How to Write a Privacy Policy for Your Website

Privacy policy for website

These days, collecting data associated with your visitors and customers on your website has become a standard marketing practice. Using this data, you can improve the customer experience, refine your marketing strategy and, in some cases, earn extra revenue.

Collecting this information isn’t a no-strings-attached endeavor, however. Consumers have become more protective of their data, and governments continue to regulate how businesses can gather and use it. In fact, most countries and American states require such privacy policies by law. For this reason, it’s essential that your website has a privacy policy explaining why you’re collecting consumer data, and how.

A privacy policy accomplishes a number of things. First, it lets visitors to your site know what information you will collect and what you will do with it. It also tells visitors how you protect that information, and provides recourse for those who feel that you or a third party has violated their privacy.

Here, we’ll show you how to write a privacy policy for your website that may assist you in satisfying legal requirements and putting your customers at ease.

Why does your website need a privacy policy?

The truth is, many customers worry about data collection and misuse. According to Pew Research, nearly 80% of Americans are concerned about how companies use the data collected through websites.

Still, few will take the time to read each individual privacy policy that companies make public on their websites. According to the same study, “Fully 97% say they are ever asked to approve privacy policies, yet only one-in-five adults overall say they always (9%) or often (13%) read these policies.”

Does that mean you don’t have a responsibility to be upfront and clear in your privacy policy? Absolutely not. For one thing, privacy policies can act as liability insurance if a customer ever disputes how you’ve used their data. And second, business owners have a role to play in restoring the public’s faith in honest collection and use of data. When you inform users exactly what information your site gathers, how you use it, and why you collect it, you establish trust and build customer loyalty.

Better yet, by telling users how you secure that information—especially if you process online payments—you give them the confidence to buy your products online without fear that their information will fall into the wrong hands.

When you create a Wix website, you can easily adjust your privacy settings and create a privacy policy directly from the Wix dashboard. Using the Wix Privacy Center, you can add a privacy policy to your site, install permission banners for cookies, ensure data collection, and use tools that help you comply with the GDPR and CCPA.

Website privacy policy

How do you write a privacy policy?

There are a number of ways to make a privacy policy for your professional website.

For an excellent and binding policy that is unique to your business, you should hire a lawyer. It’s the most expensive option, but a lawyer will be able to tailor a privacy policy to your precise needs and give your company the best protection.

An alternative is to use free online privacy policy generators, which allow you to copy and paste a boilerplate policy onto your website. From there, you can customize the policy to suit your specific needs. A few good generators include and These tools allow you to add sections that make sense for your business, and offer prompts to help you determine the kind of language your business may need.

Another budget-friendly option is to write your own policy using a template or sample, which gives you the utmost control over the policy. This way, you’ll have an idea of which information should go into a basic website privacy policy. Then, you can add any policies unique to you, your business or your website. This resource with sample privacy policies may serve as a helpful guide.

Finally, you may choose to write a privacy policy from scratch. If you go this route, here are some of the most important topics to cover:

  1. What data you’ll collect and how you’ll use it

  2. Methods of collection

  3. Customer communication

  4. Redress and security information

  5. Child privacy

  6. Future changes

  7. Contact information

What to include in your website privacy policy

01. What data you collect and how you’ll use it

You should list the exact types of data that you collect from users, such as IP addresses and email addresses. This may include a person’s name, age, address, interests, credit card information, banking information and more. Be as specific as possible to avoid any misunderstandings.

In addition to telling people what you collect, you should also tell them why you collect it. Whether you’re using information to recommend new products or tailor promotions to your target audience, be transparent to help put customers at ease. A statement such as “We may use your information to provide you with special offers” goes a long way.

02. Methods of collection

Users will encounter some obvious data collection methods while using your site (such as their credit card information when they checkout), but your website privacy policy should lay out all the ways that you collect data. You should disclose your use of online forms, opt-in pop ups and checkout pages, but also mention any information that your website collects on the back end, like IP addresses and users’ location.

03. Customer communication

One of the principal reasons that websites collect data is to communicate with customers. If you’re collecting contact information, a communications clause is necessary.

This section should let users know how and why you plan to contact them. If you send regular email newsletters, text users about flash sales, or provide transaction updates through Facebook Messenger, SMS or email, your website privacy policy should say so. Be sure to list the methods of communication you use and how they’re used to avoid any confusion or breach of trust.

If, for any reason, users don’t want to have their information collected, they should have the choice to opt-out. The communication clause should therefore explain that visitors may opt out of having their information collected at any time. Tell them exactly how to do it by referring them to a link or providing an email address to reach out to. You can, however, mention that when they choose to opt out, it may affect their site experience. For example, products or deals relative to their location or demographic may not be disclosed.

Website privacy policy: Customer communication

04. Redress and security information

People’s financial information is a sensitive topic, and rightly so. Your website privacy policy should detail the encryption and security measures you’ve implemented to protect sensitive information like credit cards, bank accounts and home addresses. If people don’t feel comfortable paying on your website, you’ll lose out on potential revenue.

In addition, you should provide information about a customers’ rights related to their personal information. In accordance with privacy regulations around the world, site visitors may have - among other rights - the right to access their data or ‘be forgotten’ (be permanently deleted from your databases). You should provide your users with a list of their rights and the ways on how to exercise them.

If customers feel that you have violated their privacy or that you have not honored your own policy in some way, they deserve a method of redress—a way to set things right. Your privacy policy is serious and you should take it seriously. Add a redress policy that tells visitors who to contact if they feel the policy has been violated. This shows that you stand by the policy and respect consumer privacy.

You can also let customers know they can report a privacy violation to the U.S. government.

05. Child privacy

Due to the Children's Online Privacy Protection Act (COPPA) in the United States, you need a clause that addresses child privacy. This law states that it is illegal for your site to collect private information from minors without using a specific protocol to do so.

Even if your business caters to adults, it’s still necessary to add a brief clause to indemnify you in the event of any accidental violation of COPPA.

For instance, Hormel Foods uses this simple passage:

“Our Website is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, please do not provide any information on this Website.”

If your website does target children under the age of 13, you’ll need to create a more detailed Children’s Privacy Policy on its own landing page. You can read more about Children’s Privacy rules here.

06. Future changes

Businesses grow and change, and so do privacy policies. As such, your privacy policy should include a section that informs users of your right to adjust the policy at any time, and of their right to know about any revisions.

This section should tell users that you will notify them of any changes when they occur and which method of communication you’ll use. You should also add a note in bold to the top of your website privacy policy to alert visitors of any new changes.

07. Contact information

It’s a good idea to add your contact information to your privacy policy. This offers customers an even greater degree of transparency. By giving them a clear way to contact you with any questions or concerns, you show that your company genuinely cares about user privacy. Another great way to do this is by creating a contact form.

Website privacy policy: Contact form for website

Privacy as a good business practice

A privacy policy is required by law for any website that collects visitor data, but it’s also a good business practice. Creating a detailed privacy policy that outlines what data you collect, why you collect it, and how you use it shows that you care about your users’ privacy and value their patronage.

Whether you’re adding it to an existing site or building a website from scratch, this guide will help you create a privacy policy that will benefit both your users and your business.

DISCLAIMER: The explanations and information provided herein are only general explanations. You should not rely on this article as legal advice or as recommendations regarding what you should actually do. We recommend that you seek legal advice to help you understand and to assist you in the creation of your privacy policy.

By Eric Goldschein

Fundera Partnerships Editor

Eric Goldschein is the partnerships editor at Fundera, a marketplace for small business financial solutions. He has nearly a decade of experience in digital media and has written for outlets including Business Insider, Startup Nation, BigCommerce, Square, HostGator, and Keap, covering finance, marketing, entrepreneurship, and small business trends.


This Blog was created with Wix Blog