Privacy policies are one of the most overlooked aspects of most websites. If you stop to look around most of the popular sites you visit, you’ll find they all have unique privacy policies (though the specific page’s traffic is usually low). Even so, these documents are important if you want your website to comply with local and international regulations.
More importantly, you don’t need to be a lawyer to add a thorough privacy policy to your website. In this article, we’ll talk more about why privacy policies are significant and we’ll teach you about some essential clauses. Then we’ll introduce you to three tools you can use to help you create a privacy policy for your website.
Let’s talk privacy!
What Privacy Policies Are (And Why They’re Important)
Privacy policies can look intimidating, but you should always read them when possible.
Privacy policies are legal documents informing users what you do with their data. For example, if you collect email addresses, names, and birthdays during the user signup process, you need to tell users what happens with their information. For example, some websites might use it for internal purposes only (such as customer profiling). Others might sell the information to third-party services, in which case consent is necessary.
As you’ll be aware, privacy policies are usually skipped over by the majority of visitors. However, there are several benefits to adding one to your website:
- Some countries require privacy policies as part of the law. Some local and international regulations, such as the California Online Privacy Protection Act (CalOPPA) and the European Union General Data Protection Regulation (GDPR) require you to outline what you do with user information.
- Certain third-party services require it. For example, Google Analytics requires your privacy policy to mention its use, as well as declare the kinds of data you’re tracking.
- Transparency is always a good policy. A clear privacy policy signals you take the job of protecting user information seriously.
Although some countries don’t require the use of a privacy policy, you can still be held liable under international law for not following regulations. If you have European Union (EU) users, for example, you need to comply with the GDPR. Given the chances of getting fined for non-compliance, adding a privacy policy to your website is simple – and it’s a smart business move.
Ideally, you’d enlist the help of a lawyer to help you draft your privacy policy. However, that’s not a practical option for the vast majority of site owners. Knowing this, a lot of online services have sprung up to help fledgling websites craft basic privacy policies to cover their bases. However, before discussing them, let’s look at what your privacy policy should contain.
3 Clauses Your Website’s Privacy Policy Should Include
These three clauses won’t, in most cases, be enough to craft a well-rounded privacy policy. Think of them only as the basics that any such document should include. We encourage you to do further research into other critical clauses.
The next section will explore some tools to generate full privacy policies with little input from your end. Even then, it’s essential you have a working understanding of what their basics are.
1. How and What Type of Information You Collect
This clause is the bread and butter of privacy policies. It details the exact information you collect, and how. To recall our earlier example, you can get email addresses and names directly from signup forms. However, there is also data you can obtain without the user knowing. For example, Google Analytics tracks the user’s preferred web browser, which needs to be mentioned.
Ideally, visitors would take a look at this clause and decide if they’re comfortable using your services, but more pertinently, it covers your bases legally. Here’s an excerpt from a common privacy policy, discussing what type of information we collect and how we do it:
Personally Identifiable Information refers to information that tells us specifically who you are, such as your name, email address, or phone number. Downloading information or logging in may allow the Company to “recognize” you to allow us to personalize our service for you.
This first section discusses what we consider to be personal information, as opposed to anonymous data we might collect. It also mentions we may use the information to personalize your user experience. In our case, logging in is only necessary to download products you may have purchased, so it’s not obligatory.
2. What You Do With the Information You Collect
Plenty of websites engaged in the practice of selling or sharing user data. Other services use this to personalize content and ads, among other elements. Other potential applications include using the information to enforce terms of use, improving your website’s services, and more.
Regardless of the application, this clause is critical because although users may consent to share personal data, they might not be happy with how you decide to use it. Here’s a short paragraph from our privacy policy outlining our general use of private information:
For our Clients, we use personal information mainly to provide the Services and contact our Clients regarding account activities, new version and product offerings, or other communications relevant to the Services. We do not sell or share any personally identifiable or other information of End Users to any third parties, except, of course, to the applicable Client whose website you are using.
For example, if your ZenMSP service is about to expire, we send you an email reminder. In this case, we’re using your personal information to provide an update.
In any case, if you’re not comfortable with the way a website uses your information, the GDPR outlines the ‘right to be forgotten‘. This means sites are bound by law to delete your information if you ask them to cancel your account, for example.
3. Your Use of Cookies
Cookies are files on your computer that contain personal settings for specific websites. The term itself supposedly comes from ‘magic cookies’, which are a type of token used by UNIX-based Operating Systems (OS).
In any case, websites use cookies to track what you do within them. For example, cookies enable you to stay logged in even if you leave the website (although there are limitations). According to the European Union’s Cookie Law and new ePrivacy Regulation, sites need to inform visitors about their use of cookies and provide an option to disable them. Here’s an excerpt from a privacy policy’s section on cookies:
We use cookies, tracking pixels and related technologies on our website. Cookies are small data files that are served by our platform and stored on your device. Our site uses cookies dropped by us or third parties for a variety of purposes including to operate and personalize the website. Also, cookies may also be used to track how you use the site to target ads to you on other websites.
The above explains how cookies are used and what they are. Later on in the policy, we would also discuss how you can opt out of using cookies, including those served by third-party services on our website (such as Google and MailChimp).
3 of the Best Privacy Policy Generation Services to Consider
Although we fully recommend the services we include in this section, you should always review the language of any privacy policy you generate with any of them, just to be safe. Let’s take a look at the options.
1. iubenda
iubenda is an online website privacy policy generator that stands out thanks to its ease of use. It uses modules to help you pick the exact clauses your privacy policy should include, and adjust their terms depending on which services you use. For example, if you’re part of the Amazon Associates program, you can add the necessary language to your policy with a single click.
Key Features:
- Uses simple module system to build a comprehensive privacy policy.
- Lets you customize your policy using your company’s information.
- Enables you add necessary clauses for several popular third-party services, including Amazon Associates and Google Analytics.
- Provides automatic updates to your policy based on any new regulations.
Price: Free and paid plans available | More Information
2. TermsFeed
TermsFeed enables you to generate basic privacy policies in minutes, and customize them using your site’s information. Each time you want to create a new policy, the service will walk you through a questionnaire to help you determine the clauses you need. When the process is over, you’ll receive your new policy via email in seconds. The platform also offers you the option of updating your policies automatically as laws change.
Key Features:
- Enables you to generate custom privacy policies using a simple questionnaire.
- Lets you adjust your policy to comply with national and international laws.
- Provides automatic policy updates whenever the law changes.
Price: Free and paid plans available | More Information
3. Shopify’s Privacy Policy Generator
Shopify’s Privacy Policy Generator is a bit more narrow in scope than the other tools we’ve discussed. Its clauses are tailored for Shopify websites specifically. However, you can generate one of their policies in seconds and use it to check out essential clauses regarding how to deal with payment information.
Key Features:
- Lets you generate a privacy policy for your Shopify store.
- Enables you to outline how you deal with customer payment information.
- Gives you the ability to customize your privacy policy based on your store and its location.
Price: Free, but you need a Shopify subscription to get the most out of it | More Information
How to Create a Website Privacy Policy Using iubenda
For this portion of the piece, we’ll use iubenda given its ease of use and reasonable pricing structure. To get started, go to the service’s home page and click on the GENERATE YOUR POLICY button to the top right of the page. On the next window, enter your website’s URL and click the blue button:
The service will ask you to register a free account or log in using Facebook. Either way, when you’re in, you’ll see an option to add any services your website uses to your privacy policy:
Clicking on the button will show you a list of clauses you can add:
As you include more services, they’ll be added to your privacy policy automatically. You can preview it at any time by clicking on the Preview widget to the right of your dashboard:
When you’re done adding services, click on the Next button at the bottom of the page. You’ll now need to enter your company’s name and address, then click on Next again:
On the final screen, you’ll find options to embed your policy into your website:
That’s it! If you’ve included all aspect of how you collect data, your privacy policy will be good to go. Do remember to give it a full read before publishing it, though!
Conclusion
Website privacy policies don’t get the spotlight they deserve. However, they’re essential elements of any website that takes data protection regulations seriously. On top of enabling you to keep your operations above board, privacy policies also outline how your site handles personal information, which should help put visitors’ minds at ease.
If you don’t know where to start when it comes to creating a website privacy policy, here are three online generators that are easy to use and feature-packed:
- iubenda: A module-based privacy policy generator that supports dozens of third-party services.
- TermsFeed: This simple service enables you to create a basic policy through a questionnaire.
- Shopify’s Privacy Policy Generator: This generator is tailor-made for Shopify stores.
If you still need help, then feel free to contact me.
