Sample Privacy Policy Template

You can download our free Privacy Policy as a PDF document here:
Sample Privacy Policy Template as PDF document

If you'd like to link to this PDF document please use this link:

You can also grab the template as HTML code:
Sample Privacy Policy as HTML

In this article:

What is a Privacy Policy?

While most Privacy Policies will share certain features and structure, there is no one-size-fits-all Privacy Policy. As every website is unique, so is every Privacy Policy.

A Privacy Policy is a legal document specially crafted to disclose what personal data your app or website collects, what is done with that information, and how that information is kept secure. Since the methods your website uses will be different from another website, your Privacy Policy will also be different.

It's important that your Privacy Policy covers all relevant aspects of your services so your users know what happens to their personal data and so that you are compliant with all relevant laws and regulations.

As you can imagine, Privacy Policies come in many shapes and sizes depending on the legal needs and services provided by the app or website.

For example, the Privacy Policy for a start-up website may be very short and simple, but the Privacy Policy for is multiple pages long with many sections and clauses in order to cover all of the services they provide and data they collect to deliver such a variety of features.

For this reason, there is no Sample Privacy Policy Template or one-size-fits-all solution. You need to ensure your Privacy Policy is complete from a legal standpoint, as well as informative and helpful to your users.

Different clauses in your Privacy Policy for the services you use

Different clauses for different services

Privacy Policies are composed of a few common elements that should be present in every situation. Beyond that, different clauses will be included depending on the types of services your app or website offers.

For example, a website that processes credit card information will have a section in its Privacy Policy discussing how that credit card information is encrypted and stored so as to keep it from unauthorized access.

In this section, you will find a variety of clauses that are commonly included in Privacy Policies depending on the services offered. Clauses such as these will be mixed and matched to create your Privacy Policy, with each clause being individually tweaked to suit your specific needs.

What information do you collect?

This is a necessary part of any Privacy Policy, disclosing to your users what types of information your app or website collects. This crucial clause lets your users know right from the start whether you will be collecting data they are comfortable sharing.

For example, a website could simply collect an email address for their mailing list during registration. This would be very different from an app the collects the user's name, location, email address, and payment information.

Users have the right to know what kinds of information you collect from them! Below is an example of this clause from Apple:

Apple Privacy Policy: What Personal Information we Collect clause

Note that most privacy laws also dictate that you may only collect personal information that is reasonable and proportional to provide the services that you offer. Even if you disclose what information you are collecting, you need a reason to be collecting it.

What do you do with that information?

In addition to disclosing what types of information you collect, you must also disclose how that collected information is used. This necessary clause informs users about what is done with their personal information after it has been collected.

For example, a website may collect a user's name and address in order to deliver products that were purchased online. It is understandable that this information is necessary and no additional information is collected beyond what is needed. This would be very different from a website that collects a user's name and address and then sells that information to a third-party for the purposes of sending marketing material.

While both websites collect the same information, it is important to know how that information is used after it has been collected. Most privacy laws also dictate you only use the personal information you have collected for tasks necessary to performing your services.

Below is an example of this clause from Apple:

Apple Privacy Policy: How we use your personal information clause

How is that information kept safe?

When collecting personal data from any individual, there is an obligation to keep that information secure and accessible only to authorized persons. If you are to be trusted with handling personal information about users, you must take appropriate measures to keep that information safe.

For example, if you store customer's credit card information to expedite future purchases from them, that sensitive information needs to be securely stored behind firewalls and SSL encryption to keep unauthorized persons from hacking and stealing that data.

Over the past few years, data breaches have affected millions of internet users and many of the companies involved faced serious legal and financial burdens as a result. If you are going to be handling or storing personal information, it is your responsibility to make sure that information does not fall into the wrong hands and disclose your methods of safeguarding it to your users.

Below is an example of this clause from Apple:

Apple Privacy Policy: Protection of Personal Information Clause

Do you have users under the age of 13?

This special clause pertains only to certain apps and websites, and is regulated primarily by COPPA (the Children's Online Privacy Protection Act). While protecting the privacy of everyone is important, it is especially important in the case of minors. COPPA sets forth special requirements for apps and websites that collect data from kids, resulting in an additional clause within the Privacy Policy of apps of websites that are intended for children.

If your app or website has young users, you must read and comply with the regulations set forth by COPPA!

Below is an example of this clause from Apple:

Apple Privacy Policy: Children and Education clause

Do you handle medical data?

Medical information is deemed extra-sensitive and therefore regulated more thoroughly. HIPAA (the Health Insurance Portability and Accountability Act of 1996) is the primary law that covers the additional measures required of apps and websites pertaining to health and medical information.

If your app or website deals with health or medical information, you must read and comply with the regulations set forth by HIPAA!

Do you handle financial or credit data?

Financial information is deemed to require privacy measures greater than normal for obvious reasons. As private information related to finances and credit is extra sensitive, there are several laws that regulate what measures must be taken by companies that store or handle this kind of data in order to protect users from identity theft, fraud, and other illegal acts that could affect an individual's finances.

If your app or website deals with credit information or financial data, you must read and comply with the various laws that regulate the services you provide.

Does your app or website utilize third-party services?

A common clause often found in Privacy Policies discloses information about any third-party services used by a website. Disclosing information about third-party usage is important because those third-parties' Privacy Policies will differ from your own, and users must be able to know who has access to their information and what their policies are.

For example, a website may use a third-party credit card processor in order to complete transactions. While the website itself does not handle or store that transaction information, its users still need to know who has their credit card information and what they are doing with it. This can be as simple as stating who the third-party is and why they are used, so the user can then go and read their Privacy Policy to make sure they agree with their policies as they pertain to your website.

Below is an example of this clause from Apple:

Apple Privacy Policy: Third Party Sites and Services clause

Additional clauses in your Privacy Policy

Aside these common clauses, it is likely that your website may require or benefit from additional clauses in order to fully disclose your privacy practices and inform your users about the services you provide.

Explore the Privacy Policies of your favorite apps or websites and see what additional clauses they include to cover the unique services and features that they offer.

Sample Privacy Policy structure

While there is no Sample Privacy Policy Template that you can cut and paste for your app or website, the sample below offers a structure that may help you get started when creating a template for your Privacy Policy.

  1. What personal data do you collect?
  2. How do you use the data you collect?
    1. Do you share or sell the data you have collected?
  3. How do you secure the data you collect?
  4. Disclose third-party services that collect or utilize your user's personal data
  5. Discuss use of Cookies and other tracking technology
  6. Comply with extra regulations for sensitive data pertaining to:
    1. Children
    2. Medical information
    3. Financial information
    4. Credit reporting
    5. Other special regulations
  7. Disclose privacy guidelines for unique services or features your provide

Steps 1-3 of this outline should be included in every Privacy Policy. This may simply be the declaration that personal information is not collected or used in any way. As far as a "standard" Privacy Policy, these three steps are universal for what users expect and compliance with privacy laws.

Steps 4 and 5 are very common in most Privacy Policies as most apps and website utilize Cookies, third-party analytics, or other tools to gain insight about the behavior of their users and visitors. Even if you do not use Cookies or third-party services, it is a good idea to state this in your Privacy Policy.

Steps 6 and 7 likely will not be necessary in your Privacy Policy unless your app or website deals with certain information that has been deemed extra sensitive and in need of additional regulations. If your app or website handles this sort of information or has unique features that use or collect personal data from your users, you should include that information in your Privacy Policy.

Again, there is no universal Privacy Policy that will be adequate for all apps and websites, but the structure above is helpful for getting started and following the best practices when drafting your Privacy Policy.

Your Privacy Policy is an opportunity

Your Privacy Policy is an opportunity to improve your app or website. You should put as much consideration into your Privacy Policy page as you would any page on your website. You want it to be helpful, informative, and easy to read just like any other part of your website.

A Privacy Policy is a resource for your clients and customers that you can use to show them that you care about them and the measures that you are taking to make your app or website safe and trustworthy.

A Privacy Policy shouldn't just be a legal hurdle that you complete and forget about. Your Privacy Policy should be kept up to date and be reviewed periodically. Privacy laws change, your app or website may change, and these changes should be reflected in your Privacy Policy.

It is also important to follow the rules set forth in your Privacy Policy! Writing this document is useless if your practices don't follow the guidelines you set forth in your Privacy Policy. If your practices change, be sure to update your Privacy Policy accordingly.

FAQ: Sample Privacy Policy Template

Is this Privacy Policy template free to use?

Yes, our privacy policy template is free to use for all your website needs.

Can I use the Privacy Policy template for a mobile app?

While our Privacy Policy template uses "Website" extensively, you can also use it for a mobile app.

Where should I place the Privacy Policy?

It's recommended that you link to your Privacy Policy in prominent places on your website, such as your website footer section.

Download the Privacy Policy (HTML)

You can copy a sample Privacy Policy with HTML tags added:

<p><strong>Privacy Policy for My Website</strong></p>
<p>My Website one of our main priorities is the privacy of our visitors. This Privacy Policy document contains types of information that is collected and recorded by My Website and how we use it.</p>
<p>If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.</p>
<p>This privacy policy applies only to our online activities and is valid for visitors to our website with regards to the information that they shared and/or collect in&My Website. This policy is not applicable to any information collected offline or via channels other than this website.</p>
<p>By using our website, you hereby consent to our Privacy Policy and agree to its terms. This Privacy Policy has been generated with the <a href=""><span class="s1">Privacy Policy Generator</span></a> which is available from <a href=""><span class="s1"></span></a><span class="Apple-converted-space">&</span></p>
<p><strong>Information we collect</strong></p>
<p>The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.</p>
<p>If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.</p>
<p>When you register for an Account, we may ask for your contact information, including items such as name, company name, address, email address, and telephone number.</p>
<p><strong>How we use your information</strong></p>
<p>We use the information we collect in various ways, including to:</p>
    <li>Provide, operate, and maintain our website</li>
    <li>Improve, personalize, and expand our website</li>
    <li>Understand and analyze how you use our website</li>
    <li>Develop new products, services, features, and functionality</li>
    <li>Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the website, and for marketing and promotional purposes</li>
    <li>Send you emails</li>
    <li>Find and prevent fraud</li>
    <li>Log Files</li>
<p>My Website follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website, and gathering demographic information.</p>
<p><strong>Cookies and Web Beacons</strong></p>
<p>Like any other website, My Website uses "cookies". These cookies are used to store information including visitors' preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users' experience by customizing our web page content based on visitors' browser type and/or other information.</p>
<p><strong>DoubleClick DART Cookie</strong></p>
<p>Google is one of a third-party vendor on our site. It also uses cookies, known as DART cookies, to serve ads to our site visitors based upon their visit to and other sites on the internet. However, visitors may choose to decline the use of DART cookies by visiting the Google ad and content network Privacy Policy at the following URL &ndash; <a href=""><span class="s1"></span></a><span class="Apple-converted-space">&</span></p>
<p>Some of advertisers on our site may use cookies and web beacons. Our advertising partners are listed below. Each of our advertising partners has their own Privacy Policy for their policies on user data. For easier access, we hyperlinked to their Privacy Policies below.</p>
    <li>Google: <a href=""><span class="s1"></span></a></li>
<p><strong>Advertising Partners Privacy Policies</strong></p>
<p>You may consult this list to find the Privacy Policy for each of the advertising partners of&My Website.</p>
<p>Third-party ad servers or ad networks uses technologies like cookies, JavaScript, or Web Beacons that are used in their respective advertisements and links that appear on&My Website, which are sent directly to users' browser. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalize the advertising content that you see on websites that you visit.</p>
<p>Note that My Website has no access to or control over these cookies that are used by third-party advertisers.</p>
<p><strong>Third-Party Privacy Policies</strong></p>
<p>My Website's Privacy Policy does not apply to other advertisers or websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt-out of certain options. You may find a complete list of these Privacy Policies and their links here: Privacy Policy Links.</p>
<p>You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers' respective websites. <a href=""><span class="s1">What Are Cookies?</span></a></p>
<p><strong>CCPA Privacy Policy (Do Not Sell My Personal Information)</strong></p>
<p>Under the CCPA, among other rights, California consumers have the right to:</p>
    <li>Request that a business that collects a consumer's personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.</li>
    <li>Request that a business delete any personal data about the consumer that a business has collected.</li>
    <li>Request that a business that sells a consumer's personal data, not sell the consumer's personal data.</li>
<p>If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.</p>
<p><strong>GDPR Privacy Policy (Data Protection Rights)</strong></p>
<p>We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:</p>
    <li>The right to access &ndash; You have the right to request copies of your personal data. We may charge you a small fee for this service.</li>
    <li>The right to rectification &ndash; You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.</li>
    <li>The right to erasure &ndash; You have the right to request that we erase your personal data, under certain conditions.</li>
    <li>The right to restrict processing &ndash; You have the right to request that we restrict the processing of your personal data, under certain conditions.</li>
    <li>The right to object to processing &ndash; You have the right to object to our processing of your personal data, under certain conditions.</li>
    <li>The right to data portability &ndash; You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.</li>
<p>If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.</p>
<p><strong>Children's Information</strong></p>
<p>Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.</p>
<p>My Website does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.</p>
<p>If you have any questions about this Privacy Policy, please contact us.</p>  

Download the Privacy Policy (PDF)

You can download our free Privacy Policy as a PDF document here:

Sample Privacy Policy Template (PDF document)

If you'd like to link to this PDF document please use this link: