Sample Privacy Policy Template & Examples [FREE Download]
When running a website, any kind of data processing involves some degree of risk and vulnerability. As such, having a privacy policy that details how you collect and process personal information is essential, both from a legal and business perspective.
Keep scrolling for a free privacy policy template and to see how existing businesses use privacy policies to get compliant and inform their customers about their privacy practices.
PRO TIP: Don’t waste time and take the guesswork out of the legal jargon with this personalized privacy policy generator trusted by 100K+ businesses.
Sample Privacy Policy Template
This generic privacy policy template can be used as a starting point for you to understand the essential elements that a typical policy should contain.
Note that this is just an example privacy policy template only. It will need to be customized to your business and where it operates, as most privacy laws worldwide have different requirements, as do third-party services that your website might be using.
Privacy Policy Examples
Here are some privacy policy examples from different industries and website types to give give you a better idea of what kind of clauses your own privacy policy has to include.
Robinhood
Commission-free trading platform Robinhood needs to have a strong privacy policy in place, as it collects a lot of personal information from its users: from names to banking details, and addresses to social security numbers, the stakes are high.
The company refers to its privacy policy in its website footer:
When users click on the word “Privacy”, a 10-page PDF document opens:
Here is Robinhood’s definition of “Personal Information”:
In addition to the typical information that a financial institution needs to collect from its customers in order to allow them to trade securities, Robinhood warns its users that some personal information is automatically collected, including through the use of cookies.
That information includes location data, notably for fraud prevention purposes, and usage and device data in order to provide a better user experience and to aid in the targeted advertising of its services on other platforms.
Robinhood also warns its customers that it obtains personal information from other sources and third parties, which it combines with the data that it has already collected from its users. In other words, this gives the company a pretty good portrait of its customers:
The company goes on to explain how it uses that information using easy-to-read bullet points and specifies under which circumstances it would share personal data with third parties, all while specifying that it does not sell or rent personal information.
Typical of a standard privacy policy, it lets users know that it allows third-party online advertisers, social media companies, and other service providers to collect information so that they may deliver targeted advertising and reporting, attribution, analytics, and market research services. It links to the companies’ respective privacy policies (Google Analytics).
Robinhood makes it easy for its customers to manage the personal information that they share by providing a form that can be submitted to a designated email address – a link to this form is included in the privacy policy. Here is what it looks like:
Keeping in mind that this company only operates in the United States, this is a good example of a privacy policy that has been tailored for a business that operates in a very regulated and specific industry, namely financial services.
Airbnb
Holiday rental platform Airbnb operates all over the globe and has customers located in various jurisdictions.
Its privacy policy can be found in the Help Center and can be accessed through a hyperlink in its website footer:
Potential website users are warned during the sign-up process that creating an account involves agreeing with Airbnb’s privacy policy, terms of service, payment terms of service, and anti-discrimination policy.
Its privacy policy itself is fairly straight-to-the-point. Taking into account that it has customers located in different countries, it starts off by indicating that some users may need to read this privacy policy in conjunction with supplemental country-specific information.
Unsurprisingly, Airbnb collects a large quantity of information from its users in order to be able to provide its services. This includes: names, phone numbers, postal addresses, email addresses, dates of birth, profile photos, photo of government-issued IDs, payment information – and this is only the basic information required in order to be able to use the platform.
Users have the option to provide Airbnb with additional personal information such as gender, preferred language, city, personal description, and contacts.
In addition, it automatically collects geolocation information, usage information (pages visited, searches, etc), log data and device information, and payment transaction information, as well as uses cookies to store additional data.
The information that it collects from third parties is very specific to the services that it offers background information in the form of public records of criminal convictions or sex offender registrations, for example.
In the United States privacy policy, the company lists out how it uses information that it collects using bullet points and one-liners. The “Outside of the United States” privacy policy supplement goes further into details and specifies under which lawful basis it does so, using tables for better readability:
How Airbnb shares personal data is very specific to the nature of its business. Indeed, the policy states that information may be shared between members of the platform in order to facilitate booking and interactions.
This makes sense, as it is essential in order for the hosts and the guests to be able to coordinate their bookings – but a good example of why you cannot simply copy and paste another website’s privacy policy, as it may not well be applicable to yours.
Airbnb is transparent about how users can exercise their data subject rights and facilitates the process of submitting a request by having a dedicated page on its website, which is linked in the privacy policy:
Here is what the page looks like:
This makes managing data easy for users, as each individual account has a section called “Manage your data” under which one can deactivate or delete their account and request a copy of the personal data that Airbnb holds about them. To opt-out of direct marketing activities or to object to data processing, when allowed to under the laws of the user’s jurisdiction, users are invited to email the company.
Here is what the “Manage your data” tab looks like for an Airbnb user:
In addition to the “Outside of the United States” supplement, Airbnb also has the following privacy policy supplements, which include pages specific to California and Vermont-based customers, China-based customers, and third parties that it links to and a section specifically for enterprise customers:
If you are a US-based company with affiliates and customers across the globe, have a look at how Airbnb has structured its privacy policy – especially for its international users – as it manages to take into account various complex global privacy laws requirements and make it readable and understandable.
Wayfair
Online furniture retailer, Wayfair, operates one of the biggest eCommerce websites on the Internet, shipping furniture to customers across the United States and internationally.
Reference to its privacy policy appears in its website footer, with a link to a separate, dedicated page:
Customers are also reminded of its existence during the checkout process as they are warned that by placing an order, they are agreeing to both the Wayfair privacy policy and terms of use:
The privacy policy itself is fairly standard and includes the following main sections:
- Scope of application
- Information collected and how it is used
- Information automatically collected by using the website or application
- Information collected from third parties (linked social media accounts, for example)
- Sharing of information
- Cookie policy
- Direct marketing and behavioral advertising practices
- Security measures
- Data storage
- Children’s privacy
- Information specific to California residents and visitors from outside of the United States
- Changes to the privacy policy
- Contact information
A table is used so that customers can see at a glance how their personal information is used and for what purposes. This is a great idea, as this information will still jump out to people that are quickly scrolling through the page.
The company includes a statement in its privacy policy in which it addresses the security measures used to protect its customers’ personal information, all the while encouraging them to take reasonable measures to protect their passwords and prevent unauthorized access to their accounts.
It also warns customers that changes to the policy may be made periodically and as needed, with customers given notice of significant changes that could affect their information through the website, app, or by email.
Wayfair hosts its privacy policy and its terms of use on the same page, which makes it easy for the customer to read them together or one after the other – after all, acceptance of both is implied when placing an order on their website.
OFX
Your responsibility does not stop once you have a privacy policy in place. It will need to be updated from time to time to keep up with legislative and business changes.
If you make any changes to your privacy policy, especially if they are significant, you will need to warn your users, as they may wish to revoke their consent or have questions about your new practices.
Australian online foreign exchange and payments company OFX recently sent this email notice to its customers, following changes to its privacy policy:
As you can see, this is short and to the point – using a friendly, approachable tone of voice and inviting customers to contact them should they require assistance. Note that it links multiple times to OFX’s updated privacy policy, giving customers the opportunity to read through the new document.
How to Draft a Privacy Policy for Your Website?
Drafting a privacy policy for your website should not be taken lightly. It is, after all, a legal document that must contain some specific elements and information in order to comply with applicable privacy laws and regulations.
Whether you choose to draft your own privacy policy, consult with an attorney or choose to use our handy privacy policy generator, you should be regularly reviewing your policy to ensure that you remain compliant with both privacy legislation and third party requirements and, when you do make modifications to your policy, inform your users of any major changes that could affect them.