Business, Technology, Internet and network concept. Young businessman working on a virtual screen: Privacy Policy

In a word, yes.

What is a privacy policy?

A privacy policy is a legal document that explains how a website collects, uses, shares, and protects the personal information of its users or customers. It outlines the policies and procedures related to privacy and data protection, providing transparency to individuals about how their personal information is handled.

But what does that really mean? Basically, if someone lands on your website, what data about that person will you receive, and how will you use it? You might be thinking, “I don’t receive anything!” But that probably isn’t the case. If you use Google Analytics, then you have access to a certain level of user data even if the person doesn’t purchase from you or submit any of your forms.

The only time when you would not be receiving any user data on a website is if you have no way for them to interact with the website, meaning there are no forms, no shopping, no membership, and no stats or analytics. In that case, you may not need a privacy policy. But for most people, you should have one.

What should you include in your privacy policy?

Keep in mind when looking over this information, it is generic in nature AND I am not a lawyer and don’t know the laws of your state, territory, or country. So use this as a guide to make decisions about what will be the best privacy policy for you, or better yet, contract with an Intellectual Property attorney to get one customized for you.

Possible options for your privacy policy

  1. Introduction: A brief overview of the purpose and scope of the privacy policy.
  2. Types of Information Collected: Explanation of the categories of personal information collected, such as name, email address, contact details, IP address, and any other data collected through forms, shopping carts, cookies or tracking technologies.
  3. Collection Methods: Description of how the website collects personal information, including information provided by users directly through forms, registrations, or subscriptions, as well as information collected automatically through cookies or other technologies.
  4. Purpose of Data Collection: Explanation of why the website collects personal information and the intended use of that information (e.g., providing services, personalization, analytics, marketing).
  5. Legal Basis: Identification of the legal basis for processing personal information (e.g., consent, legitimate interests, contractual necessity) in accordance with applicable data protection laws.
  6. Data Sharing: Disclosure of whether and how personal information is shared with third parties, such as service providers, advertising partners, or law enforcement agencies.
  7. User Choices and Controls: Information about the rights and choices available to users regarding their personal information, such as opting out of certain data collection or requesting access, correction, or deletion of their data.
  8. Security Measures: Explanation of the security measures implemented to protect the personal information from unauthorized access, loss, or misuse.
  9. Data Retention: Indication of how long personal information is retained and the criteria used to determine the retention period.
  10. International Data Transfers: Disclosure of whether personal information may be transferred to and processed in other countries, including any safeguards implemented to ensure an adequate level of data protection.
  11. Updates to the Privacy Policy: Statement indicating that the privacy policy may be updated from time to time, and how users will be notified of any material changes.
  12. Contact Information: Contact details of the website operator or data controller for users to reach out with questions, concerns, or data subject requests.

Where does the privacy policy go?

Your privacy policy should have it’s own page on your site, and it should be linked via a text link in the footer of your site.

By default, when you create a new WordPress site, there is a privacy policy already in place for you, on its own page, in Draft form. You can use that as a jumping off point to customize it based on your own preferences. Here is what is included in the default version:

Who we are

Suggested text: Our website address is:


Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.

Your site may use different elements or things that collect data, and your privacy policy should include disclaimers about all of them. Here are a few things to take note of.

… if you site uses Google Analytics

When using Google Analytics on your website, it is generally recommended to include a specific disclaimer in your privacy policy to inform users about the use of Google Analytics and its associated data collection practices. While the specific wording may vary, the following is an example of a Google Analytics disclaimer that you can include in your privacy policy:

“We use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google Analytics uses cookies or other tracking technologies to collect and analyze anonymous information about website usage and trends, without identifying individual users. The data generated by Google Analytics is transmitted to and stored by Google on servers located in various countries. Google uses this information to evaluate website usage, compile reports for website operators, and provide other services related to website activity and internet usage.

We use Google Analytics to understand how our website is used and to improve its content and user experience. Google Analytics may collect information such as your IP address, browser type, operating system, referring website, pages visited, and time spent on our website. This information is aggregated and anonymized before being used for analysis.

By using our website, you consent to the processing of data about you by Google Analytics in the manner and for the purposes set out above. To learn more about Google Analytics and how it collects and processes data, please visit Google’s Privacy Policy and Google Analytics’ Privacy Policy.”

Please note that this is just an example disclaimer, and it’s important to review and customize it according to your specific use of Google Analytics and any applicable legal requirements in your jurisdiction. It is also a good practice to provide a link to the respective privacy policies of Google and Google Analytics, so users can access more detailed information directly from the source.

… if you site has a subscribe box

If your website includes a subscribe box where users can sign up for newsletters, updates, or other communications, there are specific elements you should consider including in your privacy policy to address the data collection and use associated with this feature. Here are some key points to include:

  1. Purpose of Subscription: Clearly explain the purpose of the subscription, such as receiving newsletters, updates, promotions, or other relevant communications from your website.
  2. Information Collected: Specify the types of personal information collected through the subscription box, which may include email addresses, names, or any other relevant details you collect from subscribers.
  3. Consent and Subscription Process: Describe how user consent is obtained during the subscription process. Explain whether it involves an explicit opt-in checkbox, confirmation email, or other consent mechanisms, and emphasize that users are voluntarily providing their information for the specified purpose.
  4. Use of Subscriber Information: Explain how the collected subscriber information will be used. For example, mention that the information will be used to send newsletters, updates, or promotional content related to your website’s offerings.
  5. Third-Party Service Providers: If you use third-party service providers to manage your subscriptions or send out communications (e.g., email marketing platforms like MailChimp, Active Campaign, etc.), disclose that the subscriber information may be shared with those service providers for the purpose of fulfilling the subscription.
  6. Data Retention: Indicate how long you will retain the subscriber information and the criteria used to determine the retention period. This can vary depending on the nature of your communications and applicable legal requirements.
  7. Subscriber Rights: Inform subscribers about their rights regarding their personal information, such as the right to access, correct, or delete their data. Explain how they can exercise these rights and provide contact information for making such requests.
  8. Unsubscribing/Opt-Out: Describe how subscribers can unsubscribe or opt-out from receiving further communications. Explain the process and provide clear instructions or a link to manage their subscription preferences.
  9. Security Measures: Briefly mention the security measures you have in place to protect the subscriber information from unauthorized access, loss, or misuse.
  10. Updates to the Privacy Policy: State that your privacy policy may be updated from time to time, and specify how subscribers will be notified of any material changes.

Remember, the specifics of your privacy policy may depend on the applicable laws and regulations governing data protection in your jurisdiction. Consulting with legal professionals or privacy experts is recommended to ensure compliance and accuracy in addressing your specific subscription practices.

… if you site has E-Commerce

When operating an e-commerce website, it is important to have a comprehensive privacy policy that addresses the specific data collection, use, and protection practices associated with online transactions and customer information. Here are some key elements to consider including in your e-commerce website’s privacy policy:

  1. Personal Information Collection: Clearly outline the types of personal information collected during the e-commerce process, such as name, address, email, phone number, payment details, and any other information necessary for order fulfillment.
  2. Purpose of Data Collection: Explain the purpose for which personal information is collected, such as processing orders, providing customer support, delivering products, facilitating payments, and complying with legal obligations.
  3. Payment Processing: If your website handles payment processing directly, describe how payment information is collected, stored, and transmitted securely. If you use third-party payment processors, provide information on the involvement of those processors and their privacy practices.
  4. Order Fulfillment and Shipping: Disclose how customer information is shared with third parties, such as shipping carriers, to fulfill and deliver orders. Clarify that the sharing of information is limited to what is necessary for order completion.
  5. User Accounts: If your website offers user accounts, explain the information collected during the account creation process and how that information is used to manage and personalize user accounts.
  6. Marketing and Communications: Describe whether and how you use customer information for marketing purposes, such as sending promotional emails or targeted advertising. Provide information on how users can opt out of such communications if applicable.
  7. Data Security Measures: Explain the security measures in place to protect customer information from unauthorized access, loss, or misuse. Detail encryption methods, data storage protocols, and any compliance certifications or industry standards you adhere to.
  8. Data Retention: Specify how long customer information is retained and the criteria used to determine the retention period. If there are legal requirements or obligations for data retention, mention them as well.
  9. Cookies and Tracking Technologies: If your website uses cookies or other tracking technologies for analytics, advertising, or personalization purposes, disclose this practice and provide information on how users can manage cookie preferences.
  10. Third-Party Services: If you use third-party services or integrations on your e-commerce website (e.g., live chat support, customer reviews), clarify how customer information is shared with those services and link to their respective privacy policies.
  11. User Rights: Inform users about their rights regarding their personal information, including the right to access, rectify, or delete their data. Explain how they can exercise these rights and provide contact information for making such requests.
  12. Updates to the Privacy Policy: State that your privacy policy may be updated as necessary and indicate how users will be notified of any material changes.

… if you run Retargeting Ads

If you use Google Retargeting ads, which allow you to display targeted advertisements to users who have previously visited your website, it is important to address this practice in your privacy policy. Here are some key points to include:

  1. Explanation of Retargeting: Provide a clear and concise explanation of what Google Retargeting ads are and how they work. Describe that these ads are displayed to users based on their previous interactions with your website.
  2. Use of Cookies and Tracking Technologies: Explain that Google Retargeting ads use cookies or similar tracking technologies to collect information about users’ browsing behavior on your website. Mention that this information may be used to display targeted ads across Google’s advertising network.
  3. Types of Information Collected: Disclose the types of data collected by Google Retargeting ads. This may include information about users’ visits to your website, pages viewed, products or services of interest, and interactions with your site.
  4. Purpose of Data Collection: Clearly state the purpose of collecting this data, which is primarily to deliver targeted advertisements to users who have previously shown interest in your products or services.
  5. Data Sharing: Clarify that user information collected through Google Retargeting ads may be shared with Google and its advertising partners for the purpose of delivering and optimizing targeted advertising. Emphasize that the data is used in accordance with Google’s privacy policy.
  6. Opt-Out Options: Explain to users that they have the option to opt out of Google Retargeting ads and the use of cookies for personalized advertising. Provide information on how users can manage their ad preferences or opt out of personalized ads through Google’s Ad Settings or other available mechanisms.
  7. Third-Party Websites: If your website includes links to third-party websites or services that may also use retargeting or tracking technologies, clarify that you are not responsible for the privacy practices of those websites and encourage users to review their respective privacy policies.
  8. Google’s Privacy Policy: Provide a link to Google’s privacy policy to allow users to obtain more detailed information about how Google collects, uses, and protects data in connection with its advertising services.

Your website’s privacy policy should be a reflection of your actual practices when it comes to data collection on your website, and not something you found and copied off the Internet. That means you probably need to think about what your website is collecting, and what promises you are making to site visitors regarding their information.

How to get a privacy policy

My number one advice is to contact a professional if you aren’t sure. However, there are websites that offer privacy policy generators, both free and paid, that will ask you questions and create a policy based on your answers.

Note that I am not endorsing any of these websites, just giving you some options to explore as you make decisions about your own privacy policy needs.

Amy Masson

Amy is the co-owner, developer, and website strategist for Sumy Designs. She's been making websites with WordPress since 2006 and is passionate about making sure websites are as functional as they are beautiful.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Posted in ,

Join our list!

Our blog, delivered to your inbox. Never miss a post!