How to Create a Privacy Policy

GDPR Symbol privacy policy
05Jun, 2019
Reading Time: 18 minutes

Want to know the real reason no one reads privacy policies? And why is this important?

But first,

What is a privacy policy?

Privacy policy is a statement or a legal document that discloses some or all of the ways a party gathers, uses, discloses and manages a customer or client’s data. Personal information can be anything that can be used to identify an individual, not limited to but including; name, address, date of birth, marital status, contact information, ID issue and expiry date, financial records, credit information, medical history, where you travel, and intentions to acquire goods and services.

Did you notice many big tech giants notifying you about their privacy policy update recently? Did you ever read that privacy policy, to begin with? Or their Terms of Service?

If you type in Google search “RECENT privacy policy updates”
You will see updates from big tech giants and how they are changing their privacy policy.

Evernote Did What?

Recently, Evernote wanted to go have their employees go through your content to enhance their machine learning with its new privacy policy update. Since they received countless complaints, they said they will not implement but “instead, in the coming months we will be revising our existing Privacy Policy to address our customers‘ concerns, reinforce that their data remains private by default, and confirm the trust they have placed in Evernote is well founded,”.

If you are going to start a controversial policy update like Evernote, chances are you as a customer might read their whole policy, take a second look at exactly what is going on. If you are not going to do something drastic like Evernote, there is an old way and a new way of providing a privacy policy.

We will go through some of the big tech companies and see how they are helping their users understand what they are doing with your information. Then, see how a company is trying to change the future of privacy policy.

The Big Techs

Linkedin helps their customer understand their privacy policy via video. While most of their users won’t spend time going through their policy, they provided an alternative option so that their users can access it. Not only does it provide transparency, it portrays a sense of ownership and great care for their users and provides communication. It helps build their users trust as well as make it a bit entertaining.

Facebook is probably the more formal policy here, though it does feel like they’ve tried.
You can go through their complete Data Policy, or for a more user-friendly approach to their policy explanation. They provide a Facebook Privacy Page where you can “Like this Page to learn how to exercise your choice to share what you want with those you want, keep up with changes, and talk with others about the importance of privacy in our digital age”.

Apple is known for simplicity and ease of use. If they have not provided a policy that provides that image, they would have been a typical company that hides their secrets inside their enormous policy. Well, they did a great job about their approach to privacy, but their actual privacy policy is still a normal privacy policy. Compared to other big tech companies, they really haven’t innovated their policy to be understood by the people or made for the people.

I believe Google’s privacy policy is hands down the best. They provide archived policy and underline modified text on their current policy. You can actually see what changes they’ve made and go through their history if you wish to comb through their archives. This is transparency at its core. Not only is their privacy policy easy to understand, but they also provide a library and give you access.

Examples of best privacy policy practices

iubena privacy policy exampleavg privacy policy

User experience is very important, and by helping them guide and comb through your policy is what most privacy policies are missing. Not only that, helping your users identify what services you’ve installed and their purpose. How are you generating your privacy policy? How are you helping your users, customers, prospect an opportunity to trust you? Should privacy policy be short and simple to understand? If your answer is yes, make the change.

What your landing page(s) is missing, is a privacy policy.

You understand the CAN-SPAM Act and comply by signing up with an email marketing software to do most of the work for you. You have the unsubscribe button and follow the instructions provided by these email marketing software.

Apart from privacy regulations requiring you to respect the user‘s privacy, there is the email newsletter company policy side to it as well: Depending on which newsletter service provider you use, you might find that they require you to have and abide by privacy policy to use them.

privacy policy landing page test

There was a study on how privacy policy can increase or decrease conversion. Beem Digital tested 4 different privacy policies on a sign-up form on the home page for BettingExpert, an online betting community. It improved conversions quite meaningfully: 19.47% signup increase over the control version.

privacy policy landing page experiment

A new look at Privacy Policy

In the age of technology and innovation, the key to running a successful online business lies in the ability to attract visitors and nurture them into your customers over time. To achieve this, business owners and marketers are constantly looking for ways to build strong email lists, streamline landing pages, and optimize website presence. They also need to conduct various testings to find the ideal opt-in experience. 

That said, there is an important aspect that many marketers tend to overlook: privacy policy. When faced with the decision of whether to include or not include a privacy policy, most people either choose to ignore it or include a cliché statement that often doesn’t perform really well.

Numerous case studies have shown the impact of privacy policy statements on the opt-in rate. Depending on where you are, you may fall under legal requirement to include a privacy policy. In other words, privacy policy is a serious business that is becoming more important to the users. Rather than just an obligatory statement, privacy policy is about building trust with your audience – a critical factor to the success of your business.

1. Say “no” to the word “spam”

Users are concerned about their privacy. You’ve probably seen the variation of the statement “We won’t spam you” in many opt-in forms. While it’s a popular statement, this is simply lazy work. Using the word “spam” can actually be detrimental to your conversations. 

As people are becoming more skeptical with online privacy, the word “spam” not only instills fear and distrust in the minds of visitors, but it also keeps their attention away from your offer. As the negative feeling is too overwhelming to shake off, your privacy statement has now become a distraction rather than a persuasion. The below test conducted by ContentVerve suggests that including the word “spam” can result in 18.70% signup decrease over the control version. 

2. Use positive wording 

Instead of saying things that you won’t do, go for an affirmative statement. For instance, statements like “We guarantee 100% privacy.” or “We respect your privacy. Your information will not be shared.” are a powerful way to create transparency as you connect with your audience. They are positive and they make sense. In fact, according to the findings ContentVerve made, they can lead to 19.47% more signups than the control version.   

Make sure that your privacy policy focuses on your customers’ psychology. It should alleviate their uneasy feeling about the safety of their privacy, rather than intensify it. Affirmative wording helps ease your users’ worry and clear any concerns they have so that they will feel more confident about joining your email list. 

3. show your Privacy Policy up front

It’s all about being transparent. If you’re running an eCommerce business, it’s especially important to show your privacy, return/refund, and guarantee policies up front. Your customers would not be happy if they find out about your policies after their purchases. What’s worse, they have to go through a complicated process in order to get their refunds (if they ever get them at all!). 

Always clearly state your company’s policies before you require you visitors to take any action. It shows that you have nothing to hide. It also makes it much easier for both parties to communicate and understand each other. Bonus point if you can include your contact number, an email address, and a real address. Remember, transparency fuels trust. 

4. Never stop testing 

User testing is a critical part of understanding your audience. Knowing what works and what doesn’t and going through trials and errors are the reasons why some businesses succeed, while others fail. 

Avoid copying other people. It might be tempting to copy successful online retailers. After all, they must be doing something right in order to get where they are now. The reality is not that simple. Some established brands can get away from putting their privacy statements near the opt-in forms as they have gained the recognition and reputation needed over the years. However, for new businesses that are still trying to establish their presences, it’s a bad idea to imitate bigger brands. 

The legal requirements of having privacy policy can get more extensive depending on your business model and industry. Nevertheless, privacy policy agreements are mandatory. In other words, if you’re collecting data that can be classified as “personal identifiable information”, make sure to include a privacy policy. Sites like iubenda are a good place to help you generate your privacy policy in a few simple steps.  

Overall, know your business and where it stands in the market. This will help you make informative, conscious decisions about your privacy statement and differentiate yourself from the rest. Keep on experimenting and remember, small things can make a big difference. 

 

Privacy Policy, is it SEO related?

I’ve been working and learning S.E.O for about 4 years now. It’s been quite a journey and I thank my tools to help me with my SEO. Tools help me identify quick and easy fixes. Some are harder than others, but in the end, tools can provide you a nice checklist. I’ve used tools such as WooRank, SEO Powersuite, SEMRush. I have nothing else to say, other than that all three tools have its place.

If you are an SEO expert, you might want to think about using all three, instead of picking just one. If you are a starter, I would suggest WooRank, since it is the most affordable out of the three. SEO Powersuite has tons of great tool like LinkAssistant to help you with backlinks. SEMRush

But there is just one thing that all of these tools do not mention. This may or may not be a direct Google ranking factor, but who knows, it might be soon.

We live in a digital age, where data is being collected, shared and stored. It’s to the point where people can identify where you live, your favorite hobbies, what time you get up in the morning and what you do with your lives. It can be good and it can also be a bad thing.

If you go to websites after websites, you will notice that they are collecting something from you. And without permission, it is violating your rights. Privacy policy and term pages help the website provide transparency to their visitors. Hiding or neglecting to provide them is out of the question. Term of service and privacy policy essentially serves as a blueprint for your business, thereby making them super important.

Not many will go click on the privacy policy, but hopefully, people will start doing so. It is not only about providing the materials but if you want to associate your site with those who do not provide a privacy policy, then, by all means, be associated with them.

You can read my article on WooRank to learn more about if Google checks your privacy policy or not.

What’s your website’s trust score?

Much has been said about the role of SEO in helping the search engine robots understand your website and driving traffic to your business. 

Competing with others for that one spot on the first page of Google is certainly an important aspect in your growth strategy. So you painstakingly pay close attention to creating anchor text, keyword density, “quality” content, and building relevant links.

Yet something is still a little off… 

No matter how much time and effort you’ve spent working on your SEO, Google just doesn’t seem to like your website. 

Why?

Sometimes when you overly focus on meeting the mechanism of search engine robots, you neglect the real conversations that you should really be having with your customers. This is reflected in your website’s Trust Score.  

What is a trust score?

A Trust Score represents your customer satisfaction, which is measured based on many trust rank factors. Here are some common parameters:

  • The age of your website – the older the better.
  • Unique content. Who needs another copycat?
  • Site updating. Fresh pages and “evergreen” content attract more users. 
  • Number of pages indexed.
  • Website traffic. 
  • Backlinks. Keep in mind that only quality links matter.
  • User engagement (i.e. time on site, long click, shares, likes, comments, and reviews).  

Why does your trust score matter?

While other SEO metrics are essential for ranking, in most cases, they exist in the background, hidden from your customers. This lack of transparency makes it rather difficult, if not impossible to build trust. 

Remember, your customers can only see what’s visible on the website and visibility constructs the basic framework for trust. Without trust, sooner or later your business is doomed to failure.

In fact, only a few people understand just what it takes to build trust. Studies show that less than a third of CMOs and marketing executives fully understand where trust is being eroded in the experience lifecycle. Only half are able to address negative experiences at the customer touch point. While many recognize the value of analytics in building trust with their customers, most are not using analytics at their disposal.          

Trust takes time to build and is quick to lose. 

In an ever competitive, cutthroat world, zero trust equals zero business. If customers don’t trust your website, Google will find a way to penalize it. But if they love it? Congrats, your Google Trust Rank and Website Trust Score are on great terms.

How to make your customers and Google trust your site.

Whether you’re an established business or a brand new startup, you have to go through an inevitable process of building and nurturing trust with your customers. According to research, 91% of CMOs feel that building trusted customer relationships is a critical focus of their department’s strategic and competitive vision. What’s more, 67% agree that customer experience cannot be controlled by marketing alone. 

Simply put: people buy from people they trust and it takes various factors to assemble, strengthen and sustain an empire of trust.   

So let’s dive deeper and get a better picture of your website’s Trust Score. Grade yourself with one point for each “yes” and a negative for a “no”. Elaborate on each “yes” answer.

  • Do you have customer support? If so, how long can your customers expect a response?
  • Is it easy for your customers to contact you? What is your current satisfaction rate?
  • Do you have a Privacy Policy? If so, how easy can your customers understand it?
  • Do you currently have Terms of Service? Can your customer understand your return policy? 
  • Do you have web security in pace to protect your customer info?
  • Are you happy with your current customer review ratings? 

So what’s your website’s Trust Score? Think you can improve?

Privacy policy and marketing

If you’re marketer building several landing pages, don’t neglect providing transparency and understand how important it is to provide it. Make your privacy policy Bold and LOUD so that visitors can see and appreciate the fact that I am doing what I tend to do.

I believe iubenda has a solution and more discussion on privacy policy is very important in this digital age. Before you begin your affiliate, email marketing. Please make sure you are providing all the legal requirements and privacy policy so that you are not set up for failure.

From a legal perspective

Once you collect personal data from visitors like their email, you need to inform them of various things (and this is a constant across most legislation and systems. More information about the international regulatory framework can be found here):

  • personal data must be processed fairly and lawfully. This includes, in particular, to tell
  •    the individuals concerned who you are and that they plan to use these details for marketing purposes;
  • you need to tell people if you plan to pass those details on to third parties, including selling or
  •    sharing the data for marketing purposes, for which you are likely to need their consent to do so;
  • you collect personal data for specified purposes, and cannot later decide to use it for other purposes unrelated to your email marketing purposes;
  • keep time in mind: a marketing list which is out of date, or which does not accurately record people’s marketing preferences, could breach privacy regulations.
business impact regarding privacy policy
2016 TRUSTe/NCSA Consumer Privacy Infographic – US Edition

Let’s go through some regulation to explain why you need it before we get into maximizing conversion with a privacy policy. Depending on where you live, does make a difference. You would want to comply with your local regulation. However, if you are in the business to reach out globally, there are few laws you need to take into consideration.

While CalOppa is a California law, you still need to comply with them. What is the probability of a Californian going to your site? Whether you live in California, your online business has the potential to reach them.

The California Online Privacy Protection Act (CalOPPA)

An operator of a commercial Website or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service shall conspicuously post its privacy policy on its Website.

Europe has a well developed privacy law sector. The relevant legal framework in the European Union is the Data Protection Directive (95/46/EC) and the ePrivacy directive (2002/58/EC, as revised by 2009/136/EC). Those regulations need to be transformed into Member States law, making sure that minimum privacy requirements are met across the European states.

From a [block]20[/block] self-assessment guide:

* If your organization has a Website, post your privacy policy on it. Make sure the policy covers all collections, uses, and disclosures of personal information made via the Website itself; and

* Take appropriate measures to notify Website users of all your organization’s online information practices, notably using “cookies” or other non-visible tracking tools, and explain such practices

Whether you are certain about who will be going to your site, you would want to comply with all regulation so that you are not at risk of being fined. By understanding what regulations you need to comply, helps protect your business. Just like any brick and mortar stores, you won’t start a business not knowing exactly what you need.

privacy policy awareness
2016 TRUSTe/NCSA Consumer Privacy Infographic – US Edition

The privacy policy can help break barriers and build trust. Your visitors wants to know that you are going to do what you say. People enter their personal information, so there is a trust issue. A split test was done to understand the what landing page would convert the best. One without a privacy policy and one with.

When providing a privacy policy, you do not want to provide the standard visibility. Be creative and break the barrier of the typical notion of reading a policy. No one wants to read legal jargon, therefore, having user-friendly, easy readability and understanding can help your visitors appreciate the effort to simplify and quickly understand exactly what you are doing with their information.

Few ways to go about creating a privacy policy for your business.

Also, there is a good way to go about it, versus the bad way. Let’s start with copying and pasting a policy from other people. If you are selling someone else’s product, you might think that by copying their policy would protect you and your business. What most people do not realize, you are adding on services that might not be mentioned in their policy. Also, you might be infringing by copying and pasting.

While most people click your policy and think that everything is covered, there will be those who actually read them and point out the difference between the policy you paste and what you do with them. If you are using a landing page builder with analytic, you will need to disclose that information. You also need to disclose that you are tracking them with cookies as well as disclose that you are using an email marketing software to track their open/click rates and behavior triggers.

Hiring a lawyer can be costly.

It can range from hundreds to thousands of dollars. LegalZoom does provide privacy policy service but you are looking at couple a hundred of dollars. There are other startups like Rocket Lawyer that helps reduce cost and indeed help you draft custom privacy policy.

Yes. Facebook requires users of their app platform to use a privacy policy for an app as soon as you collect data from their users. In Facebook’s platform policies you will find the following:

You will have a privacy policy that tells users what user data you are going to use and how you will use, display, share, or transfer that data. In addition, you will include your privacy policy URL in the App Dashboard, and must also include a link to your app‘s privacy policy in any app marketplace that provides you with the functionality to do so.

Until you display a conspicuous link to your privacy policy in your app, any data accessed by your app (including basic account information) may only be used in the context of the user’s experience in that app. A user‘s friends’ data can only be used in the context of the user’s experience on your application.

Web sites or services directed to children under 13

If you use Social Plugins or JavaScript SDK for Facebook on sites and services that are directed to children under 13, you are responsible for complying with all applicable laws. For example, if your website or service is directed to children in the United States, or knowingly collects personal information from children in the United States, you must comply with the U.S. Children’s Online Privacy Protection Act.

Note how Facebook tells you to be consistent with California’s privacy laws concerning children: They tell you to comply with the U.S. Children’s Online Privacy Protection Act which introduces more stringent rules for your apps when you target children under the age of 13.

How A Privacy Policy Should Be Written

A privacy policy is an important part of any website. If you are not sure if you need a privacy policy, there is a simple question to answer if you should have one. ‘Does your website collect any personal data from the users?’ This does include email. If you answered yes, then you need a privacy policy.

In most countries, you legally need a privacy policy if you collect any kind of data from a user. Once you know you need one, how do you write one?

How To Write A Privacy Policy?

Privacy policy needs to be understood by everyone who visits your website. English is the best option, but if your website is in another language, you should have the privacy policy in that language. When you are writing the policy, you should aim for a 9th-grade reading level. This is a reading level that most people have and allows them to understand what is being said.

You should explain the information that you are gathering and why you are collecting the data. Emails and cookies are very common information to track, so there are a lot of great examples out there. If you are gathering information for any sketchy reasons, you should stop these practices instead of trying to explain it to your visitors.

The important information that you should include is if you are sharing information with anyone.

This is a huge part because you need to inform the users where their information is going. In most areas, you do not need to list the exact company, but you do have state clearly that the information gathered is being shared or sold.

You should also have information about the laws and initiatives that you are complying with. Having this information is legally required in some areas, and you can face fines if this information is missing.

Depending on the information that you are collecting and what it is being used for, you should include information about how the users can opt out. Most email collections will have this information at the bottom of every e-mail, and somewhere on the host website.

If you are using Google or Apple products, you will need to include information about their services and about their privacy policy. In most areas, you can just post a link to Google’s or Apple’s privacy policy in your policy to be covered.

These are the common elements that a privacy policy should have:

  • Who is the site/app owner?
  • What data is being collected? How is that data being collected?
  • For which purposes is the data collected? Analytics? Email Marketing?
  • What third parties will have access to the information? Will any third party collect data through widgets (e.g. social buttons) and integrations (e.g. Facebook connect)?
  • What rights do users have? Can they request to see the data you have on them, can they request to rectify, erase or block their data (under European regulations most of this is mandatory)?
  • Description of process for notifying users and visitors of material changes to the privacy policy
  • The effective date of the privacy policy

Don’t put your apps at risk

 

The need for transparency has become a pressing issue for developers around the world. In fact, many have been receiving notices from Google Play for violating the User Data policy regarding personal and sensitive information. 

What’s more, under Google’s rules they have until March 15, 2017 to submit a valid privacy policy on their Store Listing page and within the app.  

Google’s effort to penalize and eradicate half-baked, ill-considered apps reflects the company’s goal for a better, more transparent community – one that doesn’t put users’ data and privacy at risk.

The problem

We’ve heard all sort of stories about Android apps that steal your valuable data and cost you money. Think about every time you install a new app, you need to accept some kind of permissions. Very often you don’t get many choices as permissions are bundled up – it’s either all or nothing.

According to research, requesting fewer permissions leads to more downloads. Since Android has a history of poorly permissions handling, users pay closer attention and are more careful about their permission usage. A study about two unbranded apps with similar functionality and ratings but different sets of permission requests shows that on average, users were 3 times more likely to install the app with fewer permission requests.  

This explains why many developers fail to include a valid privacy policy even though their apps request for sensitive permissions (including camera, accounts, contacts, phone, and microphone) or user data. Others have revealed that even though they DID provide a privacy policy, they still got warnings from Google. 

The solution

This is directly quoted from Google: “For apps that request access to sensitive permissions or personal data (as stated in the User Data policies), you must provide a privacy policy on your app’s store listing page and within your app. Make sure to include an active URL to your privacy policy that applies to your app, and specifically covers user privacy.”

Google has clearly identified the kind of information they wish to see in your privacy policy. In general, if your apps need one or more of the following permissions, they must be stated in your privacy policy. 

 

“android.permission.INTERNET”

“android.permission.ACCESS_NETWORK_STATE” 

“android.permission.WAKE_LOCK”

“android.permission.VIBRATE” 

“android.permission.RECEIVE_BOOT_COMPLETED” 

“android.permission.GET_ACCOUNTS”

“android.permission.READ_CONTACTS” 

“com.google.android.c2dm.permission.RECEIVE”   

 

You can learn more about how these permissions work here. Alternatively, you can also check out Google Play Developer Console Help Center.

Failure to comply with Google guidelines and specifications will limit your application visibility in the App Store or lead to removal altogether.  

Other key elements to include in your privacy policy

Depending on the nature of your app, the content of your privacy policy may vary. However, in general here are some common elements that a privacy policy should have:

  • Information about the site/app owner.
  • The kind of data being collected and how it is collected. 
  • The purpose of the data collection (i.e. analytics, email marketing).
  • Any third parties that have access to the information and through which means (widgets and integrations).
  • The rights of users regarding their data (i.e. the ability to request to see the data, to rectify, erase, or block).
  • The process for notifying users and visitors regarding material changes to the privacy policy. 
  • Effective date of the privacy policy.

Add a privacy policy to your store listing

Follow these simple steps once your privacy policy is ready.

  • Go to your Google Play Developer Console.
  • Select an app.
  • Select Store Listing.
  • Under Privacy Policy, enter the URL where you have the privacy policy hosted online.
  • Select Save draft (new apps) or Submit update (existing apps).

While there are apps that will be affected by the email warning, Google’s determination to clean out zombie apps is no doubt a welcome move for user data and privacy protection. This doesn’t mean that permissions are only evil. In fact, there are many legitimate apps (that we love!) would not work without them. The giant tech company is just trying to create a healthier, more transparent community where everyone’s protected. And as a developer, you’re helping that community grow and become stronger by including a valid privacy policy.    

Now that you know where you stand and what you must include in a privacy policy, carefully double check your app and outline all the dangerous permissions you request as well as their purposes. This will make sure you’re not missing out on any important element that can lead to further rejection from Google.  

Do you have a privacy policy for your site?

Writing a privacy policy does not need to be hard, and you do not even need to write your own. There are tools like terms feed and iubenda that will make a privacy policy for you in minutes, and you can add it to your website.

In conclusion

Privacy Policy has been back-burner for most any business, negligence or outright ignoring regulation is both harmful for customers and where all affiliate calls the Internet home. We do business online, we must protect and follow the guidelines, differentiate ourselves with scammers and those who think they can get away with the bare minimum. If you are running multiple landing pages, start generating your privacy policy today.

generate your privacy policy

 

Related Articles: