How to Create a Privacy Policy for Your Website

Posted on February 13, 2018 by in Resources | 36 comments

How to Create a Privacy Policy for Your Website

Privacy policies are one of the most overlooked aspects of most websites. If you stop to look around most of the popular sites you visit, you’ll find they all have unique privacy policies (though the specific page’s traffic is usually low). Even so, these documents are important if you want your website to comply with local and international regulations.

More importantly, you don’t need to be a lawyer to add a thorough privacy policy to your website. In this article, we’ll talk more about why privacy policies are significant and we’ll teach you about some essential clauses. Then we’ll introduce you to three tools you can use to help you create a privacy policy for your website.

Let’s talk privacy!

What Privacy Policies Are (And Why They’re Important)

The Elegant Themes privacy policy.

Privacy policies can look intimidating, but you should always read them when possible.

Privacy policies are legal documents informing users what you do with their data. For example, if you collect email addresses, names, and birthdays during the user signup process, you need to tell users what happens with their information. For example, some websites might use it for internal purposes only (such as customer profiling). Others might sell the information to third-party services, in which case consent is necessary.

As you’ll be aware, privacy policies are usually skipped over by the majority of visitors. However, there are several benefits to adding one to your website:

Although some countries don’t require the use of a privacy policy, you can still be held liable under international law for not following regulations. If you have European Union (EU) users, for example, you need to comply with the GDPR. Given the chances of getting fined for non-compliance, adding a privacy policy to your website is simple – and it’s a smart business move.

Ideally, you’d enlist the help of a lawyer to help you draft your privacy policy. However, that’s not a practical option for the vast majority of site owners. Knowing this, a lot of online services have sprung up to help fledgling websites craft basic privacy policies to cover their bases. However, before discussing them, let’s look at what your privacy policy should contain.

3 Clauses Your Website’s Privacy Policy Should Include

These three clauses won’t, in most cases, be enough to craft a well-rounded privacy policy. Think of them only as the basics that any such document should include. We encourage you to do further research into other critical clauses.

The next section will explore some tools to generate full privacy policies with little input from your end. Even then, it’s essential you have a working understanding of what their basics are.

1. How and What Type of Information You Collect

This clause is the bread and butter of privacy policies. It details the exact information you collect, and how. To recall our earlier example, you can get email addresses and names directly from signup forms. However, there is also data you can obtain without the user knowing. For example, Google Analytics tracks the user’s preferred web browser, which needs to be mentioned.

Ideally, visitors would take a look at this clause and decide if they’re comfortable using your services, but more pertinently, it covers your bases legally. Here’s an excerpt from our own privacy policy, discussing what type of information we collect and how we do it:

Personally Identifiable Information refers to information that tells us specifically who you are, such as your name, email address, or phone number. Downloading information or logging in may allow the Company to “recognize” you to allow us to personalize our service for you.

This first section discusses what we consider to be personal information, as opposed to anonymous data we might collect. It also mentions we may use the information to personalize your user experience. In our case, logging in is only necessary to download products you may have purchased, so it’s not obligatory.

2. What You Do With the Information You Collect

Plenty of websites engage in the practice of selling or sharing user data. Other services use this to personalize content and ads, among other elements. Other potential applications include using information to enforce terms of use, improving your website’s services, and more.

Regardless of the application, this clause is critical because although users may consent to share personal data, they might not be happy with how you decide to use it. Here’s a short paragraph from our privacy policy outlining our general use of private information:

For our Clients, we use personal information mainly to provide the Services and contact our Clients regarding account activities, new version and product offerings, or other communications relevant to the Services. We do not sell or share any personally identifiable or other information of End Users to any third parties, except, of course, to the applicable Client whose website you are using.

For example, if your Elegant Themes yearly subscription is about to expire, we send you an email reminder. In this case, we’re using your personal information to provide an update.

In any case, if you’re not comfortable with the way a website uses your information, the GDPR outlines the ‘right to be forgotten‘. This means sites are bound by law to delete your information if you ask them to cancel your account, for example.

3. Your Use of Cookies

Cookies are files on your computer that contain personal settings for specific websites. The term itself supposedly comes from ‘magic cookies’, which are a type of token used by UNIX-based Operating Systems (OS).

In any case, websites use cookies to track what you do within them. For example, cookies enable you to stay logged in even if you leave the website (although there are limitations). According to the European Union’s Cookie Law and new ePrivacy Regulation, sites need to inform visitors about their use of cookies and provide an option to disable them. Here’s an excerpt from our privacy policy’s section on cookies:

We use cookies, tracking pixels and related technologies on our website. Cookies are small data files that are served by our platform and stored on your device. Our site uses cookies dropped by us or third parties for a variety of purposes including to operate and personalize the website. Also, cookies may also be used to track how you use the site to target ads to you on other websites.

The above explains how we use cookies and what they are. Later on in the policy, we also discuss how you can opt out of using cookies, including those served by third-party services on our website (such as Google and MailChimp).

3 of the Best Privacy Policy Generation Services to Consider

Although we fully recommend the services we include in this section, you should always review the language of any privacy policy you generate with any of them, just to be safe. Let’s take a look at the options.

1. iubenda

The iubenda homepage.

iubenda is an online website privacy policy generator that stands out thanks to its ease of use. It uses modules to help you pick the exact clauses your privacy policy should include, and adjust their terms depending on which services you use. For example, if you’re part of the Amazon Associates program, you can add the necessary language to your policy with a single click.

Key Features:

  • Uses simple module system to build a comprehensive privacy policy.
  • Lets you customize your policy using your company’s information.
  • Enables you add necessary clauses for several popular third-party services, including Amazon Associates and Google Analytics.
  • Provides automatic updates to your policy based on any new regulations.

Price: Free and paid plans available | More Information

2. TermsFeed

The TermsFeed homepage.

TermsFeed enables you to generate basic privacy policies in minutes, and customize them using your site’s information. Each time you want to create a new policy, the service will walk you through a questionnaire to help you determine the clauses you need. When the process is over, you’ll receive your new policy via email in seconds. The platform also offers you the option of updating your policies automatically as laws change.

Key Features:

  • Enables you to generate custom privacy policies using a simple questionnaire.
  • Lets you adjust your policy to comply with national and international laws.
  • Provides automatic policy updates whenever the law changes.

Price: Free and paid plans available | More Information

3. Shopify’s Privacy Policy Generator

Shopify's Privacy Policy Generator.

Shopify’s Privacy Policy Generator is a bit more narrow in scope than the other tools we’ve discussed. Its clauses are tailored for Shopify websites specifically. However, you can generate one of their policies in seconds and use it to check out essential clauses regarding how to deal with payment information.

Key Features:

  • Lets you generate a privacy policy for your Shopify store.
  • Enables you to outline how you deal with customer payment information.
  • Gives you the ability to customize your privacy policy based on your store and its location.

Price: Free, but you need a Shopify subscription to get the most out of it | More Information

How to Create a Website Privacy Policy Using iubenda

For this portion of the piece, we’ll use iubenda given its ease of use and reasonable pricing structure. To get started, go to the service’s home page and click on the GENERATE YOUR POLICY button to the top right of the page. On the next window, enter your website’s URL and click the blue button:

Entering your website's URL.

The service will ask you to register a free account or log in using Facebook. Either way, when you’re in, you’ll see an option to add any services your website uses to your privacy policy:

Add new services to your privacy policy.

Clicking on the button will show you a list of clauses you can add:

A sample of the services you can add to your privacy clause.

As you include more services, they’ll be added to your privacy policy automatically. You can preview it at any time by clicking on the Preview widget to the right of your dashboard:

Previewing your privacy policy.

When you’re done adding services, click on the Next button at the bottom of the page. You’ll now need to enter your company’s name and address, then click on Next again:

Entering your company name and address.

On the final screen, you’ll find options to embed your policy into your website:

Embedding your privacy policy into your website.

That’s it! If you’ve included all aspect of how you collect data, your privacy policy will be good to go. Do remember to give it a full read before publishing it, though!


Website privacy policies don’t get the spotlight they deserve. However, they’re essential elements of any website that takes data protection regulations seriously. On top of enabling you to keep your operations above board, privacy policies also outline how your site handles personal information, which should help put visitors’ minds at ease.

If you don’t know where to start when it comes to creating a website privacy policy, here are three online generators that are easy to use and feature-packed:

  1. iubendaA module-based privacy policy generator that supports dozens of third-party services.
  2. TermsFeedThis simple service enables you to create a basic policy through a questionnaire.
  3. Shopify’s Privacy Policy GeneratorThis generator is tailor-made for Shopify stores.

Do you have any questions about what clauses your privacy policy should include? Let’s talk about them in the comments section below!

Article image thumbnail by Marharyta Pavliuk /

Premade Layouts

Check Out These Related Posts

9 Non-Profit Child Themes for Divi

9 Non-Profit Child Themes for Divi

Posted on July 27, 2019 by in Resources

There are lots of nonprofit organizations across the globe. Just about every one of them needs a well-designed website to tell their story and receive donations to help their causes. Divi is an excellent theme for nonprofits such as charities. Fortunately, you don’t have to start from scratch for...

View Full Post
55 Web Design Blogs to Follow in 2019

55 Web Design Blogs to Follow in 2019

Posted on January 6, 2019 by in Resources

Inspiration comes in many forms and professional development never ends. With that in mind, we have put together a massive list of web design blogs that can keep your brain fed for the entire year. But don’t worry. You won’t find any duds on this list. We respect your time and feel like...

View Full Post


  1. Hi, great post, thank you!
    I use Iubenda, but I wonder if there could be a better integration in DIVI for personalizing the cookie banner and to link the iubenda policy Iframe direcly from WP menu.

    • Hello Domisol. Glad you found it helpful. Feel free to post your idea for DIVI integration at our Theme Suggestion community forum. 🙂

  2. Thanks John, you wrote this piece for me because that’s what’s currently on my mind?. I can figure out from your article that some services will make the job easily done.

    • The same here. Many thanks, John.

      • No problem. Thanks Pavel. 🙂

    • Thanks James. Glad you found it helpful. 🙂

  3. Nice explanation of how important a private policy is. I myself have never done one for my websites, and I think its time to consider doing this.

    Thanks for the good info

    • You’re welcome Shane. 🙂 Happy to help.

  4. Do any of these services create Privacy Statements that are GDPR compliant. This will be mandatory soon.

    • Hello David. We’re confident that all of the solutions are (or will be) compliant. As always, you should double check with the providers to make sure they’re offering what you need.

  5. Great post! This is very complete and helpful information, while most other blog posts I’ve read are scarce on information, and are rarely actually helpful. This one is great.

    Just as a side note to add here too: In Canada, ALL websites that collect any information about visitors are required by law to have a Privacy Policy. While many websites here do not have one, especially the majority of small businesses, I’m sure the day is arriving soon when everyone with a website will realize the legal implications of NOT having a privacy policy.

    Thanks again for the great post!

  6. Hi John, I started a lifestyle blog four months ago and am not very web technical. I do have subscribers (40) for weekly email newsletter and use Google Analytics. I’m assuming cookies don’t apply to me? If I use one of the services, what is the best option, approach for me to integrate the policy at the end. Right now I only have three page, home, blog and contact.

    • Hello Debbie – thanks for your question! Cookies will still apply to your site if they are activated. You can find out more about how they work at this link:

      With regard to best option for integrating the policy, it would most likely work best on its own dedicated page, although your contact page could be a good alternative. TermsFeed and iubenda are both viable options for adding a privacy form for a lifestyle blog.

  7. What about Privacy Policies in spanish?

    • Hello Jorge. We are confident that the solutions provided are translatable. However, we recommend checking with the provider first to ensure that it offers Spanish translation.

  8. Thank you! I need this for my clients. They don’t usually have a policy in place.

    • Thanks Janet. Glad you found it useful. 🙂

  9. This came out at the perfect time. Thank you.

    • No problem Everett. Happy to help. 🙂

  10. Heads up!
    iubenda does not have a free option. There is a choice of “Start now with the $9/month plan or Purchase a license just for this policy at $27/year”.
    There is no free option visible.

    • Hello, Riger! There are definitely free plans available for iubenda – you can check them out at this link:

      Thanks for your comment. 🙂

  11. Great article. Thank you. I’m forwarding the link to my team. You’ve given us a lot to consider. Thanks again, John!

    • Thanks Shawn. Best of luck to you and the team. 🙂

  12. Good explanation about the important of private policy. There are many online privacy policy generator website most of them are free. I usually use them when need to create privacy policy for my website.

  13. Great post John and thanks for the links to the policy generators!

    If you want to make sure that Bloom and the Divi native Optin-Form follow the GDPR guidelines (link to the policy and a checkbox), please check my “Bloom – GDPR Overlay Plugin” on the Elegant Marketplace. It creates a smooth overlay and you don’t need to make any changes to your Optin-Forms.

    All the best, Bruno

  14. Thanks for all the helpful information. I’m curious why Authomattic’s plugin
    “Auto Terms of Service and Privacy Policy” didn’t make the cut. I’d love to hear feedback on that plugin.

  15. Nice post.

    Privacy policy page is an important page which contains all the privacy details we(Bloggers) collect from a website.

    I’d like to see a post about Disclosers and TOS page.

    Hope soon find it here.


  16. Good article,
    I am pro customer of Iubenda (very widespread in EU).
    Could be usefull for all Divi/Extra users to have best practice how to include the iubenda Embedding code or direct link in our site (ex: in the footer.php or using widget and so on)
    thanks in advance

  17. Thank you. A privacy policy had never occurred to me as a small business owner who just started making my own business website. Love the idea of incorporating it into the Divi theme! Is this doable for a neophyte like me? Thanks.

    • Hi Tracey. You’re very welcome. Thanks for your comment.

  18. Hi and thank you very much for your article. You used some technical detail that for me are interesting.
    I would like to ask you a delicate question about it.
    If me, as a little web agency, rent a server that is paid every three months to a web hosting, and sell accounts on this server to his customers, where are located the website, am I responsable of the data of my customers collected through their contact form? I used Iubenda since 2 years but I don’t know if now with this GDPR in my situation I should also to organize with software or hardware such as Microsoft Suite to protect the data of my customers? I use my customer information to send Expire alarms or information, we don’t share our data with no one or making some adv campaign.
    Thank you very much it will be very helpful.

    • Hello Gugu. Thanks for your question. If iubenda has been the privacy policy generator you have used thus far, it may be best to contact them in regards to your specific situation in order to gain the most relevant response.
      Hope this helps.

  19. Thank you for this great article. I have 2 questions to ask if anyone has answers:

    1- When creating a website with the Divi Theme, does my website collect cookies by default? If yes, how can I stop this action?

    2- If I don’t collect any information from people who visit my website, do I still need to have a privacy policy page?

    • Divi does not collect cookies or any other data by default. The only data it could collect is associated with our split testing feature Divi Leads. And as far as I know that’s so general as it would not even need to be stated that you’re running those tests.

Join To Download Today

Pin It on Pinterest