What’s a privacy policy? (And why you should have one!)

Okay, so you’ve just started your website. You’re new and your site is small and you’re not planning on using or gathering information from your viewers. So you don’t have to worry about things like infringing on your clients’ privacy. Right? Nope. From the moment someone clicks on that link to your site you are gathering information from them that can be considered private.

That’s where the privacy policy comes in. Simply, it’s a statement from you or your company on how you’re going to collect, store and distribute your clients’ information. This covers everything from casual browsers to commentators, buyers and newsletter subscribers.

So maybe you can just say something like: “I hate spam and I won’t sell or provide your information to third parties for any reason.” That’s more or less what my first privacy policy said. Except it’s wrong.

In the background of your website tons and tons of information is being relayed: Widgets and plug-ins are gathering information. Your ISP is directing traffic to your site with information from your clients. Your opt-in page or subscription page is collecting data for you, but it’s passing through their system at the same time. Oh and let’s not forget: How will that package reach your client if you can’t tell UPS or Fedex where they live?

So the fact is that, unwittingly or not, you are sharing your clients’ information. For that simple reason you have to have a comprehensive privacy policy in place to show how you’re going to deal with your clients’ information.

Some more reasons why you should have one:

Legal requirement

It’s the law. While some countries do not have specific laws about privacy protection, the majority do. Your country may not require you to have a privacy policy. Unfortunately, the bulk of your third-party service providers you use do: Think your ISP, your web host, Google, Linked-In, Twitter, Facebook, etc. Without naming every country, the USA, Canada, the UK, China, India and Australia all have comprehensive legislation in place to protect peoples’ privacy.

Third party service provider requirement

This reason is how I realized my privacy policy was completely inadequate: I considered using Adsense and after reading a few articles I found out that it was mandatory to have an adequate privacy policy in place. Some further reading showed me that Google Analytics, AdSense and AdWords all require a privacy policy from their users. Of course you could take the chance by using these and similar services without complying, but can you really risk Google shutting your services with them down?

Customer peace of mind

If there is one reason why I personally would have a privacy policy it’s this one. If your clients do not feel their information is safe with you, they will go elsewhere. No clients equals no business. Jonathan I. Ezor said in his http://www.businessweek.com/smallbiz/running_small_business/archives/2009/08/why_web_site_pr.html article in Businessweek that as far back as 1997 people were significantly concerned about their privacy. So unless you want some of your clients or potential clients going elsewhere, because they don’t know your position on privacy, this is another good reason to have one.

Another facet to this reason is the issue of honesty and transparency. Both of these are facilitated by proper communication and your privacy policy (or lack thereof) is just another facet of this vital communication with your clients. What assumption do you think most users will make if you’re not willing to tell them how you handle the issue of their private information?

Legal cover

Having worked in the legal field for 8 years, I feel there is a term that every person should know. CYA (Cover Your Ass). It’s true that a privacy policy and the laws that require it protect your client. What a lot of people don’t realize is that it protects you as well. While it is unlikely that you will get sued by someone claiming you violated their privacy because you provided Fedex with their address, stranger things have happened. And if you have a privacy policy, all you do is: “Ahem. It’s there at paragraph 9: We can provide your details to third parties to facilitate shipping your order to you.” So unless you relish the thought of sitting through some lengthy and expensive litigation, a privacy policy is the way to go.

In closing this article, I looked up some of the services available out there. I gave them all the opportunity to tell us a bit about why their service is the best for you.

If you have any experiences relating to a privacy policy (good or bad), feel free to tell us about it in the comments. You can even tell us about your experiences in dealing with any companies that assist with or provide privacy policies.


TermsFeed (courtesy of Max, Manager)

Terms works with lawyers, attorneys, paralegals, solicitors and people from the legal industry to bring high-quality Privacy Policy and Terms and Conditions.

– Our wizard adapts based on business needs: if you have an e-commerce website, if you operate only a mobile app, and so on.
– The agreements are adapted depending on the user’s country, e.g. if you select “United States”, the agreement is for US-based business, if you select “Canada”, the agreement is for Canada-based businesses.
– We support multiple cases: general websites or mobile apps, e-commerce businesses, businesses with user-generated content, and so on.
– We also blog a lot on these topics to help small businesses understand what they need to do – https://termsfeed.com/blog/. Example: what’s the difference between browsewrap vs. clickwrap and what the business should implement, how to comply with COPPA, and so on. 

Free Privacy Policy

The free privacy policy creator at FreePrivacyPolicy.com includes several compliance verification tools to help websites effectively protect customer privacy, while limiting liability, and adhering to the most notable state and federal privacy laws and third party initiatives quickly, and easily.

FreePrivacyPolicy.com helps website owners comply with the dizzying array of state and federal privacy laws and third party initiatives, including state and federal privacy laws and 3rd party initiatives, including: Google Adwords Privacy Policy requirements, Personal Identifiable Information (PII), Federal Trade Commission Fair Information Practices, the Children’s Online Privacy Protection Act (COPPA), Can-Spam Act, and the California Online Privacy Protection Act (Caloppa).

http://www.generateprivacypolicy.com/ (Mark, from www.vldinteractive.com VLD Interactive)

What sets our service apart from others is that it offers a completely customizable privacy policy created based on how users answer the questions, and it’s completely free!

Iebenda (Simon Schmid)

Iubenda combines the classic legal work with software. While the legal texts are written and translated by the legal team and legally trained (and local) people, the heavy lifting is done by the software. 

The software generates the legal document in 6 languages (the privacy policy) and places it on a url on iubenda’s domain. From there it can be accessed via url (important for mobile apps), called from the website in a modal window, or embedded into the site itself. Since the privacy policy is still connected with the iubenda server, it can be updated anytime from within the iubenda dashboard. The iubenda software keeps getting new third party integrations (like Google Analytics) and new languages.

For those wanting to understand the whole issue more comprehensively, the IAPP is a wonderful source not only for information, but also for training or locating knowledgeable people in this industry:

International Association of Privacy Professionals

The International Association of Privacy Professionals (IAPP) is the largest and most comprehensive global information privacy community and resource, with more than 20,000 members across 83 countries, helping practitioners develop and advance their careers and organizations manage and protect their data.

The IAPP is a not-for-profit association founded in 2000 with a mission to define, support and improve the privacy profession globally. We are committed to providing a forum for privacy professionals to share best practices, track trends, advance privacy management issues, standardize the designations for privacy professionals and provide education and guidance on opportunities in the field of information privacy.


Please like & share:


  1. Hi Anton,

    Great content! Privacy policies also help legitimize your site in the eyes of google. If you have a privacy policy you must mean business!

    New site design looks great, how are you liking the Genesis framework?


    P.S. Get rid of that default favicon (the black G in the tab).

    • Hi WP,

      Genesis rocks! I could probably have eventually managed to do with the previous themes what I wanted to, but it was just taking too long. Genesis just made it all easier. Definitely a good ROI.

      Wow! Must have changed the Favicon with the changeover. Thanks for pointing it out!

Speak Your Mind


Enjoy this blog? Please spread the word.

%d bloggers like this: