you collect consumers’ personal information
• Which third parties will have access to the information?
• Where applicable, details relating to cross-border/overseas data transfer and the measures put into place to facilitate this in a safe and compliant way.
• What rights do users have?
• Description of the process for notifying users and visitors of changes or updates to the privacy policy
• Effective date of the privacy policy

If you’re based in the US and you process medical data, you must also comply with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is a Federal US law that sets standards for protecting health information, and it applies to healthcare providers, insurers, and related entities.

To meet HIPAA requirements, your privacy policy should include details on how you protect personal health information, outline patients’ rights regarding their data, explain how data may be used or shared, and describe the measures in place for data breach responses.

What should a privacy policy page look like?

Use simple language and avoid complicated terms to create a clear and easy-to-understand privacy policy page. Good privacy policy page design means keeping the document scannable: use headings, short paragraphs, and a summary or FAQ section to help users grasp the content easily.

iubenda’s simplified and user-friendly view allows you to do just that. Check the full document here.

Can I use a simple template?

The truth is that the topic of privacy regulations is a rather complex thing. Therefore, a generic privacy policy template has to take various things into account like where you are based and what you are actually doing on your website that is privacy relevant. A simple privacy policy example can help you understand what’s needed, but a template won’t automatically update when laws change.

If you are doing most of the work for your website, you are the one who knows best about your practices. You know if you’re using Google Analytics, Mailchimp, a contact form, Facebook Like buttons or making use of any other practice that involves the personal data of your visitors/users. In this case, a well-structured privacy policy template could be a good starting point.

Mostly however what you don’t know, even if you’ve had very advanced legal schooling, is how to write a legally viable privacy policy. That is what you pay a good lawyer for, who usually has to work out all of the details for your site before they can start applying their very own framework/process for creating a policy for you.

A privacy policy template usually contains only the most basic clauses and information, which are usually not enough for building a compliant document that reflects all your privacy practices.

Let’s get it out there: hiring a specialized lawyer for your privacy policies, Terms of Service and other legal documents is the safest way for legal compliance: they will examine your site and situation, work out the legal issues, and hopefully create a good policy for you. There’s no question however, that you will have to invest considerable time and money.

Fortunately, other tools help you with this job without breaking the bank.

Let’s compare the main differences between the two approaches

Aspect	Custom privacy policy for website	Generic privacy policy template
Customizing	Fully customized to your website’s specific data practices.	Limited customization.
Legal compliance	Ensures full compliance with applicable data protection laws.	May not fully comply with all specific legal requirements.
Specific practices	Includes detailed information on your unique data collection, use, and sharing.	Lacks details on specific data handling practices unique to your site.
Cost	More affordable with the use of a privacy policy generator, though may vary based on complexity.	Lower or free.
Time and effort	Reduced time and effort with a generator, privacy policy generators for website are usually designed to be user-friendly.	Less time and effort required initially, but as the generic privacy policy template is free, malfunctions and support can delay the process.
Risk of legal issues	Significantly reduced, as it is specifically designed to meet legal requirements.	Higher, due to potential inaccuracies and omissions.
Credibility with users	Enhances, as it shows commitment to data protection.	May reduce, as it may appear less trustworthy to users.

Privacy policy FAQs

Is it illegal to copy a privacy policy?

Although it may be alluring to directly replicate a privacy policy from another site, we strongly advise against doing so.

Legally, your privacy policy disclosures must legitimately apply to your specific situation, processing activities and the particular laws that apply to you. Duplicating content will likely result in an illegitimate document.

Simply copying another website’s privacy policy without making the necessary modifications to reflect your own practices may not comply with applicable laws and regulations. Your business likely has different data processing practices, legal requirements, and third-party relationships, so it’s crucial to tailor the privacy policy to your own specific circumstances.

It is more prudent to seek legal advice or use a professional privacy policy generator in order to create a professional privacy policy tailored to your own site.

How do you write a simple privacy policy?

To write a simple privacy policy, you need to start by thoroughly understanding the personal data your website collects, how it is collected, and its purposes. This foundational step ensures your policy accurately reflects your practices.

Next, research the data protection laws applicable to your website, considering your location and your users’ locations, as these dictate privacy policy requirements.

Finally, organize your simple privacy policy in a clear, logical structure, with distinct sections so users can navigate and find information easily. Make sure to use plain, understandable language, avoiding legal jargon as much as possible. The goal is to make your policy understandable to all users, regardless of their legal expertise.

Where do I display my privacy policy?

It’s advisable to ensure that your privacy policy can be readily accessed on every page of your website. A good approach would be to incorporate a link in the footer , guaranteeing constant visibility and accessibility.
Be sure to include a privacy policy link wherever you ask for personal information. This applies to various scenarios, including email newsletter or account sign-up forms, contact forms, and payment checkout pages.
When it comes to mobile apps, you should follow the same principle by including the link in a menu section like “About” or “Legal.” Additionally, make sure to add this link to any other parts of your app where personal information is requested.

How often do I need to update my privacy policy?

It’s important to ensure that your privacy policy still accurately reflects your current data processing operations to properly inform users, in a transparent way.

Technically, you would need to update it anytime there is a change in your privacy practices and data collection activities. This can be:

• collecting personal information in a different or new way,
• collecting new types of personal information that you didn’t used to collect,
• having a new purpose for using personal data,
• using a new technology or service on your website that collects personal data,
• sharing personal information with a new third party,
• changing how long you retain personal information.

Website privacy policy examples

Looking for a privacy policy example for your website? Below you’ll find real-world examples of how businesses present their privacy policies using iubenda.

3bmeteo employs user-customizable privacy and cookie policies, allowing users to extensively personalize various sections.

Bestway uses our direct text embedding for their privacy policy.

BPER banca uses only the embedding of the dynamic clauses. Instead, their legal team writes the general section.

Download our sample privacy policy template for your website

Our privacy policy template for website use is just an example, and the legal text is customized to generic data processes and laws. Remember that privacy policies are legal documents. It is mandatory that they contain truthful information, or you could be putting yourself at risk. They need to be tailored specifically to align with your business and website. The sample privacy policy for website template we provide below serves as a solid foundation to familiarize yourself with the privacy disclosures generally mandated by legislation such as GDPR, CCPA/CPRA, and beyond. Your best option yet, however, would be to use a privacy policy generator. You can try ours for free (14-day money-back guarantee).

How to use the template

• Download the template: get our free privacy policy template in Word doc or PDF format, or copy and paste the HTML directly into your website.
• Fill in site and contact details: before publishing, fill in all [brackets] with your site info and contact details.
• Customize data collection: the template addresses Google Fonts, Google Analytics, and a contact form. For other services, add and customize data collection info.
• Address legal obligations: the template includes provisions for GDPR, as well as laws relevant to the US, Brazil, and Switzerland. Customize it according to your location and your users’ locations to meet legal requirements.

Privacy policy template (HTML text)

Below you’ll find our free privacy policy HTML template, ready to copy and paste directly into your website.

<h1>Privacy Policy of <strong>[</strong><a href="http://www.testsite.com/"><strong>www.testsite.com</strong></a><strong>]</strong></h1>
<p>Last updated: [date]</p>
<p>We are [Company Name]. This privacy policy outlines how we collect, use, and protect your personal information when you use our services.</p>
<p>You can contact us at [email address].</p>

<h2>Table of contents</h2>
<ul>
<li>Introduction</li>
<li>Contact information</li>
<li>Types of data collected</li>
<li>Mode and place of processing personal data</li>
<li>Detailed information on the processing of personal data</li>
<li>Further information</li>
<li>Your rights based on the General Data Protection Regulation (GDPR)</li>
<li>Further information if you reside in Switzerland</li>
<li>Further information if you reside in Brazil</li>
<li>Further information if you reside in California</li>
<li>Further information if you reside in a US state with data privacy laws</li>
<li>Additional information about data collection and processing</li>
<li>Definitions and legal references</li>
</ul>

<h2>Introduction</h2>
<p><strong>What is this policy about?</strong> This document explains how this website collects, uses, and protects your personal data to achieve the purposes outlined in this document.</p>
<p><strong>What is personal data?</strong> Personal data refers to information that can be used to identify you directly or indirectly. This includes details such as first name, last name, email address, tracking technologies (like cookies or tracking pixels), user activity, and device information. You can find detailed information on each type of personal data collected in dedicated sections of this privacy policy or in text shown before data is collected.</p>

<h2>Contact information</h2>
<p><strong>Address:</strong>
[Street Address]
[City, State ZIP Code]
[Country]</p>
<p><strong>Email:</strong> [email address]</p>
<p><strong>Phone:</strong> [phone number]</p>

<h2>Types of data collected</h2>
<p>The types of personal data that this website collects, by itself or through third parties, may include:</p>
<ul>
<li>first name,</li>
<li>last name,</li>
<li>email address,</li>
<li>Trackers,</li>
<li>Usage data.</li>
</ul>
<p>Complete details on each type of personal data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the data collection. Personal data may be freely provided by you, or, in case of Usage data, collected automatically when using this website. Unless specified otherwise, all data requested by this website is mandatory and failure to provide this data may make it impossible for this website to provide its services.</p>
<p>Any use of cookies or of other tracking tools by this website or by the owners of third-party services used by this website serves the purpose of providing the service required by you, in addition to any other purposes described in the present document.</p>
<p>You are responsible for any third-party personal data obtained, published or shared through this website.</p>

<h2>Mode and place of processing personal data</h2>
<p><strong>Methods of processing</strong>
We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the data. The data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. The data may also be accessible to external parties appointed, if necessary, as data processors by us. The updated list of these parties may be requested from us at any time using the contact details provided in this document.</p>
<p><strong>Place</strong>
The data is processed at our operating offices and in any other places where the parties involved in the processing are located. Depending on your location, data transfers may involve transferring your data to a country other than your own.</p>
<p><strong>Retention time</strong>
Unless specified otherwise in this document, personal data shall be processed and stored for as long as required by the purpose they have been collected for and may be retained for longer due to applicable legal obligation or based on your consent.</p>

<h2>Detailed information on the processing of personal data</h2>
<p>Your personal data is collected to allow us to provide our service, comply with our legal obligations, respond to enforcement requests, protect our rights and interests (or yours or those of third parties), detect any malicious or fraudulent activity, as well as the purposes set out below.</p>
<p><em><strong>Note:</strong> The services listed below are examples of common data processors. You must add a clause for every third-party service you use that collects personal data — including analytics tools, advertising networks, payment providers, and embedded content. Remove any examples that do not apply to your website.</em></p>

<h3>Analytics</h3>
<p>The services contained in this section enable us to monitor and analyze web traffic and can be used to keep track of your behavior.</p>
<h4>Google Analytics (Universal Analytics) (Google LLC)</h4>
<p>Google Analytics (Universal Analytics) is a web analysis service provided by Google LLC ("Google"). Google utilizes the data collected to track and examine the use of this website, to prepare reports on its activities and share them with other Google services. Google may use the data collected to contextualize and personalize the ads of its own advertising network. To understand Google's use of data, consult Google's <a href="https://policies.google.com/technologies/partner-sites">partner policy</a> and their <a href="https://business.safety.google/privacy/">Business data page</a>.</p>
<p><strong>Personal data processed:</strong> Trackers; Usage data
<strong>Place of processing:</strong> United States
<strong>Privacy policy:</strong> <a href="https://business.safety.google/privacy/">https://business.safety.google/privacy/</a>
<strong>Opt-out link:</strong> <a href="https://tools.google.com/dlpage/gaoptout">https://tools.google.com/dlpage/gaoptout</a></p>
<p>Category of personal information collected according to the CCPA: internet or other electronic network activity information. This processing constitutes a sale according to the CCPA, VCDPA, CPA, CTDPA and UCPA.</p>

<h3>Displaying content from external platforms</h3>
<p>This type of service allows you to view content hosted on external platforms directly from the pages of this website and interact with them.</p>
<h4>Google Fonts (Google LLC)</h4>
<p>Google Fonts is a typeface visualization service provided by Google LLC that allows this website to incorporate content of this kind on its pages. To understand Google's use of data, consult Google's <a href="https://policies.google.com/technologies/partner-sites">partner policy</a> and their <a href="https://business.safety.google/privacy/">Business data page</a>.</p>
<p><strong>Personal data processed:</strong> Trackers; Usage data
<strong>Place of processing:</strong> United States
<strong>Privacy policy:</strong> <a href="https://business.safety.google/privacy/">https://business.safety.google/privacy/</a>
<strong>Opt-out link:</strong> <a href="https://tools.google.com/dlpage/gaoptout">https://tools.google.com/dlpage/gaoptout</a></p>
<p>Category of personal information collected according to the CCPA: internet or other electronic network activity information.</p>

<h3>Contacting you</h3>
<h4>Contact form (this website)</h4>
<p>By filling in the contact form with your data, you authorize this website to use these details to reply to your requests for information, quotes or any other kind of request as indicated by the form's header.</p>
<p>Personal data processed: email address; first name; last name</p>
<p>Category of personal information collected according to the CCPA: identifiers. This processing constitutes: a sale according to the CCPA, VCDPA, CPA, CTDPA and UCPA.</p>

<h2>Further information</h2>
<p><strong>Legal basis of processing</strong></p>
<ul>
<li>We may process personal data relating to you if you have given your consent or for one or more specific purposes: provision of data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof,</li>
<li>processing is necessary for compliance with a legal obligation to which we are subject,</li>
<li>processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us,</li>
<li>processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.</li>
</ul>
<p>In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.</p>
<p><strong>How long we keep your information</strong></p>
<p>When we collect your personal information, we keep it for as long as required for the purposes we collected for. Sometimes, we might need to keep your personal information longer due to a legal obligation or based on your consent. We will keep your personal information based on the purposes and reasons set out below:</p>
<ul>
<li><strong>for contractual purposes:</strong> if we have concluded a contract with you, then we'll keep your information until the contract has been performed in full.</li>
<li><strong>for our legitimate interests:</strong> if we're using your personal information for purposes necessary and relevant to our business operations, we'll keep it as long as we need it for those purposes.</li>
<li><strong>with your consent:</strong> we may retain personal data for a longer period whenever you have given consent to such processing, unless you withdraw your consent.</li>
<li><strong>legal obligations:</strong> we may be obliged to retain personal data for a longer period whenever required to fulfill a legal obligation or upon order of an authority.</li>
</ul>
<p>Once the retention period expires, your personal data will be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.</p>

<h2>Your rights based on the General Data Protection Regulation (GDPR)</h2>
<p>You may exercise certain rights regarding your data processed by us. In particular, you have the right to do the following, to the extent permitted by law:</p>
<ul>
<li><strong>Withdraw your consent at any time.</strong> You have the right to withdraw consent where you have previously given your consent to the processing of your personal data.</li>
<li><strong>Object to processing of your data.</strong> You have the right to object to the processing of your data if the processing is carried out on a legal basis other than consent. If your personal data is being processed for direct marketing purposes, you can object at any time, free of charge and without any reason.</li>
<li><strong>Access your data.</strong> You have the right to learn if data is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the data undergoing processing.</li>
<li><strong>Verify and seek rectification.</strong> You have the right to verify the accuracy of your data and ask for it to be updated or corrected.</li>
<li><strong>Restrict the processing of your data.</strong> You have the right to restrict the processing of your data. In this case, we will not process your data for any purpose other than storing it.</li>
<li><strong>Have your personal data deleted or otherwise removed.</strong> You have the right to obtain the erasure of your data from us.</li>
<li><strong>Receive your data and have it transferred to another controller.</strong> You have the right to receive your data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance.</li>
<li><strong>Lodge a complaint.</strong> You have the right to bring a claim before your competent data protection authority.</li>
</ul>
<h3>How to exercise these rights</h3>
<p>Any requests to exercise your rights can be directed to us using the contact details provided at the start of this document. Such requests are free of charge and will be answered by us as early as possible, providing you with the information required by law.</p>
<p><em><strong>Note:</strong> If you have users in the EU or EEA, the General Data Protection Regulation (GDPR) applies to your business. The section above covers the core rights you must include. For a complete GDPR-specific privacy policy template with all required disclosures, see our <a href="https://www.iubenda.com/en/blog/gdpr-privacy-policy-template/">GDPR privacy policy template</a>.</em></p>

<h2>Further information if you reside in Switzerland</h2>
<p><em><strong>Note:</strong> If you have users in Switzerland, the Swiss Federal Act on Data Protection (FADP) requires additional disclosures. Add a dedicated section covering: the right to access personal data, the right to object to processing, the right to data portability, and the right to request correction of inaccurate data. You can contact us at any time using the contact details provided at the start of this document to exercise these rights.</em></p>

<h2>Further information if you reside in Brazil</h2>
<p><em><strong>Note:</strong> If you have users in Brazil, the Lei Geral de Proteção de Dados Pessoais (LGPD) applies. Add a section covering: the legal bases for processing, your Brazilian privacy rights (access, rectification, deletion, portability, and the right to revoke consent), and how users can file a request with the ANPD. You can contact us at any time using the contact details at the start of this document.</em></p>

<h2>Further information if you reside in California</h2>
<p>This section applies to all consumers residing in California, United States of America, according to the California Consumer Privacy Act of 2018 (the "CCPA"), as updated by the California Privacy Rights Act (the "CPRA") and subsequent regulations. For such consumers, this section supersedes any other possibly divergent or conflicting information contained in the privacy policy. This part of the document uses the term "personal information" as defined in the CCPA/CPRA.</p>
<h3>Categories of personal information that we collect</h3>
<ul>
<li>We have collected the following categories of personal information about you: identifiers, and internet or other electronic network activity information.</li>
<li>We do not collect sensitive personal information.</li>
<li>We will not collect additional categories of personal information without notifying you.</li>
</ul>
<h3>How we use your personal information</h3>
<p>We may use your personal information to allow the operational functioning of this website and features thereof, for commercial purposes, and for complying with the law. We won't process your information for unexpected purposes, or for purposes incompatible with the purposes originally disclosed, without your consent.</p>
<h3>Sale or sharing of your personal information</h3>
<p>We sell or share your personal information with third parties listed in the "Detailed information on the processing of personal data" section. You have the right to opt out of the sale or sharing of your personal information at any time by contacting us using the details provided at the start of this document, or via the privacy choices link on this website. If you want to submit opt-out requests via a Global Privacy Control (GPC) signal, we will abide by such request. Once you have opted out, we are required to wait at least 12 months before asking whether you have changed your mind.</p>
<h3>Your privacy rights under the CCPA/CPRA and how to exercise them</h3>
<ul>
<li><strong>The right to know:</strong> request that we disclose the categories and specific pieces of personal information we have collected, the sources, the purposes, and the third parties with whom we share it.</li>
<li><strong>The right to delete:</strong> request that we delete your personal information, subject to legal exceptions.</li>
<li><strong>The right to correct:</strong> request that we correct inaccurate personal information we maintain about you.</li>
<li><strong>The right to opt out:</strong> opt out of the sale or sharing of your personal information and limit the use of your sensitive personal information.</li>
<li><strong>The right to non-discrimination:</strong> we will not discriminate against you for exercising any of your rights under the CCPA.</li>
</ul>
<p>To exercise these rights, submit a verifiable request to us via the contact details at the start of this document. We will confirm receipt within 10 days and respond within 45 days (up to 90 days if needed). We do not charge a fee unless your request is manifestly unfounded or excessive.</p>
<p><em><strong>Note:</strong> For a dedicated CCPA-specific template with all required disclosures, see our <a href="https://www.iubenda.com/en/blog/ccpa-privacy-policy-template/">CCPA privacy policy template</a>.</em></p>

<h2>Further information if you reside in a US state with data privacy laws</h2>
<p><em><strong>Note:</strong> Several US states have enacted data privacy laws with requirements similar to the CCPA. If you have users in states such as Virginia, Colorado, Connecticut, or Utah, add a dedicated section for each applicable state. Each section should cover: the categories of personal data you collect, the purposes of processing, your data sale and sharing practices, users' rights to access, correct, delete, and opt out of data sales, and how to submit a request. Contact details at the start of this document apply for all requests.</em></p>

<h2>Additional information about data collection and processing</h2>
<p><strong>Legal action</strong>
Your personal data may be used for legal purposes by us in Court or in the stages leading to possible legal action arising from improper use of this website or the related services. You declare to be aware that we may be required to reveal personal data upon request of public authorities.</p>
<p><strong>System logs and maintenance</strong>
For operation and maintenance purposes, this website and any third-party services may collect files that record interaction with this website (System logs) or use other personal data (such as the IP Address) for this purpose.</p>
<p><strong>Changes to this privacy policy</strong>
We reserve the right to make changes to this privacy policy at any time by notifying you on this page and possibly within this website and/or — as far as technically and legally feasible — sending a notice to you via any contact information available to us. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. Should the changes affect processing activities performed based on your consent, we shall collect new consent from you, where required.</p>

<h2>Definitions and legal references</h2>
<p><strong>Personal data (or data)</strong>
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person (in other words, you).</p>
<p><strong>Usage data</strong>
Usage data is information automatically collected through this website or third-party services, including your IP address, browser type, operating system, time and method of requests, response status, visit duration, page sequence, and device-specific details.</p>
<p><strong>This website</strong>
The means by which your personal data is collected and processed.</p>
<p><strong>European Union (or EU)</strong>
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.</p>
<p><strong>Cookie</strong>
Cookies are trackers consisting of small sets of data stored in your browser.</p>
<p><strong>Tracker</strong>
Tracker indicates any technology — e.g. cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting — that enables the tracking of you, for example by accessing or storing information on your device.</p>
<p><strong>Legal information</strong>
This privacy statement has been prepared based on provisions of multiple legislations. This privacy policy relates solely to this website, if not stated otherwise within this document.</p>

Privacy policy template (Word DOCX)

Privacy policy template (PDF)

Small business owner? You probably have a website or an e-commerce site where you sell or showcase your products or services. Remember that, according to the main international privacy laws, you need a privacy notice.

Based in the UK? If you are based in the UK or target users in the UK, you need to comply with the UK General Data Protection Regulation (UK GDPR). The privacy policy template provided here is suitable for UK GDPR compliance, but you must tailor it to reflect your website’s data practices. Although the UK GDPR shares many similarities with the EU GDPR, it is a distinct legal framework following Brexit. If you are targeting users both in the UK and the EU, your privacy policy should clearly reference compliance with both regulations where applicable.

Summary in 10 points

1. A privacy policy is a document that outlines how a website or app collects and processes user data. It includes information about the types of data collected, how it is used, shared, protected, and users’ rights over their data. For a concrete privacy policy example, see the template and real-world examples further down in this article.
2. Privacy policies are essential to comply with privacy laws such as the GDPR in Europe and various state laws in the US, to ensure disclosure and transparency of your data processing activities. Non-compliance can result in fines or reputational damage.
3. Third-party services, like Google Analytics, require their users to post a privacy policy on their website.
4. We strongly advise against copying another website’s privacy policy as it may not reflect your own practices.
5. Be extra cautious when using a website privacy policy template; it likely fails to adequately cover all your data activities or include specific legally-mandated clauses.
6. Use a professional privacy policy generator or seek legal advice to create your own tailored privacy policy.
7. Basic elements of a privacy statement for website include contact info, data collection details, purposes, third-parties, user rights, and notification of changes.
8. A privacy policy should be easily accessible on every page of a website, typically through a link in the footer.
9. The document should be updated whenever there are changes in the law or in your privacy practices, e.g., you now use a new data analytics service.
10. Choose a quick, easy, but professional way to create your custom privacy policy ⬇️