If you're running an online business through a WordPress site, you need to post a Privacy Policy to your site.

Wordpress is one of the most popular content management systems available. Chances are that if you're not actually using it, you will still have had some experience with it. But are you fully aware of the Privacy Policy requirements involved?

This article will discuss the ins and outs of a Privacy Policy, the legalities involved according to different laws, and how you can make sure your company's WordPress site is compliant with them.


Most business owners are aware that having an online presence is one of the most vital aspects of running a business these days. However, getting started with a website or ecommerce store can be daunting.

If you're new to the online world, WordPress can be a great place to start. It's easy to use, and you don't need to have an IT department or extensive HTML experience in order to create a successful site. You simply need an internet connection and some imagination. This lack of difficulty is one reason WordPress is so popular.

Screenshot illustrating WordPress Features

WordPress is self-hosted, so there's no need to take on additional costs for hosting platforms. It also carries fewer setup costs. Maintenance is also inexpensive, especially in comparison to other CMS options.

It's also highly customizable. The flexible framework allows users, designers and developers to create an enormous variety of layouts and applications that can be tailored to their exact website needs.

Users are able to choose from over 55,000 different WordPress plugins, or they can create their own. A plugin is a piece of software that can be uploaded to a WordPress theme in order to enhance the functionality of just about any aspect of a WordPress site.

If you've got a very niche business, being able to create your own plugin can be endlessly beneficial in giving your site a boost in supporting your unique selling points.

Search tool for WordPress plugins

The popularity of WordPress means there's plenty of user support and customer service available. They provide different avenues for you to contact them for assistance, so any issues are normally dealt with in a very timely manner.

It's also browser-based, so you can access your site through any computer. This level of control is one of the most compelling reasons to use WordPress.

Though WordPress does a lot of the work for you, there are things you need to be aware of as a business owner and website operator. The includes the importance of having a Privacy Policy.

The Purpose of a Privacy Policy

A Privacy Policy is a key aspect of any online business. It's an important statement that discloses the kinds of personal information collected from site visitors and customers, what is done with it, who it is shared with, and much more.

When we use the term personal information, we are referring to a number of different things. Generally speaking:

  • First and last names
  • Billing/shipping addresses
  • Email addresses
  • Phone numbers
  • Social Security information
  • Credit card or other payment details
  • IP addresses

Handling this kind of information correctly should be a priority of any business - whether you're online or not. And even if you're not an ecommerce or commercial business, it's highly likely that you still retain personal information somewhere on your site such as for email sign-up or site registration.

If you require users to sign up for an account, request contact details for marketing and communication purposes, or use analytics tracking on your site (like Google Analytics), then the need for a Privacy Policy extends to you.

Privacy Policy Laws

If you run a website or mobile app, you're required by law to post a Privacy Policy if your website/app collects or uses personal information.

Two main laws apply to the inclusion of Privacy Policies on websites: the California Online Privacy Protection Act (CalOPPA), and the General Data Protection Regulation (GDPR) of the European Union (EU).

CalOPPA Privacy Policy Requirements

CalOPPA Privacy Policy Requirements

CalOPPA is a state law that was implemented in California in 2004. It aims to better protect consumers in the handing over of their personal information to businesses, and the business owners themselves.

Even though it's a California state law, CalOPPA applies to websites across the world. This is because it relates directly to the residents of California, and any website that caters to them.

So, if your company intends to provide products and/or services to residents of California, you're required to fulfill the stipulations of CalOPPA law regardless of where you're located.

The main requirement for CalOPPA is the inclusion of a conspicuous hyperlink to an up-to-date Privacy Policy on the homepage.

In order to be compliant with CalOPPA, the Privacy Policy must include several clauses.

These are:

  • Whether any third party services will be privy to the personal information from website users, and the reason behind this
  • A clear, concise response to a user's "Do Not Track" request
  • The date the Privacy Policy came into effect
  • How the website operator intends to inform users of any changes to the policy
  • How users can see, edit or delete any of the personal information collected by the website
  • A thorough description of the type of personal information being collected
  • The style and purpose of collecting such information

Ensuring all of these are included in your policy is the best way to avoid any legal repercussions regarding the collection of personal information from your users.

GDPR Privacy Policy Requirements

GDPR Privacy Policy Requirements

The General Data Protection Regulation has been created by the European Union with an aim to set a higher standard of consumer rights regarding the data of online users.

Similar to CalOPPA, the GDPR applies to you if you cater to citizens of the EU regardless of where you're actually located.

Your Privacy Policy must include all of the relevant information mentioned in the CalOPPA section. It must be written in a way that's easy to understand and read. The more you disclose about your specific privacy practices, the more likely you will be compliant with the GDPR.

If your WordPress website collects personal information and you have any visitors from the EU, look more into the GDPR to make sure you're operating compliantly.

Including a Privacy Policy on your WordPress Site

Including a Privacy Policy on your WordPress Site

Determining whether you're required to include a Privacy Policy within your WordPress site is simple. The deciding factor behind this is not the fact that you are choosing to use WordPress, but whether your website will be collecting personal information from visitors.

If your website will be collecting personal information from visitors, then you are required to include a Privacy Policy on your site, regardless of whether you're using WordPress or not.

Some of the different ways you might collect user data on your WordPress site are:

  • Names and email addresses for email or other sign-up
  • Google Analytics tracking
  • Social media plugins
  • Google Adsense and other advertising programs

If you collect any information that could potentially identify a user, you will need to have a Privacy Policy.

Here's an example of a subscription sign up form that collects personal information. Having something like this on your site will lead you to need a Privacy Policy because your users will be handing over personal information - their first name and email address.

Neil Patel sign-up form for email subscriptions with I Agree checkboxes

Having a Privacy Policy on your WordPress site is a smart business move. It establishes your brand as a trustworthy, authoritative source, and can cover you in any instance of potential legal issues that could arise.

Post a conspicuous hyperlink somewhere on your site that directs users to your Privacy Policy. Usually, such a link is placed at the bottom of your homepage so it is easy to find for any user.

Here's how Etsy does it:

Etsy footer with links: 2018

In the case of Edible Blossoms, a UK ecommerce site, the Privacy Policy link is placed in the website header.

Edible Blossoms: Privacy Policy link in header

Trendy Resumes includes its Privacy Policy in the footer of its WordPress theme as well. However, it goes one step further and includes a badge that shows the site is protected by the Digital Millennium Copyright Act (DMCA).

Trendy Resumes website footer with Privacy Policy link and DMCA badge

Having a Privacy Policy for your WordPress site may be required by law, and will be a welcomed addition to help gain visitor trust. After you have your policy written, make sure to display it on your website in a conspicuous way.

How to Create a Privacy Policy

FreePrivacyPolicy: Privacy Policy Generator - Steps How to Create Privacy Policy

Our Privacy Policy Generator helps you create a custom Privacy Policy for your website and mobile app. Just follow these few simple steps and your Privacy Policy will be ready to display.

  1. Start the Free Privacy Policy Generator, located at the top of the website.
  2. Select where your Privacy Policy will be used:
  3. FreePrivacyPolicy: Privacy Policy Generator - Select where your Privacy Policy will be used - Step 1

  4. Answer a few questions about your business:
  5. FreePrivacyPolicy: Privacy Policy Generator - Answer a few questions about your business - Step 2

  6. Add your website or app information:
  7. FreePrivacyPolicy: Privacy Policy Generator - Add your website or app information - Step 3

  8. Answer a few questions about what information you collect from your users:
  9. FreePrivacyPolicy: Privacy Policy Generator -  What information you collect - Step 4

  10. Select options for how your users can contact you:
  11. FreePrivacyPolicy: Privacy Policy Generator - How your users can contact - Step 5

  12. Select whether or not you wish to create a Professional Privacy Policy that would include wording for GDPR and CalOPPA:
  13. FreePrivacyPolicy: Privacy Policy Generator - Select what Privacy Policy you want to create - Step 6

  14. Enter your email address where you'd like your new Privacy Policy sent:
  15. FreePrivacyPolicy: Privacy Policy Generator - Enter your email address - Step 7

  16. Click Create Privacy Policy and you're done. Now you can copy and paste your Privacy Policy code into your website, or link to your hosted Privacy Policy.
  17. FreePrivacyPolicy: Privacy Policy Generator - Copy or link to your hosted Privacy Policy - Step 8