Privacy Policy Guide
Required Sections
1. Introduction & Overview
This Privacy Policy explains how [Company Name] ("we", "us") collects, uses, and protects your personal information when you use [Site/App Name] ("Service").
2. Information We Collect
- Information you provide directly (name, email, payment info)
- Automatically collected data (IP, cookies, device info, pages visited)
- Third-party data (social logins, analytics partners)
3. How We Use Your Information
- Provide and improve the service
- Process transactions
- Send transactional and marketing emails (with consent)
- Comply with legal obligations
- Fraud prevention and security
4. Cookies & Tracking
Describe: essential cookies (always on), analytics cookies, marketing/advertising cookies. Include opt-out instructions.
5. Data Sharing & Third Parties
List all third parties with access to user data: payment processors, analytics (Google Analytics), hosting, email services, CDN.
6. User Rights (GDPR/CCPA)
Access, correction, deletion, portability, opt-out of sale (CCPA), withdrawal of consent. Include contact email for requests.
7. Data Retention, Security & Contact
State how long data is kept (e.g., account data for 3 years after deletion). Security measures (encryption, access controls). Contact email and effective date.
GDPR vs CCPA Key Differences
| GDPR (EU) | CCPA/CPRA (California) | |
|---|---|---|
| Applies to | Any site with EU users | CA businesses with >$25M revenue or 100k+ users |
| Consent | Opt-in required | Opt-out for data sale |
| Max Fine | €20M or 4% global revenue | $7,500 per intentional violation |