Does my website need a privacy policy?

Yes, it most likely does. Dealing with website privacy policies is a not-so-fun part of having your own website, but it’s increasingly important for businesses of all sizes in all locations.

Having a clear and comprehensive privacy policy in place helps your website visitors trust you. It makes you look more legitimate and professional. And it makes a promise to your prospective and current customers that you’ll handle their information with care. Plus privacy policies keep you accountable — you commit to doing what you say you’ll do in these policies.

Note: I am not a lawyer and this is not legal advice. Always consult your attorney prior to implementing any compliance solutions or if you’re facing a specific privacy issue.

Why Your Website Needs a Privacy Policy

Privacy policies have been around for a while, but they’re much more important and widespread these days, especially since GDPR in the EU and a variety of privacy laws in the U.S. were passed. And the laws and regulations are often changing.

I use and recommend a service called Termageddon*, who shares this on their website:

Multiple privacy laws are already in place that protect the [Personally Identifiable Information (PII)] of consumers and apply to businesses across state lines. On top of that, over 15 privacy laws have been proposed on a state by state basis.

A privacy policy lets your website’s visitors know what information you’re gathering from them and how you’ll use it. If you’re running a good, ethical business, you’re likely not doing anything “bad” with your website users’ information, but you still need to let them know what you’re doing. Here’s mine.

The standard recommendation is if you have a contact form and/or if you use a tool like Google Analytics or Facebook Pixel, you’re gathering personal information (names, emails, and IP addresses are all personally identifiable information), which means you need a privacy policy.

Beyond being a good business/person, you’ll want a good privacy policy to avoid lawsuits and fines. Fines for violating privacy laws start at $2,500 per violation per website visitor (stat from Termageddon). Read more about small businesses and privacy in this guide from Termageddon.

Note: Termageddon is not a law firm and does not provide legal advice. Always consult an attorney with questions.

What Privacy Policy Tool I Recommend

I exclusively recommend Termageddon, a paid privacy policy solution founded by a licensed attorney and certified information privacy professional. The VP of the company has a website design agency background, so this system is set up to work well for businesses of all sizes. What makes Termageddon a good option?

  • It’s easy to set up on your own since it prompts you through a variety of questions to figure out what data you collect and how you use it. You can also work directly with the founders to help set up your policies. I haven’t found another privacy policy generator that puts you in touch with a real human.
  • You install it on your website via an embed code, which means when you make changes to your policy details (or when a new law comes out and Termageddon updates their language), it automatically updates your site. You don’t need to log in and update your policy.
  • In addition to privacy policies, they also offer disclaimers, terms & conditions, and end user license agreements at no extra cost. I’m hoping they’ll release a cookie policy someday too.
  • They have amazing support. You can email them and they’ll get back to you pretty quickly – and they don’t charge extra to help you out at all.
  • It’s trusted by many experienced web designers and developers, and it’s listed as the only Privacy Policy generator vendor by the International Association of Privacy Professionals.

There are dozens of other options out there, many of them free to set up, but Termageddon is the only one I fully recommend*. This is such an important part of a website these days that I have all my website design clients sign a waiver saying they’ll figure out their own privacy policies for the site if we don’t work it out together.

You can also work with an attorney or someone on your legal team to craft one for your business specifically. If you have the budget for this, it’s absolutely the way to go!

Termageddon’s policies are “attorney-friendly,” meaning you can invite your attorney to review the policies and override sections of them if needed. This is often easier and more budget-friendly than having an attorney write your policies from scratch.

What Else You’ll Need: Cookie Policies, Terms & Conditions, and Disclaimers

Cookie Policies

A cookie policy is the only policy in this blog post that you’ll need another tool to create. Termageddon doesn’t currently offer cookie policies — I’ll update this blog post if that changes!

Cookies track, store and share your website users’ behavior, so there’s potential privacy risk in using them. A cookie policy tells your website’s users what cookies are active on your site, what user data they’re tracking (and why), and where you send this data. A good cookie policy also shows users how they can opt out or change their settings.

If you’re using Google Analytics or Facebook Pixel, or if you gather user data through contact forms, email marketing signups, e-commerce pages, or membership plugins, your website uses cookies.

While there’s no cookie law in the U.S. currently, some laws like the California Consumer Privacy Act and the Children’s Online Privacy Protection Act regulate how cookies are used. And if there’s any chance you might have website visitors from other countries with cookie laws (most websites!), you’ll want a cookie banner and cookie policy to be safe.

My suggestion is to knock out all these policies at once so you don’t have to worry about what you might have missed. I recommend the free plugin Cookiebot for WordPress websites. Squarespace has a built-in way to add a cookie banner. See my cookie policy from Cookiebot.

Terms and Conditions/Terms of Service

If your website links to third party websites, or if you do any e-commerce, you should have a Terms & Conditions page. If someone ends up on a third party site via your website and gets hacked, having a good Terms & Conditions document will help prevent you from getting sued. See my Terms of Service page.

Termageddon also says that a Terms and Conditions can provide a DMCA notice, which helps your business avoid a lawsuit for improper use of copyrighted material like licensed images. If you’re using stock photos or other photos that aren’t your own, this can give extra peace of mind.

Disclaimers

If you share affiliate links on your website, you’ll need a Disclaimer. See my disclaimer. Disclaimers are also required for any website that provides health advice or legal advice.

If you have any questions about getting policies set up, feel free to reach out. Getting policies set up on your website is a necessary part of running a business these days, and it’s worth it once it’s done. I recommend setting aside 2-4 hours to get this all done, and/or talking to your attorney to find the best solution for your business.

*I have an affiliate relationship with Termageddon, meaning I get a few bucks when someone I refer signs up using my promo code KENNEDY. This promo code also gets you 10% off your first year. I know there’s skepticism these days around affiliate links, but I find them a great way to support an individual or a small business if it’s something I’d buy anyway. I don’t have affiliate relationships with any other privacy policy generators as Termageddon is the only one I fully endorse. I don’t receive any compensation from them unless someone signs up using my promo code, and I’m equally happy for you to sign up without the code. Any questions? Email me!

Leave a Comment

P.O. Box 7432
Mammoth Lakes, CA 93546
(828) 406-2990
hello@jesskenn.com

Copyright © 2021 Jessica Kennedy | Privacy Policy | Terms of Service | Disclaimer | Cookie Policy