It’s here! Download our 2021 Holiday Playbook now.
Inside P+S

Everything You Need to Know About Privacy Policies… And How We Wrote Ours

Jim Babb
Jim Babb

At the very beginning of 2021, I checked off a resolution I should have dealt with months ago: I finalized a privacy policy for Part and Sum’s website. You can read it right here (there's pet photos involved).

I’ll be the first to admit that a privacy policy was not front of mind when we relaunched our website last summer. There were so many other details to juggle, from menu layouts to fonts to client case studies—all while keeping business running smoothly. It was only later, when Wes wrote this guide to CCPA compliance, that I realized we needed to prioritize our own privacy documentation.

We learned a lot in the process, so I thought I’d share it with you.

Do I really need a privacy policy?

Short answer: Yes. Longer answer: Yes, and here’s why. Even if you’re not subject to GDPR or California privacy laws right now, that could change as regulations (and your business) evolve. Furthermore, a good privacy policy—even if it’s not technically required—establishes trust by letting customers know that you value transparency and data security.

What should a website privacy policy include?

The specifics will depend on your data collection and usage practices, but at minimum, you’ll need to disclose:

Creating a privacy policy requires input from people throughout your organization, including marketing, sales, business development, and IT. The first draft of our policy included several question marks—I don’t know every detail of our website’s back-end analytics tools. Looping others in early helped fill in those blanks and gave me a better sense of how the document should be structured.

This technical information may be complex, but the language you use to describe it shouldn’t be. (GDPR Article 12 specifies that customer-facing communication about data and privacy should be “concise, transparent, intelligible and easily accessible... using clear and plain language.”) In fact, a privacy policy is an excellent opportunity to show off your brand voice: Think of it as a one-on-one conversation with customers about something that really matters. Part and Sum’s voice is honest and straightforward, and we prefer speaking like humans, instead of getting bogged down in jargon. So, that’s the approach we took with our privacy policy, too.

Can I use an online privacy policy template?

Search “privacy policy generator” or “free privacy policy” and you’ll see plenty of results. These generic services—many of which are free—can be a good place to start, but you’ll still need to make sure the final language accurately describes your data practices. If you have a static brochure-style website, this might not be very complicated. If you run an ecommerce business, there’s more to consider, from how you track purchasing behavior to how you retain and protect customers’ checkout information. 

Your CMS or ecommerce platform may have better options tailored for your website’s exact functionality. Here are some popular providers’ templates and data collection guides:

BigCommerce privacy policy guide

Klaviyo data privacy tips and settings 

Magento privacy policy guide

Shopify privacy policy generator

Squarespace privacy policy guide

Weebly privacy policy template

Wix cookie documentation

WooCommerce data collection overview

WP AutoTerms: WordPress privacy policy plugin

Again, these tools can get you started, and for some businesses, they’re a complete solution. However, your situation may call for something more comprehensive, and that may require outside help.

Are you saying I need an attorney?

I’m not a lawyer, but… you might.

Online templates do not constitute legal advice, as you’ll see if you read their fine print. And, ultimately, you will be held responsible for compliance—not your privacy policy generator or ecommerce platform. Depending on applicable legislation and the complexity of your data practices, you may need to consult an attorney to make sure your privacy policy is airtight. It really comes down to weighing the cost of legal fees against the benefit of convenience, and the potential risk of making an error.