A privacy policy outlines how your website collects, uses, shares, and sells the personal information of your visitors. If you collect personal information from users, you need a privacy policy in most jurisdictions. Even if you aren’t subject to privacy policy laws, being transparent with users about how you collect and handle their data is a best business practice in today’s digital world.

Our simple privacy policy template will help you comply with strict privacy laws and build trust with your users.

Download the free privacy policy template at the bottom of this page, or copy and paste the full text onto your site. If you’d rather let us help you customize a document that’s tailored specifically to your business, our privacy policy generator will create one for you in minutes.

Table of Contents
  1. What Is a Privacy Policy?
  2. Is a Privacy Policy Required by Law?
  3. What Should I Include in a Boilerplate Privacy Policy?
  4. Website Privacy Policy Examples
  5. Conclusion
  6. Sample Privacy Policy Template for Website [Full Text and Download]
  7. Privacy Policy FAQs
Privacy Policy Template and Compliance Guide Featured Image

1. What Is a Privacy Policy?

A website privacy policy outlines your relationship with users’ personal information. To succeed online and avoid legal turmoil, your website needs a privacy policy agreement.

The first step to creating a compliant and comprehensive privacy policy is understanding exactly what that is.

Privacy Policy Definition

A privacy policy is a legal document that informs your site’s users about how you collect and handle their personal information. You may also hear privacy policies referred to by the following names:

  • Privacy notice
  • Privacy policy statement
  • Privacy page
  • Privacy clause
  • Privacy agreement

A general privacy policy explains a platform’s interactions with the personal information and personally identifiable information (PII) of its users. PII is information that can be used by itself, or combined with other information, to identify an individual.

Specific platforms or services may require a unique privacy policy template. Examples include:

However, a standard privacy policy template will likely satisfy user demands and legal requirements for your website.

Standard Privacy Policy for Website

We’ll dive into details later on in What to Include in a Boilerplate Privacy Policy, but a basic privacy policy outlines the following:

  • What information is collected
  • Where information is collected from
  • Why information is collected
  • How information is collected (including through cookies and other tracking technologies)
  • Who information is shared with or sold to
  • What rights users have over their data
  • The site’s contact details

Privacy policies should be clear, thorough, and easy for internet users to find on any given site.

2. Is a Privacy Policy Required by Law?

If your website uses personal information (e.g, collected names, email address, or credit card information), most legislations around the world require that you have a privacy policy.

If you run a website, mobile app, or desktop app, you are likely legally required to have a privacy policy somewhere on your site. You must display links to your policy clearly, prominently, and conspicuously, so that users can navigate to it quickly and easily.

As data collection and processing becomes more ubiquitous across the internet, privacy laws in the US and around the world set strict requirements for privacy policies. Here are the major laws that affect your website privacy policy:


If you target users in the European Economic Area (EEA), you’re subject to comply with the General Data Protection Regulation (GDPR).

The GDPR is one of the world’s most comprehensive privacy laws, setting international standards for appropriate data handling. Article 12 of the GDPR grants users the right to transparent information about how their data is collected and handled. For business and website owners, this means that transparent privacy policies are mandated by the GDPR.


If your website markets to children, strict rules and regulations apply. Most notably, the Children’s Online Privacy Protection Act (COPPA) governs websites that market specifically to kids.

If the target audience of your site is children under the age of 13, federal law requires you to include a company privacy policy that covers very specific information about your business.


The California Online Privacy Protection Act (CalOPPA) was the original privacy law in the US which mandated that websites make privacy policies available to users. The act also outlines what information needs to be made available regarding data handling — including what data is collected, where from, and whether it’s shared or sold.


Currently the most comprehensive data privacy law based in the US, the California Consumer Privacy Act (CCPA) builds on the online privacy policy requirements of CalOPPA. It builds on CalOPPA’s privacy policy standards, demanding that businesses and websites implement even more transparent and comprehensive policies.

In effect since January 1, 2020, the CCPA sets an annual update requirement for privacy policies. Therefore, you will need to update your CCPA privacy policy every year.


For businesses operating in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) outlines ten fair information privacy practices and principles, including “openness.”

In action, complying with this principle means website operators need to make transparent privacy policies available to their users.

Other Notable Laws

Depending on where your website is based, who your audience is, and what data you collect, there are various laws that may apply to you and your privacy policy.

For example, if you send marketing emails or newsletters, you’re subject to comply with the CAN-SPAM Act, which requires a clearly posted privacy policy.

If your website is “significantly engaged” in financial activities, you may be subject to the Federal Trade Commission’s (FTC) Gramm-Leach-Bliley Act, which requires the publication of “clear, conspicuous and accurate statements” regarding information collection and sharing practices.

There are over one hundred privacy laws around the world and new internet laws coming out each year. Creating and maintaining a good privacy policy is essential to legally running your website or business.

3. What Should I Include in a Boilerplate Privacy Policy?

A basic privacy policy template includes the what, when, who, why, and how of your data collection practices. While every website and business should have a policy tailored to its own operations, even the most simple privacy policy will include the following information:

What Information You Collect

At the heart of your website’s privacy policy is a disclosure of what data you collect from users. Some common types of data that you’ll find in website privacy policy templates are:

  • Personal data (like names and email addresses)
  • Derivative data (like IP addresses and browser types)
  • Financial data (like credit card details)
  • Social network data (like Facebook login information)
  • Mobile data (like mobile device IDs and manufacturers)
  • Third-party data (like social network friends lists)

Both the GDPR and CCPA state that privacy policies should disclose what types of information a website collects. The above are only some basic examples of what types of information may mean for your site.

Why You Collect Information

Another legal necessity under various privacy laws, your data collection needs an explicit purpose — and that purpose needs to be written out in your privacy policy.

Here are just a few examples of ways you may use the user data you collect:

  • To send marketing materials or newsletters
  • To process orders
  • To complete transactions
  • To enter users in sweepstakes, contests, or surveys
  • To create and maintain user accounts
  • To prevent fraudulent activities

If you engage in any of the above activities — or others that require the collection of data — you need to list them in your privacy policy.

Whether You Disclose Data to Third Parties

It’s not uncommon for a website to be integrated with other sites and services. For example, nearly 30 million live websites use Google Analytics.

Given this online ecosystem, it’s only to be expected that your website might need to transfer data to third parties to operate smoothly.

To stay compliant with the law and maintain a transparent privacy policy, you must disclose the categories of third parties with whom your site may share information. Some common categories of third parties include:

  • Service providers
  • Ad vendors & networks (like Google Adsense)
  • Social networks
  • Business partners
  • Affiliates
  • Other site users

Along with which categories of third parties you may share information with, you should note the purposes behind the data exchange.

Here’s an example of how we accomplish this in the downloadable privacy policy template below:

Third-Party Service Providers
We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
Marketing Communications
With your consent, or with an opportunity for you to withdraw consent, we may share your information with third parties for marketing purposes, as permitted by law.
Interactions with Other Users
If you interact with other users of the Site [and our mobile application], those users may see your name, profile photo, and descriptions of your activity, including sending invitations to other users, chatting with other users, liking posts, following blogs.

The green text highlights the type of third party that user information could be shared with, while the blue section gives a brief explanation of how and why that information may be shared.

User Rights Over Their Data

Your privacy policy should have a section outlining what rights users have over their data, and how they can act on those rights.

For example, users from the EEA or California have the right to request access to data that has been collected about them. Specify this right in your privacy policy, including instructions on making such requests.

Check out how it’s done in Airbnb’s privacy policy:

airbnb privacy policy

This section of Airbnb’s policy goes on to specify the right to data erasure and includes links to pages with more information on acting on those rights.

Links to Other Policies

Many sites label their network of legal policies collectively as their “Terms.” Your site’s terms will most likely include a privacy policy, terms and conditions (also known as terms of use or terms of service), and disclaimer.

Also gaining increasing popularity and legal necessity are cookie policies.

All of these documents should link to one another, so users can always find answers to their questions about your site’s operations.

4. Website Privacy Policy Examples

Even if you’re using Termly’s downloadable privacy policy template for small businesses, it’s good to check out large companies’ privacy pages for reference.

Here are some privacy statement examples from notable companies:

YouTube Privacy Policy

YouTube has interesting privacy terms, as its privacy policy is one-and-the-same with Google’s privacy policy.

However, Google’s privacy policy links out to YouTube’s privacy guidelines:

youtube's privacy guidelines

YouTube’s privacy guidelines expand upon Google’s privacy policy by covering the topics seen above inside the red box. While the privacy policy deals with data collection, distribution, and use, these guidelines explore privacy specifically as it relates to video content posted to YouTube.

Twitter Privacy Policy

Twitter’s privacy policy retains the site’s aesthetic with a unique appearance and user-friendly interface:

twitter privacy policy

Not only does Twitter’s policy notice include a navigable sidebar menu, but it also highlights important words and phrases in each section as you scroll down the page.

Like Twitter, you should always consider how you can make your privacy policy as user-friendly as possible, and ensure your site visitors always find the answers they’re looking for.

Legal documents, including privacy policies, are most enforceable when they are easy to read and understand.

NewsCorp Privacy Policy

Privacy policies for news websites are unique in that they tend to focus less on data collection and transfer for business purposes, and more on user accounts and user-to-user interactions.

Nonetheless, a basic website privacy policy can take a tip or two from news privacy policies.

Take, for example, News Corp’s privacy notice:

news corps privacy notice

While the privacy policy doesn’t list as many third-party data recipients as other privacy policies, notice how it discloses the company’s use of Google Analytics.

It clearly states the reason data is shared with this service, by what means that data is collected, and how users can opt out of their data being shared with Google Analytics. It also provides further information about cookies with a link to their Cookie Notice.

This is the level of transparency and control a good privacy policy should offer users.

Disney Privacy Policy

If you market to children, you may require a unique privacy policy that addresses your treatment of children’s information. Take, for example, Disney’s privacy policy for children:

example of a children's privacy policy template from the Walt Disney company

Disney’s privacy policy addresses its collection of minors’ information, details its efforts to protect children’s data, and links out to an additional dedicated privacy policy for children.

5. Conclusion

Your website needs a privacy policy. Having one promotes user trust in your site and keeps you on the right side of stringent privacy regulations like the GDPR and CCPA.

Save yourself the hefty fees of hiring an attorney for legal advice and document drafting, and download our free privacy policy template. Tailor it to your website for a low-cost, high-reward legal agreement.

If you’re looking for a different type of privacy policy template, have a look at our other options to find what you need:

Privacy Policy Description
GDPR Privacy Policy Template A GDPR-ready privacy policy for any online business.
Mobile App Privacy Policy Template A privacy policy for apps on the App Store and Google Play.
Ecommerce Privacy Policy Template A privacy policy built specifically for online eCommerce stores.
Email Marketing Privacy Policy Template A privacy policy for email newsletters and email marketing.

6. Sample Privacy Policy Template for Website [Full Text and Download]

Expand the box below to view the sample privacy policy text. Copy and paste the text onto your site, or download the privacy policy template PDF or Word document.

7. Privacy Policy FAQs

1. How do I write a privacy policy?

You can write a privacy policy using any of the following methods:

  • Download the privacy policy template above and fill in the blanks.
  • Use our free privacy policy generator.
  • Hire a lawyer to draft a privacy policy for your site.
  • Research applicable rules and regulations and write one from scratch.

What should be included in a privacy policy varies based on the applicable laws and service provider requirements, as well as your website’s data-handling practices.

More resources:

2. Do I need a privacy policy?

If you collect personal information from users, many laws require you to include a privacy policy on your site that explains your data-handling practices. For example, if you market to users in the European Economic Area (EEA), California, or Canada, you likely need a privacy policy.

More resources:

3. Can I copy a privacy policy?

No, you shouldn’t copy a privacy policy and use it as your own. For privacy policies to be legally sound, they need to be specific to your website’s data-handling practices. Furthermore, copying another site’s privacy policy could expose you to claims of intellectual property theft.

More resources:

4. Where do I put my privacy policy?

You should put your privacy policy on a dedicated page on your website. Link to your privacy policy page in easy-to-spot locations, such as your website footer or main menu.

More resources:

5. Do companies need a privacy policy?

Privacy policies are a necessity for companies because it’s legally required in most countries for websites or apps that collect personal data or information from users. It’s also best business practice to be transparent with users about how you are handling their data.

Laws that require privacy policies include the California Online Privacy Protection Act (CalOPPA), the California Consumer Privacy Act (CCPA), and the General Data Protection Regulation (GDPR).

More resources:

6. Is a generic privacy policy legally compliant?

Your privacy policy should not be overly generic. You must make sure that your privacy policy is specific to your business. You cannot copy and paste another business’s privacy policy, and simply adding in a generic privacy policy may mean you are not compliant with the GDPR and other privacy laws.

If you use a privacy policy template or write your own policy, make sure you add in the specific details that are unique to your business. If you use a privacy policy generator, you should be prompted to add in all the necessary details that will make sure your policy is tailored to your business.