Write your policy in basic English, determine what information you’ll be potentially gathering from consumers such as email addresses, credit card numbers, login information, cookies, and identify what you’ll be doing with it (if anything). If there is something you’ll be doing with a customer’s information that seems unsavory, instead of leaving it out, it’s better to stop the sketchy practice. I.E. “I’ll be using phone numbers to find a nice Friday night date.” Instead of stalking your customers, maybe you could just focus on being less weird.
Things That Should Be Included:
1. Write the policy in simple English (aim for a 9th grade level).
2. Inform customers about what information will be collected and whether it could be identifying.
3. What information specifically is being collected?
4. Will you be sharing information with anyone such as partners, affiliates?
5. List the state and federal privacy laws and initiatives that you comply with.
6. Make opting-out easy and explain how it works.
7. State that the policy will be updated regularly. Then actually do it.
Note: Depending on what your website is about or who it’s directed to you may want to include details relating to; Google® and Apple’s® privacy requirements, COPPA, CalOPPA, the CAN-SPAM Act, FTC Fair Information Practices etc.
It can be difficult writing the perfect policy but there are easy, cost-effective ways to do it. We recommend and use the following services: