Here’s something most people don’t know: if you don’t have a privacy policy then you’re probably breaking the law and violating the terms of service of your analytics provider (like Google).

Disclaimer: I’m not a lawyer, none of the following can be considered to be legal advice.

While the US Federal Government does not require a privacy policy, several states do

For many websites, the US federal government does not require you to have a privacy policy. However, several states require that you have if any resident of that state could visit your website.

What that means is if your website is for a nail salon in Texas and a California resident on vacation goes to your website because they want to find somewhere to get their nails done, you have to comply with California law. And yes, California requires you to have a privacy policy if you collect any data on California residents.

Which means you have to have a privacy policy.

Additionally, if it is possible for a child under 13 to visit your website, then you have to comply with COPPA – the Children’s Online Privacy Protection Rule. Again, with the nail salon example, it’s reasonable to think that a 12-year-old may want their nails done. If your website has a recipe for homemade pizza, then it’s quite possible a 12-year-old could find that recipe.

Here are the main reasons you need a privacy policy:

  1. Most states and countries require you to display a privacy policy.
  2. Third parties require it with their terms of service – so if you use anything like advertising, google analytics, payment processors, email newsletter signups, app stores, etc you are required to have one. And not just have one, have one that addresses their rules.
  3. Don’t get sued – Delta Airlines, SnapChat, Google and many more companies have all faced lawsuits over questionable privacy policies. It can get far worse if you don’t have any policies at all.
  4. Build trust with visitors – when your privacy policy is easily found it lets visitors know that you care about following the rules and makes them a lot more likely to do business with you.

Now that you know why you need a privacy policy, how do you get one?

Easy, you make someone else do all the hard work!

Policy options: Free & Paid

There are a few companies which offer privacy policies for websites with. Two that I’m going to discuss are Termly and Termageddon.

  • Termly: A basic policy for 1 website with Termly branding is available for free. You will need to create an account with them. Their paid policies service is $10/month if billed yearly.
  • Termageddon is only a paid service. Their pricing is $10/month or $99/year and includes embedding on your own website with automatically updating policies. Use this link to save 20% on your first payment.

Here’s how to get your privacy policy written in about 10 minutes

We’re going to use Termly to generate your new privacy policy.

Termly is a free to use service as of September 2020. All companies reserve the right to change their pricing.

Before we get started, let me make something very clear: you can NOT just generate the policy and then not proofread it or NOT follow it.

One, this is a free tool that does a pretty darn good job, but it could make mistakes. It is your responsibility to proof read the final product.

Two, now that you have a privacy policy, you are required by law to follow that privacy policy. If you need to do something that violates the policy, then you either need to update the policy or not do that thing.

To get started, go to Termly and click on “Generate Privacy Policy” (in order to use your policy you will need to create an account with them, but as of April 2020 you don’t have to give them any money, but they do require a credit link to be used).

Next, follow the instructions in this video:

Read and follow your own policy

It’s extremely important that you both read and follow your own privacy policy.


The European Union has a privacy regulation which took effect in May 2018. This regulation is extra-territorial and the United States has agreements in effect with the EU to support this policy. So make sure that your privacy policy considers and follows the GDPR.

For more information on the GDPR click here.

One thought on “How to build your privacy policy and stop breaking the law

Leave a Reply

Your email address will not be published. Required fields are marked *