top of page

Privacy Policy For Website Or Mobile App

A Privacy Policy document for a website or mobile application is a kind of like a promise the website or app is making to its users about how it treats the information it collects from them. The Privacy Policy is considered an agreement because users manifest their assent by continuing to use the website or app, but it is really about the owner/operator of the website or app explaining to the users, in "non-legal" terms, what happens to their information. Privacy Policy documents are required in the United States, and they are extremely important documents to make sure that users know what to expect when they use the website or app or when they give their personal information to the operator of the website or app.
Especially when running any kind of business or personal website or app that allows users to interact with anything on it, it's a necessity to have a clearly laid out Privacy Policy.
One of the primary functions of a Privacy Policy document is to let the user know exactly how information is collected from them, whether that is active collection (like asking the user certain questions) or passive collection (like through the use of cookies). If the user goes in knowing what to expect, it is less likely that there will be problems between the user and the website/app down the road.
Privacy Policies are available on almost all major websites and apps today, and the operator should ensure a good one is in place for the business. This Privacy Policy is primarily for use in the United States, but is also compliant with the EU's General Data Protection Regulation, or GDPR, for those businesses that handle and process the personal data of EU citizens. For more information about relevant laws related to privacy policies, please see the guide What Your Small Business Should Know About Data Privacy in the U.S.

How to use this document
This Privacy Policy outlines how information is collected, what information is collected, how it is stored, and how it is used, among other things. Before sitting down to fill it out, the operator should ensure that they have all the information needed about how the website or app works to collect user data. This may involve doing technical checks or speaking to others in the company about the security side of things.
In this document, the operator will be able to outline the following information (and more):
- what personal information is taken from users, actively
- what personal information is taken from users, passively
- how the information is stored
- how the information is used
- if information is shared with related entities
- if information is shared with third parties
- if cookies are used
- what the user's rights are in relation to the information collected
- if children are allowed/encouraged to use the website/app
- how information collected from children is handled
- how users can contact the operator of the website or app if they have any concerns
The Privacy Policy should be used anytime a business or operator is setting up a website or mobile application that they plan to have others use and visit. After it is filled out, it should be published somewhere prominently on the website or app, with a link on the homepage saying "Privacy Policy."
It is critical to inform users about how their information will be managed. Often, a Privacy Policy will go hand in hand with a Terms and Conditions document, which we also have available for sale.
Within this Privacy Policy, the operator will be able to choose whether the document should apply to a website or mobile app and how many (such as if the operator has a very similar business model across a few different websites).

Applicable law
Although there is not one set of laws or regulations outlining what must be contained in the Privacy Policy for a website, website disclosures are broadly governed under U.S. Common Law and the advertising and privacy laws of the Federal Trade Commission. This Privacy Policy is also compliant with the EU's General Data Protection Regulation, or GDPR, for those companies which may process the data of EU citizens.
Certain other Federal laws are applicable as well, including The Children's Internet Protection Act of 2001 and The Computer Fraud and Abuse Act of 1986.

bottom of page