Privacy Policy

Sample content source from 

Example of a Website Privacy Policy

To be transparent with your users about what personal information you collect and what you do with it, you are required to publish a Privacy Policy agreement on your website or give in-app access to it.

Websites usually post a link to the complete Privacy Policy agreement from the footer of the website, whereas apps generally add the Privacy Policy to an “About” or “Legal” menu.

Another popular location for ecommerce store apps and websites is the checkout page, or account registration page if you don’t have an ecommerce component but allow users to create accounts.

Medium links its Privacy Policy agreement to its website footer:

Medium homepage screenshot showing footer with Privacy Policy link

The format and theme of the Privacy Policy agreement is consistent with the rest of the website and doesn’t have any anchor navigation.

Medium Privacy Policy: Information We Collect and How We Use It clause

It includes the following clauses:

  1. Information We Collect & How We Use It
  2. Information Disclosure
  3. Public Data
  4. Data Storage
  5. Third-Party Embed
  6. Tracking & Cookies
  7. Modifying or Deleting Your Personal Information
  8. Data Security
  9. Business Transfers
  10. Email from Medium
  11. Changes to this Policy
  12. Questions

There’s also a section that specifically addresses EU users and includes information required by the GDPR such as:

  1. The legal bases for collecting and processing information
  2. What third parties (like payment processors) Medium engages with and shares data with
  3. How long data is retained
  4. The rights of EU data subjects
  5. How to make a subject access request
  6. Contact information for Medium’s EU Representative

If your company has users in the EU, like Medium does, you’ll need to include this type of information in your Privacy Policy to be compliant with the GDPR.

Now let’s take a look at some examples of specific clauses your Privacy Policy should have.

Examples of Useful Clauses for Your Privacy Policy

Your Privacy Policy must be accurate and easily comprehensible, with all the necessary information required by laws and for transparency.

Generally speaking, every Privacy Policy agreement should have at least the following clauses:

  • What information is collected and how
  • How is the information used
  • How is the information stored and protected
  • Company contact information
  • Use of cookies, log files and tracking
  • How a user can opt out of data collection/usage

Here’s each one in action.

What Information is Collected and How

Privacy Policy agreements inform users what information is collected from them. This includes information users voluntarily and actively provide when they register to use services, as well as information that may be collected from them automatically, such as through the use of cookies.

You can define how you classify information e.g. public, private, or personal information. This helps the user know exactly what these terms means in the rest of the Privacy Policy document.

Here’s an example of how you can construct a clause to explain this information to your users:

Trello Privacy Policy: Types of Information clause: Personal and Sensitive Personal information defined

The PBS Kids Privacy Policy informs users what information it collects from them. It describes the information it collects as well as a short but further detailed section after each type of information that provides more information:

PBS Kids Privacy Policy: What information do we collect clause excerpt

How the Information is Used

One of the main purposes of Privacy Policy agreements is to explain to users how the information the business collects is used.

Pinterest has a fairly large section on What we do with the info we collect in its Privacy Policy agreement. In its first paragraph, it states that the website uses the information to provide its services to its users. It goes on to explain a few different ways it uses the information including to identify users, process their transactions, make recommendations, and respond to their questions and comments.

Pinterest Privacy Policy: What we do with the info we collect clause

How the Information is Stored and Protected

Another important clause to include in your Privacy Policy agreement is about how you store and protect the information you collect from your site’s visitors. You can explain the different ways you store information and what measures you take to protect that information.

For example, Caffe Nero’s Privacy Policy agreement states that user account information is protected by a password and explains what steps users can take to prevent unauthorized access to their accounts.

In addition to this, it also states that the website takes steps to ensure as much security as possible, however it doesn’t guarantee that the measures they take will prevent unauthorized access:

Caffe Nero Privacy Policy: Our Security Measures and Information About When We Delete Data clause

Shopify states in its Privacy Policy that it follows the industry’s standards on information security management to protect sensitive user information. It also says that the company performs audits annually to make sure that the handling of user credit card information is in line with the industry guidelines. Finally, it says that they cannot guarantee the absolute security of their users’ personal information since no method of transmission over the Internet is 100% secure.

Shopify Privacy Policy: How do we keep your personal information secure clause

Company Contact Information

As a business owner, it’s important that you include your company’s contact information in your Privacy Policy agreement. Generally, contact information is added at the end of the Privacy Policy and contains a physical (street) address, email address, and/or phone number. The more contact information that you can provide, the better.