If you have a public website or mobile application, you're required to have a dedicated Privacy Policy URL. This is especially true if you are planning to connect your app or website to a third-party platform like Facebook or Instagram.

This article will detail exactly what a Privacy Policy is and why you will need a URL for it.

We'll also touch on the legal requirements that have to be taken into consideration when creating your Privacy Policy and look at some examples of how the end result should look.

But first, let's take it back to basics.


What is a Privacy Policy?

What is a Privacy Policy?

A Privacy Policy is a statement or declaration that explicitly details your company policy regarding how you handle user and customer information.

This applies to any information collected from website visitors or customers that could be deemed personal and could potentially be used to identify them as individuals. Personal information includes things like:

  • First and last names
  • Birthdays
  • Email addresses
  • Phone numbers
  • Credit card information
  • Social Security numbers
  • Home and/or business addresses
  • Sensitive information (regarding an individual's race, ethnicity, religious beliefs, political opinion, sexual orientation or criminal record)

Consumers have a basic right to be given detailed knowledge of the ways a company intends to use any personal data collected from or about them.

While this has the potential to impact their decision to share certain information, the rise in worldwide online data sharing has created a much more dire need for transparency between consumer and company.

In the past, you may have thought that a Privacy Policy was an unnecessary piece of legal jargon that no one actually paid much attention to. While that may have been true, consumers are becoming a lot more protective over their online personal data - and rightly so.

Misuse of consumer personal data can lead to a number of security concerns, such as personal identity theft, banking and financial theft, credit card scams and more. Keeping consumer data safeguarded against risks such as these has become a legal mandate.

Privacy Policies are a great way to protect both your users and your company from any security concerns. They also provide a solid reason for consumers to feel like they can trust your company, which is an essential aspect of online business.

Legal Requirements for Privacy Policies

Privacy Policies are a legal requirement mandated by various laws such as the California Online Privacy Protection Act (CalOPPA) in the USA and the General Data Protection Regulation (GDPR) created by the European Union.

Globally, there is no single legal requirement that protects consumers in every country, but CalOPPA and GDPR have been designed in such a way that they impact businesses and website owners around the world.

CalOPPA

Flag of US

CalOPPA is one of the primary data privacy laws that is applicable in the US. One of its main requirements is a Privacy Policy. CalOPPA will very likely apply to you even if you're located in another state or country. This is because this legislation applies to the collection of data from any resident of the state of California.

CalOPPA applies to everything from websites and Software-as-a-Service (SaaS) applications to mobile applications, Facebook applications and more.

A Privacy Policy written with CalOPPA in mind will cover a few things, such as:

  • The kind of personal information you collect from your customers such as contact details to create a user account, shipping addresses if they purchase something, and payment details for processing a purchase.
  • Whether you share collected personal information with any other third party like a marketing company, an analytics service, payments processors, or any subsidiaries/affiliates of your company.
  • How a user can see the personal information you've collected from them, and how they can edit or delete this information.
  • How your company responds to "Do Not Track" requests from browsers.
  • The date your Privacy Policy came into effect, and how you intend to inform your users about any updates to it.

You must provide a conspicuous and clearly-labeled link to your Privacy Policy URL.

GDPR

Flag of EU

The General Data Protection Regulation (GDPR) went into effect on the 25th of May, 2018. It was created by the European Union in order to better protect its residents when they divulge their personal data online. The GDPR sets a strong standard for data protection.

The GDPR defines "personal information" broadly and applies it to everything from cookie data and IP addresses to names and credit card information. It's applicable across all of the EU, and to your business if you cater to any EU citizens, regardless of where your business is located.

The GDPR protects various types of personal data, such as:

  • First and last names
  • Shipping addresses
  • Email addresses
  • Geolocation
  • IP addresses
  • Biometric data

If you know the GDPR is applicable to you, it's imperative that you tailor your Privacy Policy to cover all its stipulations.

Among other requirements, your Privacy Policy must be:

  • Easy to access
  • Free to access (with no login requirements)
  • Written in a way that's clear, transparent and easy to understand members of the general public

How to Create a Privacy Policy

FreePrivacyPolicy: Privacy Policy Generator - Steps How to Create Privacy Policy

Our Free Privacy Policy Generator helps you create a custom Privacy Policy for your website and mobile app. Just follow these few simple steps and your Privacy Policy will be ready to display in minutes.

  1. Click on the "Free Privacy Policy Generator" button, located at the top of the website.
  2. Select where your Privacy Policy will be used:
  3. FreePrivacyPolicy: Privacy Policy Generator - Select platforms where your Privacy Policy will be used - Step 1

  4. Answer a few questions about your business:
  5. FreePrivacyPolicy: Privacy Policy Generator - Answer a few questions about your business - Step 2

  6. Enter the country and click on the "Next Step" button:
  7. FreePrivacyPolicy: Privacy Policy Generator - Enter the country - Step 2

  8. Continue with building your Privacy Policy while answering on questions from our wizard:
  9. FreePrivacyPolicy: Privacy Policy Generator -  Answer on questions from our wizard - Step 3

  10. Almost done. Now enter your email address where you'd like your new Privacy Policy sent and click on the "Generate" button and you're done.

    FreePrivacyPolicy: Privacy Policy Generator - Enter your email address - Step 4

    That's it. Now you can copy and paste your Privacy Policy code into your website, or link to your hosted Privacy Policy.

If you decide to take a more hands-on approach and create your Privacy Policy on your own, here are some clauses that you should start with.

12 Clauses to Put in Your Privacy Policy

12 Clauses to Put in Your Privacy Policy

Ensuring your Privacy Policy covers everything necessary can be pretty tough. Privacy law is relatively complex, and your policy has to take into account a number of things like your business practices, collection methods and expectations of users.

If you don't know where to begin with your policy, check out the below steps to help get you started.

There are roughly 12 clauses that are advisable to include in your Privacy Policy. They're an imperative part of ensuring your policy covers everything necessary.

Clause 1: The type of information you collect.

The purpose of this clause is to make it clear to all users and visitors to your website/mobile app the kind of information they're required to give to your site in order to enjoy the full functions you intend to provide.

Here's how Google breaks down this information in an easy to understand way in its Privacy Policy:

Google Privacy Policy: Information Google Collects clause with linked keywords to click for pop-up explanations

Clause 2: How you collect the information.

This clause details how a user's data will be collected, such as through the user's use of your website/app, or through direct user input. This information can include a wide number of things, from email addresses, phone numbers and passwords, to billing addresses, credit card information and shipping details.

Here's how LogMeIn discloses this information in a clause:

LogMeIn Privacy Policy page: Information We Collect and Receive clause

Clause 3: What you do with the information you collect

It might seem like this clause could be included in the second, but it's important to have a separate paragraph to specify the intended purpose behind collection. What's more, it's important to ensure you write it in detail so there can be no misunderstandings about it.

A great example of this is Trello, which breaks down descriptions of the ways they use customer personal information:

Trello Privacy Policy: How we use information we collect clause excerpt

Clause 4: Your Cookies policy

If your website uses cookies, you should include a cookies clause. This can be either included within your Privacy Policy (using easy-to-identify headings) or as a separate policy entirely.

Slack includes a link to its separate Cookies Policy in its Privacy Policy, along with a brief overview of how cookies are used.

Slack Privacy Policy: Cookie clause with link to cookie policy

Clause 5: Any third party access to collected information

It's common to integrate various third party services with your website or app for various purposes like social networking (Facebook, Twitter etc), marketing and advertising, or for data analytics services (like Google Analytics).

PayPal goes into a high level of detail about third-party services in their policy, covering all their bases and ensuring they're fully compliant with legislation.

PayPal Privacy Policy: Do We Share Personal Data clause

Clause 6: Resolution of disputes

A dispute resolution clause is written to specify how two parties will handle a dispute that comes up between them. This can include you, as the business owner, and your customers and/or users of your website.

Popular ecommerce store, Etsy, includes a link to their third-party dispute resolution service:

Etsy Privacy Policy: Dispute resolution clause with link

Clause 7: Potential transfer of business

In the event that your business is bought by another entity or merges with a separate company, it's important to let your users know what will happen to any data they've given you in the past.

Here's how Amazon covers this topic in a short, informative clause:

Amazon Privacy Policy page: Business Transfers clause

Clause 8: Policy changes

The law is constantly evolving, as is your business, so it's important to maintain your Privacy Policy with any applicable amendments and updates. It's equally important to inform users of such changes when they occur.

Amazon includes the last updated date as well as a link to specifics of what has changed at the very top of its Privacy Notice:

Amazon Privacy Notice: Last updated date with link to what has changed

Clause 9: Email marketing and other communications.

Let people know if you'll use their email addresses for communications purposes. Also let people know how they can opt out of this if they want to.

The recipe site, Yummly, includes a paragraph detailing its use of email marketing and communications. The paragraph includes information for opting out of emails.

Privacy Policy of Yummly: Newsletter contact clause

Clause 10: Child Online Privacy Protection Act (COPPA) compliance.

COPPA is a US law that applies to the data collection of children under 13 years of age. It came into effect in April, 2000, and is a very important clause to include in your policy.

ABCmouse, an online learning website for children, has a highly detailed level of information in its Privacy Policy. This is likely due to the fact that their services are aimed at children, and as such, they are advised and required to be detailed in explaining their privacy policies for children.

ABCMouse Privacy Policy: Table of Contents

Clause 11: Data retention

Another important part of your Privacy Policy is the data retention clause. This clause lets people know about your data retention practices. For example, what happens to user data if a user cancels an account, or does something to make you terminate his account?

Here's how Pipedrive deals with these issues in its Privacy Policy:

Pipedrive Privacy Policy: Data Retention clause - Updated

Clause 12: Contact information

Letting users know your up-to-date contact details and informing them of who they can get in touch with regarding any questions or issues is a great way to complete your Privacy Policy.

Here, you can see that Facebook has a detailed contact section at the bottom of its Privacy Policy:

Facebook Privacy Policy: Contact Information clause

Now that you have your Privacy Policy ready to go, where should you display it?

Privacy Policy URL for Websites

Privacy Policy URL for Websites

There are two ways you can host your website's Privacy Policy URL:

  • Through your own website, or
  • Through a third-party that hosts it for you

Any publicly accessible site, like Google, Google Docs or GitHub, acts as a suitable third-party for hosting.

There are benefits to doing it this way, but the common school of thought is that it's better to host your policy on your own site. Doing so gives you complete control over it.

Furthermore, you're covering the two most important aspects of hosting a legal agreement online: easy user access and proper association with your company.

Whether you're running a SaaS platform, ecommerce store or simple blogging website, anyone should be able to access and view your policy (and any other legal agreements) without being required to log in or sign up to do so.

You also have to ensure your policy is clearly associated with your company and your website/s. So, when you're drafting your policy, make sure to mention the company name and any affiliated mobile apps and/or product references. That way, even if you do host it on a third-party service, it will be in clear relation to your organization and not the third party.

When it comes to displaying your Privacy Policy link on your website, here are some examples of common locations for placement.

Most website footers showcase links to legal agreements. It's a conspicuous place that's available on every page of the site, and users know to look here for important links.

Screenshot of Snapchat website footer with legal agreement links

Even if you include your Privacy Policy URL in your website footer, there are other places you should also include it.

If you run an ecommerce website, you can provide your Privacy Policy to your users sometime during the checkout process. Because you’re using personal information such as mailing addresses and financial data, your users may be concerned about your privacy practices during this time.

HostGator checkout now page with checkbox for legal agreements

Provide a URL to your Privacy Policy when you ask to send marketing communications to users. This helps them understand how their email address or phone number will be used and how they can control this by opting out or adjusting communication settings.

NS Tech email sign-up form with clickwrap for consent and a Privacy Policy link

The same goes for landing pages where you promote downloadable content, your email newsletter, discounts or other perks that you'll give to users who share personal information with you (usually an email address). Include a link to your Privacy Policy on your landing page.

If you allow users to create accounts on your website that they can log in to, you can add your Privacy Policy URL to the registration form.

Nordstrom Create Account form

You can then also remind your users each time they log in that they’re agreeing to your Privacy Policy and provide a link for convenient access.

Nordstrom Sign In form

If your website uses cookies, you can even consider adding your Privacy Policy URL to your Cookies Notice.

Hellermanntyton Cookies banner with Privacy Statement link

Even if your Privacy Policy is always available in your website footer, you should still add it to additional sections of your website such as where you request users to share their personal information with you.

Privacy Policy URL for Mobile Apps

Privacy Policy URL for Mobile Apps

If you've created a website or app that you want to connect to another platform like Facebook, you'll be required to provide a Privacy Policy URL. This is a mandatory requirement for anyone developing an app, so it's important to understand what it entails.

Whether you're building your app for iOS, Android or any of the app store alternatives, if your mobile app collects and stores personal data, you're required to have a Privacy Policy.

Many app stores also won't accept submission of an app if it doesn't come with a Privacy Policy, so if you submit yours without one, you run the risk of it being rejected.

You should always:

  1. Have your Privacy Policy easily accessible on the profile page of your app on the app store. This way, users can view your policy prior to downloading the app.
  2. Include a link to the policy within the app. The best place to put it is usually in the Settings or Account areas, and you can easily embed it within the app or simply include a link to the outside URL.

Instagram's Android mobile app listing in the Google Play store shows the Privacy Policy linked within the Developer section:

Instagram Android app Google Play homepage: Additional Information section

From within the app itself, users can navigate through an Options menu to find the Data Policy:

Instagram app's Options screen

Here's how Dropbox displays its Privacy Policy in a dedicated Legal and Privacy menu within the app:

Dropbox Android app menu for Legal and Privacy links

The WeatherBug app takes a slightly different route by displaying its Privacy Policy URL in its main navigation menu:

Screenshot of WeatherBug mobile app menu

The recommended places to display your Privacy Policy within your app line up with how to display it on a website in some ways.

For example, you can include your Privacy Policy URL during account sign-up or log-in on your app.

Screenshot of edX mobile app sign-in page with Privacy Policy link highlighted

You can also include the URL when a user is about to complete a purchase through your app.

Chewy ecommerce app checkout screen showing legal agreement links

While apps don't have footers like websites do, they still have plenty of places where a Privacy Policy URL can be displayed.

Privacy Policy URL for Desktop Apps

Privacy Policy URL for Desktop Apps

The Privacy Policy for your desktop app will have to cover all the things required by law as if it were a regular website. It should be easily found within the app itself, and also provided to the user before installation can be completed.

Here's how HP provides a link to its Privacy Policy and gets users to agree to it before they can use the HP Easy Start desktop app:

HP Easy Start installation screen with EULA and Privacy Statement and checkbox

A desktop app by JetBrains displays its User Agreement after installation but before the app can be used. The User Agreement has a link to the Privacy Policy:

IntelliJ IDEA User Agreement with JetBrains Privacy Policy link

After confirming and continuing, users are asked if they'd like to send anonymous usage data to the company. The Privacy Policy is linked here, as well:

IntelliJ IDEA app set-up: Data Sharing consent screen

After deciding whether to share usage data, users are once again presented with a Privacy Policy link. This time it's on the license activation screen where users have the option to sign up for email tips and marketing emails:

IntelliJ IDEA app set-up: License Activation and email newsletter sign-up screen

Vivaldi's installation screen presents users with links to the Terms of Service as well as the Privacy Policy that they can review. Users must click a button to show they agree to the terms before being able to complete the installation of the app:

Vivaldi Accept and Install screen with Privacy Policy link

No matter what kind of platform you're presenting your Privacy Policy URL on, remember that the URL needs to be conspicuously placed and easily accessible.

Provide a static way to access the URL at all times through a footer link or menu.

Additionally, add your Privacy Policy URL to areas of your website or app where users may be more concerned about privacy. These areas will usually be where you collect personal information (account registration forms, payment processing, etc.).