Does My Website Need a Privacy Policy?

Charles Deluvio Dilfan21p8o Unsplash (1)

Yes, it most likely does. Dealing with website privacy policies is a not-so-fun part of having your own website, but it’s increasingly important for businesses of all sizes in all locations.

Having a clear and comprehensive privacy policy in place helps your website visitors trust you. It makes you look more legitimate and professional. And it makes a promise to your prospective and current customers that you’ll handle their information with care. Plus privacy policies keep you accountable — you commit to doing what you say you’ll do in these policies.

Note: I am not a lawyer and this is not legal advice. Always consult your attorney prior to implementing any compliance solutions or if you’re facing a specific privacy issue.

Why Your Website Needs a Privacy Policy

Privacy policies have been around for a while, but they’re much more important and widespread these days, especially since GDPR in the EU and a variety of privacy laws in the U.S. were passed. And the laws and regulations are often changing.

I use and recommend a service called Termageddon*, who shares this on their website:

Multiple privacy laws are already in place that protect the [Personally Identifiable Information (PII)] of consumers and apply to businesses across state lines. On top of that, over 15 privacy laws have been proposed on a state by state basis.

A privacy policy lets your website’s visitors know what information you’re gathering from them and how you’ll use it. If you’re running a good, ethical business, you’re likely not doing anything “bad” with your website users’ information, but you still need to let them know what you’re doing. Here’s mine.

The standard recommendation is if you have a contact form and/or if you use a tool like Google Analytics or Facebook Pixel, you’re gathering personal information (names, emails, and IP addresses are all personally identifiable information), which means you need a privacy policy.

Beyond being a good business/person, you’ll want a good privacy policy to avoid lawsuits and fines. Fines for violating privacy laws start at $2,500 per violation per website visitor (stat from Termageddon). Read more about small businesses and privacy on Termageddon’s blog.

Note: Termageddon is not a law firm and does not provide legal advice. Always consult an attorney with questions.

What Privacy Policy Tool I Recommend

I exclusively recommend Termageddon, a paid privacy policy solution founded by a licensed attorney and certified information privacy professional. The VP of the company has a website design agency background, so this system is set up to work well for businesses of all sizes. What makes Termageddon a good option?

  • It’s easy to set up on your own since it prompts you through a variety of questions to figure out what data you collect and how you use it. You can also work directly with the founders to help set up your policies. I haven’t found another privacy policy generator that puts you in touch with a real human.
  • You install it on your website via an embed code, which means when you make changes to your policy details (or when a new law comes out and Termageddon updates their language), it automatically updates your site. You don’t need to log in and update your policy.
  • In addition to privacy policies, they also offer disclaimers, terms & conditions, and end user license agreements at no extra cost. I’m hoping they’ll release a cookie policy someday too.
  • They have amazing support. You can email them and they’ll get back to you pretty quickly, and they don’t charge extra to help you out.
  • It’s trusted by many experienced web designers and developers, and it’s listed as the only Privacy Policy generator vendor by the International Association of Privacy Professionals.

There are dozens of other options out there, many of them free to set up, but Termageddon is the only one I fully recommend*. This is such an important part of a website these days that I have all my website design clients sign a waiver saying they’ll figure out their own privacy policies for the site if we don’t work it out together.

You can also work with an attorney or someone on your legal team to craft one for your business specifically. If you have the budget for this, it’s absolutely the way to go!

Termageddon’s policies are “attorney-friendly,” meaning you can invite your attorney to review the policies and override sections of them if needed. This is often easier and more budget-friendly than having an attorney write your policies from scratch.

Since I originally wrote this blog post in 2021, Termageddon has started including cookie policies when you sign up with them, making it an event more compelling policy solution.

Cookies track, store and share your website users’ behavior, so there’s potential privacy risk in using them. A cookie policy tells your website’s users what cookies are active on your site, what user data they’re tracking (and why), and where you send this data. A good cookie policy also shows users how they can opt out or change their settings.

If you’re using Google Analytics or Facebook Pixel, or if you gather user data through contact forms, email marketing signups, e-commerce pages, or membership plugins, your website uses cookies.

While there’s no cookie law in the U.S. currently, some laws like the California Consumer Privacy Act and the Children’s Online Privacy Protection Act regulate how cookies are used. And if there’s any chance you might have website visitors from other countries with cookie laws (most websites!), you’ll want a cookie banner and cookie policy to be safe.

If you use Termageddon, they provide instructions on setting up UserCentrics on your WordPress website (for your cookie banner) via code or a plugin.

You can easily set up Termageddon’s cookie policy on your Squarespace website, but you’ll either need to use Squarespace’s built-in cookie banner or be on a plan where you can add code to set up the opt in/opt out cookie banner to finish your setup.

Terms and Conditions/Terms of Service

If your website links to third party websites, or if you do any e-commerce, you should have a Terms & Conditions page. If someone ends up on a third party site via your website and gets hacked, having a good Terms & Conditions document will help prevent you from getting sued. See my Terms of Service page.

Termageddon also says that a Terms and Conditions can provide a DMCA notice, which helps your business avoid a lawsuit for improper use of copyrighted material like licensed images. If you’re using stock photos or other photos that aren’t your own, this can give extra peace of mind.

Disclaimers

If you share affiliate links on your website, you’ll need a Disclaimer. See my disclaimer. Disclaimers are also required for any website that provides health advice or legal advice.

If you have any questions about getting policies set up, feel free to reach out. Getting policies set up on your website is a necessary part of running a business these days, and it’s worth it once it’s done. I recommend setting aside 2-4 hours to get this all done, and/or talking to your attorney to find the best solution for your business.


*I have an affiliate relationship with Termageddon, meaning I get a few bucks when someone I refer signs up using my promo code KENNEDY. This promo code also gets you 10% off your first year. I don’t have affiliate relationships with any other privacy policy generators as Termageddon is the only one I fully endorse. I don’t receive any compensation from them unless someone signs up using my promo code, and I’m equally happy for you to sign up without the code. Any questions? Check out my affiliate philosophy blog post or email me!

Jess-20

About the author

Jessica Kennedy

Jessica builds websites and optimizes sites for SEO for small business owners who'd rather be outside. Learn more about Jessica.

Leave a Comment