These days, collecting data associated with your visitors and customers on your website has become a standard marketing practice. Using this data, you can improve the customer experience, refine your marketing strategy and, in some cases, earn extra revenue. Collecting this information, however, comes with a few attached strings: as consumers become more protective of their data, governments increasingly regulate how businesses can gather and use it. For example, the European Union now requires such privacy policies by law, as do some American states. For this reason, your website must have a privacy policy letting visitors know what information you will collect, what you will do with it, how you’ll protect it and the recourse for privacy violations. The same also applies for any website converted into an app. Here, we’ll show you how to write a privacy policy, as part of your general web privacy and website management efforts, that will increase your compliance with privacy regulations and put your customers at ease.
What is a privacy policy?
A privacy policy is an industry standard for any website that collects visitor data, and in most countries, required by law. Creating a detailed privacy policy that outlines what data you collect, why you collect it, and how you use it shows that you care about your users’ privacy and value their patronage.
For small business owners and entrepreneurs launching their online presence, learn how to make a website with a secure builder like Wix.
Why does your website need a privacy policy?
Many customers worry about data collection and misuse. According to Pew Research, around half of Americans have decided not to use a product or service because of privacy concerns. Business owners can restore the public’s faith with transparent data collection. When you inform users exactly what information your site gathers, how you use it, and why you collect it, you establish trust and build customer loyalty.
When writing a privacy policy for your business website, give prospective customers the confidence to buy your products online without fear that their information will fall into the wrong hands. Tell them how you secure that information—especially if you process online payments. The same goes for if you're selling services, or other forms of content, such as an online course.
When you create a Wix website, you can easily adjust your privacy settings from the Wix dashboard. Using the Wix Privacy Center, you can add a privacy policy to your site, enable cookies banners , ensure data collection, and use tools that help you comply with the GDPR and CCPA.
At Wix we take our commitment to protecting our users' websites and their data seriously. To learn more about how we do this visit our Privacy and Security Hub.
How to write a privacy policy
There are a number of ways to make a privacy policy for your professional website.
For an excellent and binding policy that is unique to your business, you should hire a lawyer. It’s the most expensive option, but a lawyer will be able to tailor a privacy policy to your precise needs and give your company the best protection.
An alternative is to use free online privacy policy generators, which allow you to copy and paste a boilerplate policy onto your website. From there, you can customize the policy to suit your specific needs. A few good generators include FreePrivacyPolicy.com and GetTerms.io. These tools allow you to add sections that make sense for your business, and offer prompts to help you determine the kind of language your business may need.
Another budget-friendly option is to write your own policy using a template or sample, which gives you the utmost control over the policy. This way, you’ll have an idea of which information should go into a basic website privacy policy. Then, you can add any policies unique to you, your business or your website. This resource with sample privacy policies may serve as a helpful guide.
Finally, you may choose to write a privacy policy from scratch. If you go this route, here are some of the most important topics to cover:
01. What data you collect and how you’ll use it
You should list the exact types of data that you collect from users, such as IP addresses and email addresses. This may include a person’s name, age, address, interests, credit card information, banking information and more. Be as specific as possible to avoid any misunderstandings.
In addition to telling people what you collect, you should also tell them why you collect it. Whether you’re using information to recommend new products or tailor promotions to your target audience, be transparent to help put customers at ease. A statement such as “We may use your information to provide you with special offers” is effective and to the point.
02. Methods of collection
Users will encounter some obvious data collection methods while using your site (such as their credit card information when they checkout), but your website privacy policy should lay out all the ways that you collect data. You should disclose your use of online forms, opt-in pop ups and checkout pages, but also mention any information that your website collects on the back end, like IP addresses and users’ location.
03. Customer communication
One of the principal reasons that websites collect data is to communicate with customers. If you’re collecting contact information, a communications clause is necessary.
This section should let users know how and why you plan to contact them. If you send regular email newsletters, text users about flash sales, or provide transaction updates through Facebook Messenger, SMS or email, your website privacy policy should say so. Be sure to list the methods of communication you use and how they’re used to avoid any confusion or breach of trust.
If, for any reason, users don’t want to have their information collected, they should have the choice to unsubscribe. The communication clause should therefore explain that visitors may opt out of having their information collected at any time. Tell them exactly how to do it by referring them to a link or providing an email address to reach out to. You can, however, mention that when they choose to opt out, it may affect their site experience. For example, products or deals relative to their location or demographic may not be disclosed.
04. Redress and security information
People’s financial information is a sensitive topic, and rightly so. Your website privacy policy may detail the encryption and website security measures implemented to protect sensitive information like credit cards, bank accounts and home addresses. If people don’t feel comfortable paying on your website, you’ll lose out on potential revenue.
In addition, you should provide information about a customers’ rights related to their personal information. In accordance with privacy regulations around the world, site visitors may have - among other rights - the right to access their data or ‘be forgotten’ (be permanently deleted from your databases). You should provide your users with a list of their rights and the ways on how to exercise them.
If customers feel that you have violated their privacy or that you have not honored your own policy in some way, they deserve a method of redress—a way to set things right. Your privacy policy is serious and you should take it seriously. Add a redress policy that tells visitors who to contact if they feel the policy has been violated. This shows that you stand by the policy and respect consumer privacy.
You can also let customers know they can report a privacy violation to the U.S. government.
Pro-tip: Websites built on Wix offer around-the-clock-monitoring and use the strongest encryption standard commercially available to safeguard businesses and their clients online. Supported by anti-fraud protection, sites are also compliant with the highest Payment Card Industry Data Standards. Therefore, businesses running on the platform receive enterprise-grade security managed by experts.
05. Child privacy
Due to the Children's Online Privacy Protection Act (COPPA) in the United States, you need a clause that addresses child privacy. This law states that it is illegal for your site to collect private information from minors without using a specific protocol to do so.
Even if your business caters to adults, it may be necessary to add a brief clause to indemnify you in the event of any accidental violation of COPPA.
For instance, Hormel Foods uses this simple passage:
“Our Website is not intended for children under 18 years of age (or the age of majority in your jurisdiction). We do not knowingly collect, use, or disclose Personal Data from children under 18. If you believe that we have collected, used or disclosed Personal Data of a child under the age of 18 (or the age of majority in your jurisdiction), please contact us using the contact information below so that we can take appropriate action.”
If your website does target children under the age of 18, you’ll need to create a more detailed Children’s Privacy Policy on its own landing page. You can read more about Children’s Privacy rules here.
06. Future changes
Businesses grow and change, and so do privacy policies. As such, your privacy policy should include a section that informs users of your right to adjust the policy at any time, and of their right to know about any revisions.
This section should tell users that you may notify them of any changes when they occur and which method of communication you’ll use. You should also add a note in bold to the top of your website privacy policy to alert visitors of any new changes.
07. Contact information
It’s a good idea to add your contact information to your privacy policy. This offers customers an even greater degree of transparency. By giving them a clear way to contact you with any questions or concerns, you show that your company genuinely cares about user privacy. Another great way to do this is by creating a contact form.
DISCLAIMER: The explanations and information provided herein are only general explanations. You should not rely on this article as legal advice or as recommendations regarding what you should actually do. We recommend that you seek legal advice to help you understand and to assist you in the creation of your privacy policy.
Location and data protection laws
Location and data protection laws are a complex and ever-evolving area of law. However, there are some general principles that apply across most jurisdictions.
Location data is any data that can be used to identify a person's physical location. This includes data from GPS devices, cell phone towers and even social media posts. Location data is increasingly being used by businesses and governments to track people's movements and to target them with advertising and other services.
Data protection laws are designed to protect individuals' privacy and to give them control over their personal data. These laws typically require businesses and governments to obtain consent from individuals before collecting or using their data. They also require businesses and governments to take steps to protect the data from unauthorized access or use.
Location data is often considered to be particularly sensitive personal data because it can be used to track people's movements and to create detailed profiles of their activities. As a result, many data protection laws have specific provisions that apply to the collection and use of location data.
For example, the European Union's General Data Protection Regulation (GDPR) requires businesses and governments to obtain explicit consent from individuals before collecting or using their location data. The GDPR also requires businesses and governments to take steps to minimize the collection of location data and to anonymize or pseudonymize the data whenever possible.
In the United States, there is no federal law specifically governing the collection and use of location data. However, a number of states have passed their own laws that regulate the collection and use of location data. For example, the California Consumer Privacy Act (CCPA) gives individuals the right to access their location data, to request that their location data be deleted and to opt out of the sale of their location data.
Businesses and governments that collect or use location data should be aware of the applicable data protection laws and should take steps to comply with those laws. This includes obtaining consent from individuals before collecting or using their location data, taking steps to protect the data from unauthorized access or use and minimizing the collection of location data whenever possible.
Individuals should also be aware of the data protection laws that apply to the collection and use of location data. Individuals have the right to control their personal data and to choose how their location data is used.
How to write a privacy policy for your website FAQ
How can I write a privacy policy for a blog?
A privacy policy for a blog should disclose the types of personal information collected from users, such as names, email addresses, and IP addresses. It should also disclose how the information is used, such as to send out newsletters or track blog traffic. The privacy policy should also include a statement that users can opt-out of receiving marketing emails.
What is a privacy policy template?
What kind of privacy policy is required for websites?
Eric Goldschein has a decade of experience in digital media and has written for outlets including Business Insider, Startup Nation, BigCommerce, Square, HostGator, Keap and Fundera, covering finance, marketing, entrepreneurship, and small business trends.