Blog

Sample Privacy Policy Template and Examples

When running a website, any kind of data processing involves some degree of risk and vulnerability. As such, having a privacy policy that details how you collect and process personal information is essential, both from a legal and business perspective.

Keep scrolling for a free privacy policy template and to see how existing businesses use privacy policies to get compliant and to inform their customers about their privacy practices.

Sample Privacy Policy Template

This generic privacy policy template can be used as a starting point for you to understand the essential elements that a typical policy should contain.

Note that this is just an example privacy policy template only. It will need to be customized to your business and where it operates, as most privacy laws worldwide have different requirements, as do third-party services that your website might be using.

Free Generic Privacy Policy Template

Download PDF Download DOCX

Expert tip: Take the hassle of writing your own privacy policy away with our privacy policy generator. It will save you hours of work and possible costly legal mistakes.

Privacy Policy Examples

Here are some privacy policy examples from different industries and website types to give give you a better idea of what kind of clauses your own privacy policy has to include.

Robinhood

Commission-free trading platform Robinhood needs to have a strong privacy policy in place, as it collects a lot of personal information from its users: from names to banking details, and addresses to social security numbers, the stakes are high.

The company refers to its privacy policy in its website footer:

Black background of Robinhood's website footer

When users click on the word “Privacy”, a 10-page PDF document opens:

White background with 'Robinhood United States privacy policy' written on it

Here is Robinhood’s definition of “Personal Information”:

White background with Robinhood’s definition of “Personal Information” on it

In addition to the typical information that a financial institution needs to collect from its customers in order to allow them to trade securities, Robinhood warns its users that some personal information is automatically collected, including through the use of cookies.

That information includes location data, notably for fraud prevention purposes, and usage and device data in order to provide a better user experience and to aid in the targeted advertising of its services on other platforms.

White background with 'Personal Information Collected Automatically' from Robinhood's website

Robinhood also warns its customers that it obtains personal information from other sources and third parties, which it combines with the data that it has already collected from its users. In other words, this gives the company a pretty good portrait of its customers:

White background with 'Personal Information from Other Sources and Third Parties' from Robinhood's website

The company goes on to explain how it uses that information using easy-to-read bullet points and specifies under which circumstances it would share personal data with third parties, all while specifying that it does not sell or rent personal information.

Typical of a standard privacy policy, it lets users know that it allows third-party online advertisers, social media companies, and other service providers to collect information so that they may deliver targeted advertising and reporting, attribution, analytics, and market research services. It links to the companies’ respective privacy policies (Google Analytics).

Robinhood makes it easy for its customers to manage the personal information that they share by providing a form that can be submitted to a designated email address - a link to this form is included in the privacy policy. Here is what it looks like:

White background with black and grey highlights form with 'Facts' written on it about what does Robinhood do with users' personal information

Keeping in mind that this company only operates in the United States, this is a good example of a privacy policy that has been tailored for a business that operates in a very regulated and specific industry, namely financial services.

Airbnb

Holiday rental platform Airbnb operates all over the globe and has customers located in various jurisdictions.

Its privacy policy can be found in the Help Center and can be accessed through a hyperlink in its website footer:

White background with grey highlight of AirBnb's website footer.

Potential website users are warned during the sign-up process that creating an account involves agreeing with Airbnb's privacy policy, terms of service, payment terms of service, and anti-discrimination policy.

White background with 'Finish signing up' of AirBnb's form with red button at the bottom with 'Agree and continue' written on it

Its privacy policy itself is fairly straight-to-the-point. Taking into account that it has customers located in different countries, it starts off by indicating that some users may need to read this privacy policy in conjunction with supplemental country-specific information.

Light blue background with 'Important Supplemental Information' from AirBnb's privacy policy for mobile app

Unsurprisingly, Airbnb collects a large quantity of information from its users in order to be able to provide its services. This includes: names, phone numbers, postal addresses, email addresses, dates of birth, profile photos, photo of government-issued IDs, payment information - and this is only the basic information required in order to be able to use the platform.

Users have the option to provide Airbnb with additional personal information such as gender, preferred language, city, personal description, and contacts.

In addition, it automatically collects geolocation information, usage information (pages visited, searches, etc), log data and device information, and payment transaction information, as well as uses cookies to store additional data.

The information that it collects from third-parties is very specific to the services that it offers background information in the form of public records of criminal convictions or sex offender registrations, for example.

White background with '2.4 Personal Information We Collect from Third Parties' written on it from section of AirBnb's privacy policy for mobile app

In the United States privacy policy, the company lists out how it uses information that it collects using bullet points and one-liners. In the “Outside of the United States” privacy policy supplement, it goes further into details and specifies under which lawful basis it does so, using tables for better readability:

White background with 2 columns table has '4.2 How We Use Information We Collect [Section 3]' written from AirBnb's privacy policy for mobile app

How Airbnb shares personal data is very specific to the nature of their business. Indeed, the policy states that information may be shared between members of the platform in order to facilitate booking and interactions.

White background with header that reads '4.2 Sharing Between Members" from AirBnb's privacy policy for mobile app

This makes sense, as it is essential in order for the hosts and the guests to be able to coordinate their bookings - but a good example of why you cannot simply copy and paste another website’s privacy policy, as it may not well be applicable to yours.

Airbnb is transparent about how users can exercise their data subject rights and facilitates the process of submitting a request by having a dedicated page on its website, which is linked in the privacy policy:

White background with header that reads '6. Your Rights' from AirBnb's privacy policy for mobile app

Here is what the page looks like:

White background with black and green letters with header that reads 'I'm an Airbnb user, how do I exercise my data subject rights?' from Airbnb's privacy policy for mobile app

This makes managing data easy for users, as each individual account has a section called “Manage your data” under which one can deactivate or delete their account and request a copy of the personal data that Airbnb holds about them. To opt-out of direct marketing activities or to object to data processing, when allowed to under the laws of the user’s jurisdiction, users are invited to email the company.

Here is what the “Manage your data” tab looks like for an Airbnb user:

White background with bolded header 'Manage your data' from Airbnb's privacy policy for mobile app

In addition to the “Outside of the United States” supplement, Airbnb also has the f

.ollowing privacy policy supplements, which includes pages specific to California and Vermont-based customers, China-based customers, and third-parties that it links to and a section specifically for enterprise customers:

White background with bolded header 'Privacy Policy Supplements' from Airbnb's privacy policy for mobile app

If you are a US-based company with affiliates and customers across the globe, have a look at how Airbnb has structured its privacy policy - especially for its international users - as it manages to take into account various complex global privacy laws requirements and make it readable and understandable.

Wayfair

Online furniture retailer, Wayfair, operates one of the biggest eCommerce websites on the Internet, shipping furniture to customers across the United States and internationally.

Reference to its privacy policy appears in its website footer, with a link to a separate, dedicated page:

Wayfair's website footer

Customers are also reminded of its existence during the checkout process as they are warned that by placing an order, they are agreeing to both the Wayfair privacy policy and terms of use:

White background with bolded header 'Cart Summary' from Wayfair's checkout process

The privacy policy itself is fairly standard and includes the following main sections:

  • Scope of application
  • Information collected and how it is used
  • Information automatically collected from using the website or application
  • Information collected from third parties (linked social media accounts, for example)
  • Sharing of information
  • Cookie policy
  • Direct marketing and behavioral advertising practices
  • Security measures
  • Data storage
  • Children’s privacy
  • Information specific to California residents and visitors from outside of the United States
  • Changes to the privacy policy
  • Contact information

A table is used so that customers can see at a glance how their personal information is used and for what purposes. This is a great idea, as this information will still jump out to people that are quickly scrolling through the page.

White background with bolded black header 'Information We Collect and How We Use Your Information' from Wayfair's privacy policy for mobile app
2 Columns table on white background with black header 'How we use information you give us' from Wayfair's privacy policy for mobile app

The company includes a statement in its privacy policy in which it addresses the security measures used to protect their customers’ personal information, all the while encouraging them to take reasonable measures to protect their passwords and prevent unauthorized access to their accounts.

Bolded black header 'Our Security Measure' on white background from WayFair's privacy policy for mobile app

It also warns customers that changes to the policy may be made periodically and as needed, with customers given notice of significant changes that could affect their information through the website, app, or by email.

Bolded black header 'Changes to this Privacy Policy' from Wayfair's privacy policy from mobile app

Wayfair hosts its privacy policy and its terms of use on the same page, which makes it easy for the customer to read them together or one after the other - after all, acceptance of both is implied when placing an order on their website.

OFX

Your responsibility does not stop once you have a privacy policy in place. It will need to be updated from time to time to keep up with legislative and business changes.

If you make any changes to your privacy policy, especially if they are significant, you will need to warn your users, as they may wish to revoke their consent or have questions about your new practices.

Australian online foreign exchange and payments company OFX recently sent this email notice to its customers, following changes to its privacy policy:

White background with orange rectangle box that reads 'OFX Moving money globally' and white 'LOG IN' button on it from OFX's privacy policy for mobile app

As you can see, this is short and to the point - using a friendly, approachable tone of voice and inviting customers to contact them should they require assistance. Note that it links multiple times to OFX’s updated privacy policy, giving customers the opportunity to read through the new document.

How to Draft a Privacy Policy for Your Website?

Drafting a privacy policy for your website should not be taken lightly. It is, after all, a legal document that must contain some specific elements and information in order to comply with applicable privacy laws and regulations.

Whether you choose to draft your own privacy policy, consult with an attorney or choose to use our handy privacy policy generator, you should be regularly reviewing your policy to ensure that you remain compliant with both privacy legislation and third party requirements and, when you do make modifications to your policy, inform your users of any major changes that could affect them.

Over 100,000 customer have used our attorney-drafted privacy policy generator to get compliant in minutes. Don't waste time writing legal documents and avoid common mistakes. Create your privacy policy now.