Privacy Policy for Landing Pages

Drafting your landing page's first Privacy Policy agreement might seem like an overwhelming task: there are so many different terms, and they're all written in a difficult legal language, which makes knowing how to comply with the law difficult at times.

Let's go through the 5 most important clauses you need in your Privacy Policy if you're setting up your landing pages.

First, what's the law?

If you are based in the US, there is no overarching law that covers what you need to have in your landing page's Privacy Policy agreement.

However, the California Online Privacy Protection Act of 2003 requires that your Privacy Policy must detail the following:

  • The kinds of information gathered (by your landing page and by your website);
  • How the information may be shared with other parties;
  • The process the user can follow to review and make changes to the information you have on them; and
  • The agreement's effective date and a description of any changes since then.

This list of requirements applies regardless if you design, develop, operate just a landing page or an entire website.

If you are based in the US, it's highly likely that you have Californian users, so it pays to comply with the Californian state law.

In addition, if your business is worldwide or based overseas, UK law, Canadian law, and European law all require that certain data collection rules be followed when collecting private information.

These rules need to be captured by your landing page's Privacy Policy agreement. The overarching privacy principles that UK law, Canadian law, and European law all have in common are:

  • Give notice when collecting information;
  • Collect information only for the purpose stated;
  • Don't disclose information without consent;
  • Keep information secure;
  • Tell the user about who is collecting the information;
  • Provide access to the information; and
  • There must be an accountability process if information collectors don't follow the above principles.

You don't need a separate agreement if you already have a Privacy Policy, but make sure the legal agreement is displayed on your landing page and updated to reflect what your landing page will collect if it collects a different type of personal information.

If you don't already have the legal agreement in place, or you want to update your old one, now you're ready to go through the 5 key sections that will make sure you comply with the law and principles above.

What information you will collect

The most important section to include and cover thoroughly is what kind of information you will be collecting through your landing page.

If your landing page is a click-through page and doesn't contain any web forms, you should still let your users know in your Privacy Policy agreement that you will be collecting some information about them, including:

  • Their IP address;
  • Date and time your website was accessed;
  • Type of browser and operating system used;
  • Pages visited; and
  • What site the user came from.

All this kind of data is usually collected through analytics tools, such as Google Analytics. Your use of Google Analytics and other similar tools must be disclosed in your Privacy Policy.

On the other hand, if you're using web forms, make sure that the legal agreement covers all of the information that the form is asking about, such as:

  • Name;
  • Address;
  • Phone Number;
  • Email; and
  • Credit Card details.

If you change the web forms be sure to update the legal agreements to reflect any new types of information that you're collecting. Here's an example from Apple's Privacy Policy page that shows what kind of information they collect when you create an Apple ID:

Information we collect clause in Apple ID Privacy

You can see that they list out the specific types of information that they collect, and what processes collect them, such as creating an Apple ID, applying for commercial credit, or purchasing products (among other things).

Clause #2: How you will protect and store that information

Your users need to feel like they can trust you, and you can show them that you are trustworthy by informing them how you will protect and store their information.

If you have good protection measures in place, this will give your users comfort that you can keep their information safe.

Have a look at this example from Google that lists the protection mechanisms they have in place:

Information Security clause in Google Privacy Policy

Consider implementing security mechanisms such as SSL to protect your users' information.

Clause #3: What you will do with that information, and when you will release it

Now that you've let your users know what information you are collecting, and how you will keep it secure, it's also crucial to tell them what you plan to use their information for.

Some typical examples of what you might use their information for are:

  • Marketing and sales;
  • Improving customer experience;
  • Creating new services to meet customer needs; or
  • Analyzing business trends.

Here's an example from the Apple's Privacy Policy page about what they do with user information:

How we use your information clause in Apple ID Privacy

You can see that Apple talks about keeping their users posted on product announcements, software updates, and events as some of the ways in which they might use their users’ information.

Apple also mentions that they may use personal information for improving and creating products and services, for preventing fraud, verifying user identity, and for internal processes such as auditing and data analysis.

Think broadly about what you will do with user information, and make sure you cover all facets of it in your landing page's Privacy Policy.

There may also be some circumstances under which you need to release the information of your users, such as to comply with the law or a Court order, or for anti-fraud and credit risk protection processes.

It's important to thoroughly cover all the situations in which you will (or potentially will) release your users' personal information. If you don't cover these situations, you may leave yourself open to liability if you release information in a situation that you did not notify your users.

Have a look at the example from Amazon below, where you can see how they list the situations in which they may need to release customer information:

Does Amazon Share the Information It Receives

Clause #4: How your users can see what information you hold, and request changes

Your users may be interested to know what personal information you hold on them, and from time to time they may want to update it or request that it be deleted.

Have a look at this visual example from Google's Privacy Policy page about how they let their users know how to change their information:

Accessing and updating personal information clause in Google agreements

Make sure you remember to cover both aspects of this kind section: access, and the ability to change the information.

Inform users if they have the ability to delete the information, and note, like Google in the example above, your exceptions on keeping the information for legitimate business or legal purposes.

Clause #5: Effective date, changes to your Privacy Policy and notices

Last but not least, it's important to include a term describing how your Privacy Policy may change from time to time, and how you will notify your customers.

Have a look at this example from Amazon.com:

Conditions of Use, Notices and Revisions in Amazon Privacy Notice

You can see that Amazon includes a statement noting that their Privacy Notice may change and that they may notify users by way of email.

They also say that users should check Amazon.com for recent changes.

It's common to include a statement noting that your Privacy Policy will never be changed to decrease the protection you give your users unless you already have their consent to do so.

Your Privacy Policy should be in clear, simple language, and displayed prominently and frequently to ensure that you comply with your requirements to bring your Privacy Policy to your user's attention.

Most landing pages link to the legal agreements in the footer like this example from YouTube:

YouTube Footer