If you have a public website or mobile application, you're required to have a dedicated Privacy Policy URL. This is especially true if you are planning to connect your app or website to a third-party platform like Facebook or Instagram.
This article will detail exactly what a Privacy Policy is and why you will need a URL for it.
We'll also touch on the legal requirements that have to be taken into consideration when creating your Privacy Policy and look at some examples of how the end result should look.
But first, let's take it back to basics.
Our Free Privacy Policy Generator helps you create a custom Privacy Policy for your website and mobile app. Just follow these few simple steps and your Privacy Policy will be ready to display in minutes.
- Click on the "Free Privacy Policy Generator" button, located at the top of the website.
- Select where your Privacy Policy will be used:
- Answer a few questions about your business:
- Enter the country and click on the "Next Step" button:
- Continue with building your Privacy Policy while answering on questions from our wizard:
-
Almost done. Now enter your email address where you'd like your new Privacy Policy sent and click on the "Generate" button and you're done.
That's it. Now you can copy and paste your Privacy Policy code into your website, or link to your hosted Privacy Policy.
- 1. What is a Privacy Policy?
- 2. Legal Requirements for Privacy Policies
- 2.1. CalOPPA
- 2.2. GDPR
- 3. 12 Clauses to Put in Your Privacy Policy
- 3.1. Clause 1: The type of information you collect.
- 3.2. Clause 2: How you collect the information.
- 3.3. Clause 3: What you do with the information you collect
- 3.4. Clause 4: Your Cookies policy
- 3.5. Clause 5: Any third party access to collected information
- 3.6. Clause 6: Resolution of disputes
- 3.7. Clause 7: Potential transfer of business
- 3.8. Clause 8: Policy changes
- 3.9. Clause 9: Email marketing and other communications.
- 3.10. Clause 10: Child Online Privacy Protection Act (COPPA) compliance.
- 3.11. Clause 11: Data retention
- 3.12. Clause 12: Contact information
- 4. Privacy Policy URL for Websites
- 5. Privacy Policy URL for Mobile Apps
- 6. Privacy Policy URL for Desktop Apps
What is a Privacy Policy?
A Privacy Policy is a statement or declaration that explicitly details your company policy regarding how you handle user and customer information.
This applies to any information collected from website visitors or customers that could be deemed personal and could potentially be used to identify them as individuals. Personal information includes things like:
- First and last names
- Birthdays
- Email addresses
- Phone numbers
- Credit card information
- Social Security numbers
- Home and/or business addresses
- Sensitive information (regarding an individual's race, ethnicity, religious beliefs, political opinion, sexual orientation or criminal record)
Consumers have a basic right to be given detailed knowledge of the ways a company intends to use any personal data collected from or about them.
While this has the potential to impact their decision to share certain information, the rise in worldwide online data sharing has created a much more dire need for transparency between consumer and company.
In the past, you may have thought that a Privacy Policy was an unnecessary piece of legal jargon that no one actually paid much attention to. While that may have been true, consumers are becoming a lot more protective over their online personal data - and rightly so.
Misuse of consumer personal data can lead to a number of security concerns, such as personal identity theft, banking and financial theft, credit card scams and more. Keeping consumer data safeguarded against risks such as these has become a legal mandate.
Privacy Policies are a great way to protect both your users and your company from any security concerns. They also provide a solid reason for consumers to feel like they can trust your company, which is an essential aspect of online business.
Legal Requirements for Privacy Policies
Privacy Policies are a legal requirement mandated by various laws such as the California Online Privacy Protection Act (CalOPPA) in the USA and the General Data Protection Regulation (GDPR) created by the European Union.
Globally, there is no single legal requirement that protects consumers in every country, but CalOPPA and GDPR have been designed in such a way that they impact businesses and website owners around the world.
CalOPPA
CalOPPA is one of the primary data privacy laws that is applicable in the US. One of its main requirements is a Privacy Policy. CalOPPA will very likely apply to you even if you're located in another state or country. This is because this legislation applies to the collection of data from any resident of the state of California.
CalOPPA applies to everything from websites and Software-as-a-Service (SaaS) applications to mobile applications, Facebook applications and more.
A Privacy Policy written with CalOPPA in mind will cover a few things, such as:
- The kind of personal information you collect from your customers such as contact details to create a user account, shipping addresses if they purchase something, and payment details for processing a purchase.
- Whether you share collected personal information with any other third party like a marketing company, an analytics service, payments processors, or any subsidiaries/affiliates of your company.
- How a user can see the personal information you've collected from them, and how they can edit or delete this information.
- How your company responds to "Do Not Track" requests from browsers.
- The date your Privacy Policy came into effect, and how you intend to inform your users about any updates to it.
You must provide a conspicuous and clearly-labeled link to your Privacy Policy URL.
GDPR
The General Data Protection Regulation (GDPR) went into effect on the 25th of May, 2018. It was created by the European Union in order to better protect its residents when they divulge their personal data online. The GDPR sets a strong standard for data protection.
The GDPR defines "personal information" broadly and applies it to everything from cookie data and IP addresses to names and credit card information. It's applicable across all of the EU, and to your business if you cater to any EU citizens, regardless of where your business is located.
The GDPR protects various types of personal data, such as:
- First and last names
- Shipping addresses
- Email addresses
- Geolocation
- IP addresses
- Biometric data
If you know the GDPR is applicable to you, it's imperative that you tailor your Privacy Policy to cover all its stipulations.
Among other requirements, your Privacy Policy must be:
- Easy to access
- Free to access (with no login requirements)
- Written in a way that's clear, transparent and easy to understand members of the general public
If you decide to take a more hands-on approach and create your Privacy Policy on your own, here are some clauses that you should start with.
12 Clauses to Put in Your Privacy Policy
Ensuring your Privacy Policy covers everything necessary can be pretty tough. Privacy law is relatively complex, and your policy has to take into account a number of things like your business practices, collection methods and expectations of users.
If you don't know where to begin with your policy, check out the below steps to help get you started.
There are roughly 12 clauses that are advisable to include in your Privacy Policy. They're an imperative part of ensuring your policy covers everything necessary.
Clause 1: The type of information you collect.
The purpose of this clause is to make it clear to all users and visitors to your website/mobile app the kind of information they're required to give to your site in order to enjoy the full functions you intend to provide.
Here's how Google breaks down this information in an easy to understand way in its Privacy Policy:
Clause 2: How you collect the information.
This clause details how a user's data will be collected, such as through the user's use of your website/app, or through direct user input. This information can include a wide number of things, from email addresses, phone numbers and passwords, to billing addresses, credit card information and shipping details.
Here's how LogMeIn discloses this information in a clause:
Clause 3: What you do with the information you collect
It might seem like this clause could be included in the second, but it's important to have a separate paragraph to specify the intended purpose behind collection. What's more, it's important to ensure you write it in detail so there can be no misunderstandings about it.
A great example of this is Trello, which breaks down descriptions of the ways they use customer personal information:
Clause 4: Your Cookies policy
If your website uses cookies, you should include a cookies clause. This can be either included within your Privacy Policy (using easy-to-identify headings) or as a separate policy entirely.
Slack includes a link to its separate Cookies Policy in its Privacy Policy, along with a brief overview of how cookies are used.
Clause 5: Any third party access to collected information
It's common to integrate various third party services with your website or app for various purposes like social networking (Facebook, Twitter etc), marketing and advertising, or for data analytics services (like Google Analytics).
PayPal goes into a high level of detail about third-party services in their policy, covering all their bases and ensuring they're fully compliant with legislation.
Clause 6: Resolution of disputes
A dispute resolution clause is written to specify how two parties will handle a dispute that comes up between them. This can include you, as the business owner, and your customers and/or users of your website.
Popular ecommerce store, Etsy, includes a link to their third-party dispute resolution service:
Clause 7: Potential transfer of business
In the event that your business is bought by another entity or merges with a separate company, it's important to let your users know what will happen to any data they've given you in the past.
Here's how Amazon covers this topic in a short, informative clause:
Clause 8: Policy changes
The law is constantly evolving, as is your business, so it's important to maintain your Privacy Policy with any applicable amendments and updates. It's equally important to inform users of such changes when they occur.
Amazon includes the last updated date as well as a link to specifics of what has changed at the very top of its Privacy Notice:
Clause 9: Email marketing and other communications.
Let people know if you'll use their email addresses for communications purposes. Also let people know how they can opt out of this if they want to.
The recipe site, Yummly, includes a paragraph detailing its use of email marketing and communications. The paragraph includes information for opting out of emails.
Clause 10: Child Online Privacy Protection Act (COPPA) compliance.
COPPA is a US law that applies to the data collection of children under 13 years of age. It came into effect in April, 2000, and is a very important clause to include in your policy.
ABCmouse, an online learning website for children, has a highly detailed level of information in its Privacy Policy. This is likely due to the fact that their services are aimed at children, and as such, they are advised and required to be detailed in explaining their privacy policies for children.
Clause 11: Data retention
Another important part of your Privacy Policy is the data retention clause. This clause lets people know about your data retention practices. For example, what happens to user data if a user cancels an account, or does something to make you terminate his account?
Here's how Pipedrive deals with these issues in its Privacy Policy:
Clause 12: Contact information
Letting users know your up-to-date contact details and informing them of who they can get in touch with regarding any questions or issues is a great way to complete your Privacy Policy.
Here, you can see that Facebook has a detailed contact section at the bottom of its Privacy Policy:
Now that you have your Privacy Policy ready to go, where should you display it?
Privacy Policy URL for Websites
There are two ways you can host your website's Privacy Policy URL:
- Through your own website, or
- Through a third-party that hosts it for you
Any publicly accessible site, like Google, Google Docs or GitHub, acts as a suitable third-party for hosting.
There are benefits to doing it this way, but the common school of thought is that it's better to host your policy on your own site. Doing so gives you complete control over it.
Furthermore, you're covering the two most important aspects of hosting a legal agreement online: easy user access and proper association with your company.
Whether you're running a SaaS platform, ecommerce store or simple blogging website, anyone should be able to access and view your policy (and any other legal agreements) without being required to log in or sign up to do so.
You also have to ensure your policy is clearly associated with your company and your website/s. So, when you're drafting your policy, make sure to mention the company name and any affiliated mobile apps and/or product references. That way, even if you do host it on a third-party service, it will be in clear relation to your organization and not the third party.
When it comes to displaying your Privacy Policy link on your website, here are some examples of common locations for placement.
Most website footers showcase links to legal agreements. It's a conspicuous place that's available on every page of the site, and users know to look here for important links.
Even if you include your Privacy Policy URL in your website footer, there are other places you should also include it.
If you run an ecommerce website, you can provide your Privacy Policy to your users sometime during the checkout process. Because you're using personal information such as mailing addresses and financial data, your users may be concerned about your privacy practices during this time.
Provide a URL to your Privacy Policy when you ask to send marketing communications to users. This helps them understand how their email address or phone number will be used and how they can control this by opting out or adjusting communication settings.
The same goes for landing pages where you promote downloadable content, your email newsletter, discounts or other perks that you'll give to users who share personal information with you (usually an email address). Include a link to your Privacy Policy on your landing page.
If you allow users to create accounts on your website that they can log in to, you can add your Privacy Policy URL to the registration form.
You can then also remind your users each time they log in that they're agreeing to your Privacy Policy and provide a link for convenient access.
If your website uses cookies, you can even consider adding your Privacy Policy URL to your Cookies Notice.
Even if your Privacy Policy is always available in your website footer, you should still add it to additional sections of your website such as where you request users to share their personal information with you.
Privacy Policy URL for Mobile Apps
If you've created a website or app that you want to connect to another platform like Facebook, you'll be required to provide a Privacy Policy URL. This is a mandatory requirement for anyone developing an app, so it's important to understand what it entails.
Whether you're building your app for iOS, Android or any of the app store alternatives, if your mobile app collects and stores personal data, you're required to have a Privacy Policy.
Many app stores also won't accept submission of an app if it doesn't come with a Privacy Policy, so if you submit yours without one, you run the risk of it being rejected.
You should always:
- Have your Privacy Policy easily accessible on the profile page of your app on the app store. This way, users can view your policy prior to downloading the app.
- Include a link to the policy within the app. The best place to put it is usually in the Settings or Account areas, and you can easily embed it within the app or simply include a link to the outside URL.
Instagram's Android mobile app listing in the Google Play store shows the Privacy Policy linked within the Developer section:
From within the app itself, users can navigate through an Options menu to find the Data Policy:
Here's how Dropbox displays its Privacy Policy in a dedicated Legal and Privacy menu within the app:
The WeatherBug app takes a slightly different route by displaying its Privacy Policy URL in its main navigation menu:
The recommended places to display your Privacy Policy within your app line up with how to display it on a website in some ways.
For example, you can include your Privacy Policy URL during account sign-up or log-in on your app.
You can also include the URL when a user is about to complete a purchase through your app.
While apps don't have footers like websites do, they still have plenty of places where a Privacy Policy URL can be displayed.
Privacy Policy URL for Desktop Apps
The Privacy Policy for your desktop app will have to cover all the things required by law as if it were a regular website. It should be easily found within the app itself, and also provided to the user before installation can be completed.
Here's how HP provides a link to its Privacy Policy and gets users to agree to it before they can use the HP Easy Start desktop app:
A desktop app by JetBrains displays its User Agreement after installation but before the app can be used. The User Agreement has a link to the Privacy Policy:
After confirming and continuing, users are asked if they'd like to send anonymous usage data to the company. The Privacy Policy is linked here, as well:
After deciding whether to share usage data, users are once again presented with a Privacy Policy link. This time it's on the license activation screen where users have the option to sign up for email tips and marketing emails:
Vivaldi's installation screen presents users with links to the Terms of Service as well as the Privacy Policy that they can review. Users must click a button to show they agree to the terms before being able to complete the installation of the app:
No matter what kind of platform you're presenting your Privacy Policy URL on, remember that the URL needs to be conspicuously placed and easily accessible.
Provide a static way to access the URL at all times through a footer link or menu.
Additionally, add your Privacy Policy URL to areas of your website or app where users may be more concerned about privacy. These areas will usually be where you collect personal information (account registration forms, payment processing, etc.).