Does every website need a privacy policy?

Website Privacy Policy

Alright alright alright, today we are going to dive into one of the most boring pages of any website ... the Privacy Policy!

Yes, my friends, this page may be dull but it's hugely important and usually forgotten and/or ignored. Don't be one of those people who doesn't include a Privacy Policy and has to pay for it later (often literally!). 

In this article, we are going to look at what a Privacy Policy is, what should be included, who needs one, and how to create your own Privacy Policy. 

Whether you're getting ready to launch your first website or if you already have a website but it doesn't have a Privacy Policy, I'm certain you'll learn a thing or two about protecting yourself and your business!

Note: It goes without saying that I'm a web designer/developer and NOT a lawyer so please consult a professional for the best advice. I can only speak to what I know is industry standard but if you have any questions or concerns, always consult a professional.

Privacy Policy for your website

Ahhh the dreaded/beloved Privacy Policy. Did you know that if your website helps you to earn money in any way (for example, through products, services, affiliates, etc.) OR if you collect any personal information from visitors to your website, you MUST comply with legal requirements? And if you don't, you're at risk of being fined and/or sued?

Yeah, "oh crap" would be an appropriate reaction here.

Don't think that Privacy Policies are just for the "big guys" either. No matter what size business you have, your website should always have a Privacy Policy if it earns you money or collects information about your users.

Shameless plug: need help re-designing your website or adding this new page? I can help! Get in touch today.

Let's drill that home. Your website needs a Privacy Policy if:

  • you collect information about visitors to your website
  • you earn money through your website

Now that you know those general rules, let's add onto it by saying that your website should also have a Privacy Policy if you collect any information about your users, track them with Analytics, or display ads.

Related: How to tell if you small business is ready for a redesign and what to include in that project

Understanding Privacy Policies

Privacy Policies sound really intimidating and complicated but at their basic level, they are simply a document or page on your website that details and outlines the type of information you collect from visitors, how and why you use that information, and how you keep it secure. Depending on the type of information you collect, your Privacy Policy will be different so there isn't a hard & fast rule about what goes into Privacy Policies. 

Your Privacy Policy must outline that your website collects personal information. But what does that mean? Here's an example. If your website has an email newsletter (like mine does, have you signed up for it?), you MUST have a Privacy Policy. In this Privacy Policy, you'll outline that you're collecting information such as names, emails, IP addresses, browser cookies, etc.

This personal information that you collect about users & visitors to your website is super important to growing your business, since it allows you to learn more about your audience and therefore better serve them. However, people are real live human beings and want to be reassured that you won't go rogue with that information.

Sounds fair, right?

By having a Privacy Policy, you're demonstrating to those people that you're protecting their personal information from being collected and used without their knowledge and consent. 

As much as Privacy Policies are there to protect the information of visitors to your website, they're also in place to protect you and your business. Did you know that you can be fined or sued if you fail to disclose to visitors that you are collecting their personal information without informing them?


Know your privacy laws and protect yourselves.

Do all websites need a Privacy Policy?

My advice is to err on the side of caution and include a Privacy Policy if you even think that you might in some way be collecting information about your users.

When in doubt, the answer is yes.

Here's the thing: countries and governments value the privacy of their citizens and therefore will have laws in place to protect them. By including a Privacy Policy on your website, you're covering your butt.

Also, most third-party services (e.g., Google Adsense and other advertising affiliates) will require you to have a Privacy Policy anyways.

Finally, it's just common decency to let people know that you might be collecting information about them and letting them know what you plan to do with that data. By being honest about the information you're collecting and why, you're proving to visitors that you're not a shady person/business.

What to include in your website's Privacy Policy

Now that I've convinced you to include a Privacy Policy on your website, you're probably wondering what goes into one. Fair question, my friend!

The bad news is that the information included in your Privacy Policy will change depending on your situation, business type, offerings, etc., as well as any applicable laws and policies. Phew!

No matter what content is included in your Privacy Policy, best practice is to write it in easy to understand language. This is not the time to pump out a page of legal jargon. Remember, your Privacy Policy should do two things:

  1. Protect you and your business
  2. Inform and educate visitors/users of your website.

Once you've committed to using normal, real-person language, it's time to look at the nitty-gritty of the Privacy Policy.

There are a few guidelines that every Privacy Policy can follow. Here's what you should include so that your users are informed:

  • Who you are (e.g, your name or that of your business), where you're located and your contact information (email address is fine)
  • What information you collect (e.g., visitors name, email, IP address, etc.)
  • How that information is collected and why it is being collected
  • How you're keeping the collected information private, safe and secure
  • How long that information will be stored and kept private
  • Whether it is optional or required that users share their personal information with your website, and whether or not they can opt out of it. If that's the case, make sure you're outlining what that means for using/visiting your website
  • Any third-party services your website uses to collect, process or store that personal information about visitors to your website (e.g., email newsletter, ad network, etc.)

Remember to keep it short, sweet and easy to understand. Round one of your Privacy Policy can be as simple as going through each of the bullet points above and writing out your process honestly and openly.

Creating a Privacy Policy for your Website

In a perfect world, everyone would hire a lawyer who specializes in law related to digital or online media to draft their website's Privacy Policy. 

However, that's not always possible or realistic, for a variety of reasons (shoutout to my start-up friends with limited budgets!). 

If you fall into that second category, fear not, you're not totally screwed. 

Instead, use the points above in the Privacy Policy Guideline section to write your own Privacy Policy. Obviously this won't give you an iron-clad Privacy Policy since it won't necessarily ensure that your policy complies with all regional and/or international laws. It will, however, give you a solid foundation and cover your butt more than it currently is.

Here are two online tools that can help you while creating your first website Privacy Policy

  1. CFIB - This is especially helpful if you live in Canada like I do
  2. Shopify's free privacy policy generator - If you have an e-commerce shop, be sure to check this out

A note to my American friends: Be sure to address COPPA (i.e., use of your website by individuals aged 13 or under).

Final Thoughts

Once you've created a Privacy Policy for your website, I recommend putting that page in either a secondary menu at the bottom of your home page OR in the website's footer. Both places are appropriate homes for the Privacy Policy since it's not a central page of your website and likely will not receive a lot of traffic.

Now I'd love to hear from you, does your website have a Privacy Policy? Have I convinced you that it's time to add one to your website? How did you go about creating the content for your website's Privacy Policy if you already have one? Leave me a note in the comments and share any suggestions or resources you found helpful!

Interested in learning more about what it takes to get a website up and running? My free 7 day e-course will walk you through everything you need to know. Sign up for it today!

Get started with the free email course and have your website up and running in no time!


Ever dreamed of launching your own Squarespace website, but aren't sure where to start?

This free email course will teach you everything you need to know!

Sign up now and get lesson one delivered straight to your inbox!

Powered by ConvertKit