Create Privacy Policy

Our top-rated tool is like working with a professional every step of the way.

Create Privacy Policy
  • Create Privacy Policy in less than 5 minutes.
  • Legally binding in all 50 states
  • Print and export to word or PDF in seconds
Free Privacy Policy

Privacy Policy: What Is It?

An online privacy policy is something that is becoming more increasingly used with the Internet and websites. It is used to let users know what information is being collected from them while they are using the websites or accounts.

An online privacy policy should detail what kind of information will be used by you or a third-party, such as name, birthdate, phone number, email address, or other contact information. You should also list any 'opt-out' options if they are available.

This policy is very important for any website, especially those that will share information with other parties. To ensure your online privacy policy is a binding legal document with all required enclosures, seek counsel from an experienced lawyer.

Click here to get started now!

Recent Reviews

“This was a great service. I was able to create and print out my privacy policy in just 5 minutes. The step by step process was a breeze. Thanks again!”
-Carrie M.

"Creating my privacy policy was easy using your tool. The whole process was very straightforward and the final document was extremely professional."
-Joe H.

What Is A Privacy Policy?

A privacy policy is a legal document outlining the manner in which you will handle your customers’ private and sensitive information .

One of the biggest concerns among visitors to Web sites is how their personal information is going to be used. This isn’t a new development; back in March of 2000, BusinessWeek did a cover story on Internet privacy , including a survey showing that the vast majority of users were either very or somewhat concerned about how their information would be used. The same cover story discussed how best to inform and reassure users. (You can see other such surveys, dating back to 1997, here. )

Unfortunately, while the number of businesses with Web sites has continued to expand, as has the sites’ sophistication, the level of disclosure of data practices has not significantly improved. True, most Web sites (especially business ones) have posted “privacy policies,” but too many simply copy language they’ve found on other Web sites. The problem? The borrowed language may describe the practices of the other site, but may not be correct when it comes to the new site using the policy, and when it comes to privacy policies, inaccuracy can be expensive.

Keep in mind that a privacy policy is a disclosure document, whose purpose is to inform (and therefore protect) consumers. When it comes to consumer protection, the Federal Trade Commission and state attorneys general have jurisdiction, and even absent any other applicable laws about privacy (such as the Children’s Online Privacy Protection Act or COPPA, which will be discussed in an upcoming blog), the enforcers can and do sue and fine sites whose privacy policies are well-meaning but wrong. (The FTC publicizes its enforcement and its penalties , adding to the embarrassment for some major companies, including Microsoft. )

How do well-meaning companies get themselves into trouble with their privacy policies? Among the biggest problems is a statement such as, “We will not share your information with any third party.” Very reassuring; almost certainly false. When it comes to the Web, there are numerous legitimate third parties with whom the site owner must share user information just to operate the site: the site’s hosting company, the user’s own ISP (to whom the Web pages are transmitted on their way to the user), the courier delivering any purchases, the banks clearing credit card payments, etc.

Another problematic statement: “We collect your information through the form you complete on the site.” This may be true, but the site owner will likely also be collecting personal information about the user from text messages, e-mails, faxes, telephone calls, postal mail or other communications with the user, as well as from outside sources (credit card processors, database vendors), etc. Further, though there is not (yet) a federal law requiring all Web sites to have privacy policies, states such as California have rules about policies and what needs to be included in them. (California’s Civil Code Section 1798.83, which mandates certain language and procedures for privacy policies, can be found on this page. )

Given that copying another site’s language is a bad way to create a privacy policy, what’s the right approach? An attorney familiar with the laws and rules about data can guide you through the process of learning exactly how your organization collects data, how it uses the data and how it shares them with others, so the policy can be accurate as well as flexible enough for future uses. For the best results, this process should include IT, sales, marketing, and any other group within the company that touches the site’s information. (Don’t forget that data may also be collected through offline operations; if the information is shared between Web and offline in the company, the offline part needs to be included in the policy.)

There are also organizations like TRUSTe and P3PWiz that offer templates and consulting to help with policies. You may find some good information from the International Association of Privacy Professionals (IAPP) . Finally, if your site collects information from children, includes health or financial data, or you have operations in other countries, there may be additional laws with which you must comply. For those, asking a competent lawyer is definitely a good idea.

Don’t forget that your privacy policy has to remain accurate over time. If your information practices change and they’re no longer what’s described in your policy, the policy should change. Be careful, though, that if you are making major changes in your data use, you don’t use information collected under the earlier policy without getting permission from those users. got into trouble with consumers and got the attention of the FTC in 2001 when it made a change in its policy; the FTC said that were Amazon to make a “material change,” it would actually have to get permission from each of its previous customers before using their information in the new ways, which would be a major and probably unsuccessful effort.

Beyond helping you craft an accurate and flexible privacy policy, having a complete picture of how your organization collects, uses and shares information has one other major benefit: it can show you how you’re underutilizing the data you already have. With that knowledge, you can find new ways of understanding, communicating, and serving your customers, while providing them with the comfort that comes with full disclosure.

The Main Components of a Privacy Policy


main components of a privacy policy Believe it or not, privacy of information is one thing that is barely regulated in the US compared to other countries. We take a comparatively laissez-faire approach to things like personal privacy and property. This might be due to our enterprising, go-getter do-it-yourself culture.

That said, the feds do not ignore the issue. Privacy of information is an extremely important asset to protect, both from a legal and a marketing point of view. You want to brand your new company as trustworthy, reliable and on top of its legal obligations. For this reason, you’ll want to be sure all the important main components of a privacy policy exist in yours. I’ve outlined these below.

Explain what data will be taken

Tell the client exactly what information you will or may be taking from them. For example:

Porcupine Media, Inc. may collect the following information from our customers:

•    Your name/job title

•    Your contact information

•    Demographic data such as preferences/interests and postal area

•    Other information relevant to client-based surveys

Discuss security

Explain your secure storage strategy. Maybe you use secure software, maybe you you use de-identification methods. Either way, the customer should know about it.

Anonymization, or de-identification, is a process of rendering personal data unidentifiable by removing or replacing personal identifiers. Porcupine Media, Inc. performs a 4-step data de-identification process. We are committed to the persistent and perpetual improvement of our data protection strategy.  Porcupine Media, Inc.’s automatically de-identifies data that has been stored in an identifiable form in our system for longer than 2 months.

State your purpose

Explicitly disclose what you intend to do with your clients’ private information. Will you be using it for survey purposes? Financial analysis?

We require this information in order to provide you with a better service, and apply it to the following purposes:

•    Internal record keeping.

•    Improvement and possible promotion of products and services.

•    We may occasionally use your information to conduct critical market research. We may contact you by email, phone, fax or mail.

•    Though we may occasionally provide your information to our third party partners, we will do so for express purposes of marketing or promotion only. Porcupine Media, Inc. will never sell your information.

We will never sell your information.

Give the user control

Allow the user to verify and control the nature of his private information’s use. Provide details on exactly what steps the user may or must take to keep his or her information private. This section is often entitled “User Rights.” The main thing is to make your clients feel comfortable sharing their information, knowing that they are doing so by choice.

You may restrict our collection or use of your personal information, by clicking to the box on our website forms that indicates you do not want your information to be used.

You should also alert user to your policy on updates, and let them know how to be sure they are alerted to any changes that are made.

Be sure to visit the Federal Trade Commission’s website to review your legal responsibilities in detail. Also check your state and city websites to see if any local laws apply.