Privacy Policy Template

Startup Law ResourcesIncorporateBusiness Operations

This privacy policy is to be used as the beginning of a more robust privacy policy for a website with user generated content. The purpose of privacy policy to inform your users how you will use the information they contribute to your site, especially personal information.

Privacy Policy Template for a Basic Website with User-Generated Content


[Company Name] (the “Company”) is committed to maintaining robust privacy protections for its users.  Our Privacy Policy (“Privacy Policy”) is designed to help you understand how we collect, use and safeguard the information you provide to us and to assist you in making informed decisions when using our Service.  

For purposes of this Agreement, “Site” refers to the Company’s website, which can be accessed at [Company URL] [or through our mobile application].

Service” refers to the Company’s services accessed via the Site, in which users can [description of services].

The terms “we,” “us,” and “our” refer to the Company.

You” refers to you, as a user of our Site or our Service.

By accessing our Site or our Service, you accept our Privacy Policy and Terms of Use (found here: [insert link to Terms of Use]), and you consent to our collection, storage, use and disclosure of your Personal Information as described in this Privacy Policy.


We collect “Non-Personal Information” and “Personal Information.” Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks. Personal Information includes your email [insert specifically what personal information your website collects, i.e. address, date of birth, marital status, contact information, etc.], which you submit to us through the registration process at the Site.

1.   Information collected via Technology

To activate the Service you do not need to submit any Personal Information other than your email address. To use the Service thereafter, you [do/do not] need to submit further Personal Information [,which may include: list Personal Information collected]. However, in an effort to improve the quality of the Service, we track information provided to us by your browser or by our software application when you view or use the Service, such as the website you came from (known as the “referring URL”), the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information that does not personally identify you. We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect Non-Personal information about that user and keep a record of the user’s preferences when utilizing our services, both on an individual and aggregate basis. For example, the Company may use cookies to collect the following information:

·   [list typical things you may want to track]

The Company may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser.  [For example, we store a persistent cookie to track [_____]].

2.   Information you provide us by registering for an account

In addition to the information provided automatically by your browser when you visit the Site, to become a subscriber to the Service you will need to create a personal profile. You can create a profile by registering with the Service and entering your email address, and creating a user name and a password. By registering, you are authorizing us to collect, store and use your email address in accordance with this Privacy Policy.

3. Children’s Privacy

The Site and the Service are not directed to anyone under the age of 13. The Site does not knowingly collect or solicit information from anyone under the age of 13, or allow anyone under the age of 13 to sign up for the Service. In the event that we learn that we have gathered personal information from anyone under the age of 13 without the consent of a parent or guardian, we will delete that information as soon as possible. If you believe we have collected such information, please contact us at [Company contact email address].


Personal Information:

Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent or otherwise share for marketing purposes your Personal Information with third parties without your consent. We do share Personal Information with vendors who are performing services for the Company, such as the servers for our email communications who are provided access to user’s email address for purposes of sending emails from us. Those vendors use your Personal Information only at our direction and in accordance with our Privacy Policy.

In general, the Personal Information you provide to us is used to help us communicate with you. For example, we use Personal Information to contact users in response to questions, solicit feedback from users, provide technical support, and inform users about promotional offers.

We may share Personal Information with outside parties if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable legal process or enforceable governmental request; to enforce applicable Terms of Service, including investigation of potential violations; address fraud, security or technical concerns; or to protect against harm to the rights, property, or safety of our users or the public as required or permitted by law.

Non-Personal Information

In general, we use Non-Personal Information to help us improve the Service and customize the user experience. We also aggregate Non-Personal Information in order to track trends and analyze use patterns on the Site. This Privacy Policy does not limit in any way our use or disclosure of Non-Personal Information and we reserve the right to use and disclose such Non-Personal Information to our partners, advertisers and other third parties at our discretion.

In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy, and that any acquirer of our assets may continue to process your Personal Information as set forth in this Privacy Policy. If our information practices change at any time in the future, we will post the policy changes to the Site so that you may opt out of the new information practices. We suggest that you check the Site periodically if you are concerned about how your information is used.


We implement security measures designed to protect your information from unauthorized access. Your account is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use. We further protect your information from potential security breaches by implementing certain technological security measures including encryption, firewalls and secure socket layer technology. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. By using our Service, you acknowledge that you understand and agree to assume these risks.


You have the right at any time to prevent us from contacting you for marketing purposes.  When we send a promotional communication to a user, the user can opt out of further promotional communications by following the unsubscribe instructions provided in each promotional e-mail. You can also indicate that you do not wish to receive marketing communications from us in the [list location of opt-out page, i.e. “Settings” section] of the Site. Please note that notwithstanding the promotional preferences you indicate by either unsubscribing or opting out in the [location of opt-out page] of the Site, we may continue to send you administrative emails including, for example, periodic updates to our Privacy Policy.


As part of the Service, we may provide links to or compatibility with other websites or applications. However, we are not responsible for the privacy practices employed by those websites or the information or content they contain. This Privacy Policy applies solely to information collected by us through the Site and the Service. Therefore, this Privacy Policy does not apply to your use of a third party website accessed by selecting a link on our Site or via our Service. To the extent that you access or use the Service through or on another website or application, then the privacy policy of that other website or application will apply to your access or use of that site or application. We encourage our users to read the privacy statements of other websites before proceeding to use them.


The Company reserves the right to change this policy and our Terms of Service at any time.  We will notify you of significant changes to our Privacy Policy by sending a notice to the primary email address specified in your account or by placing a prominent notice on our site. Significant changes will go into effect 30 days following such notification. Non-material changes or clarifications will take effect immediately. You should periodically check the Site and this privacy page for updates.


If you have any questions regarding this Privacy Policy or the practices of this Site, please contact us by sending an email to [Insert Company Email].

Last Updated: This Privacy Policy was last updated on [_______].

Any [GREEN] highlighted language is intended to be filled in by the user. Any [YELLOW] highlighted language is considered optional or conditional by the attorney community. Consult with an attorney before using this document. This document is not a substitute for legal advice or services. Refer to our Terms of Use for more details.

This form has been prepared for general informational purposes only. It does not constitute legal advice, advertising, a solicitation, or tax advice. Transmission of this form and the information contained herein is not intended to create, and receipt thereof does not constitute formation of, an attorney-client relationship. You should not rely upon this document or information for any purpose without seeking legal advice from an appropriately licensed attorney, including without limitation to review and provide advice on the terms of this form, the appropriate approvals required in connection with the transactions contemplated by this form, and any securities law and other legal issues contemplated by this form or the transactions contemplated by this form.

Privacy Policy Template: What Is It?

A privacy policy template is a sample of a privacy policy, which explains to website users what kind of data you are collecting from them and what you will do with it. If you collect personal data, a privacy policy is required by law. Personal data includes anything that the user might feel is personal, including their email address, their first and last name, their billing or shipping address, or their credit card details.

A privacy policy is a legal document and is also sometimes called a privacy statement, privacy notice, privacy information, or a privacy page.

Who Needs a Privacy Policy?

If you have any of the following, you need a privacy policy:

  • Website
  • Blog
  • E-commerce store
  • Mobile app
  • Facebook app
  • Desktop app
  • SAAS app
  • Other digital products,

You also need a privacy policy if you use Google AdSense.

The Basics of Privacy Policies Around the World

Rules and regulations for privacy policies vary depending on where you are based and what legislation you fall under.

EU Regulations

There are two laws that affect privacy policies in the EU. The Data Protective Directive means that websites or mobile apps that use the personal data of users must have a privacy policy. The ePrivacy Directive is for when your users' data is directly or indirectly displayed to or used by a third party.

If you are doing either of these things on your website and you are operating within the EU, you must disclose this information in your privacy policy.

U.S. Regulations

In the U.S., there are no overall laws regarding privacy policies. It can vary state to state. California is the most regulation heavy when it comes to privacy policy regulations.

  • The Gramm-Leach-Bliley Act obliges companies to display clear and accurate information about their data collecting practices. It also limits the usage and sharing of users' financial data.
  • The COPPA law is for websites that take information about children under 13. If you do this, you are legally obligated to display a privacy policy.
  • The Content Eraser law applies if you collect data from minors (under the age of 18). This means that you have to have an easy way for minors to delete the information or content that they have posted on your service.
  • The California Online Privacy Protection Act requires all California-based organizations to obviously display a privacy policy if they collect any data from their users.
  • The Student Online Personal Information Protection Act (SOPIPA) is a California regulation that prohibits websites from sharing data from K-12 students and using that information for direct advertising to these students for a non-educational purpose.

Canada Regulations

Canada has the Personal Information Protection and Electronic Documents Act (PIPEDA). This law states that there are certain limits and that companies need to organize personal data that they are gathering and using, and they must disclosure this information to their users.

Australia Regulations

Australian companies are required by law to have a privacy policy if they are collecting any sort of personal information from their users. The policy needs to mention not only what kind information you are collecting, but also why you are collecting it.

What to Include in A Privacy Policy

What you include in your privacy policy will depend on what information you are collecting, how you are collecting it, and what you are doing with it.

If a third party - such as an app or email marketing website - is involved in collecting the personal information, you will need to disclose that.

Some of the most important things to cover are:

  • What personal information you are collecting through your website.
  • Any information about cookies you use.
  • How you are using the personal information you collect.
  • If you will be disclosing their details to a third party, you must explain why and in what capacity.
  • Further information about the security of the data you collect and how you are keeping it safe.
  • Explain how the user is able to control their information once it has been given.
  • Let the user know that changes can be made at any point in the policy, so they should review it regularly.
  • Contact information where the user can reach you regarding questions they have about the policy.
  • You may also mention that users have a right to view and verify the information you collect about them.

Problems That Arise From a Privacy Policy

Simply having a privacy policy isn't enough to ensure you are cooperating with privacy laws. Law enforcement can fine websites whose privacy policies are well-intentioned, but wrong.

  • A statement like, "We will not share your information with any third party," could get you into a lot of trouble. This is most likely untrue. When it comes to the internet, there may be a lot of third party companies that you are sharing your users' information with. This includes, but is not limited to, your site's hosting company, your user's own ISP, the mail service delivering any purchases made by your customers, or the bank that takes your credit card payments.
  • Another statement that causes some businesses problems is, "We collect your personal information using the forms you fill out on this site." While you may be using a form to collect information, you are also likely collecting personal information about your website's users from text messages, e-mails, phone calls, and posts, or from other outside sources. Be sure to state every location from which you collect information.
  • Your privacy policy must remain correct at all times. If the information you are collecting, how you are collecting it, or the way in which you are using it changes, you must update your privacy policy.

How to Share Your Privacy Policy

There are two ways of sharing your privacy policy with users. You can use one or both of these methods on your website.

  • Browsewrap means you simply put a link in the footer of your website that when clicked, takes the user to your privacy policy.
  • Clickwrap is when a website tells their users of the privacy policy when they sign up for an account. They will immediately be asked to read and agree to the policy.

Why Use a Privacy Policy Template?

Privacy policies aren't very easy to make, so using a template is a great way to get started and make sure you don't miss out on any information that is required. You do not want to take this matter lightly. You can get into trouble with your customers and the law if you don't have a privacy policy or if you have a one that does not cover all of the correct information.

Examples of Privacy Policies

Starting with the UpCounsel privacy policy template is an easy and effective way to ensure that you are covering all of the valuable information required in a privacy policy. Depending on your type of business, you may want to look at different privacy policy templates as well.

If you need help with privacy policy templates, you can post your question or concern on UpCounsel's marketplace. UpCounsel accepts only the top 5 percent of lawyers to its site. Lawyers on UpCounsel come from law schools such as Harvard Law and Yale Law and average 14 years of legal experience, including work with or on behalf of companies like Google, Stripe, and Twilio.

Was this document helpful? Share it with your network!
Want High Quality, Transparent, and Affordable Legal Services?