Privacy Policy for Small Business: Template and Guide

If you’re a small business owner wondering whether you need a privacy policy, the answer is probably yes.

A privacy policy for your small business helps you comply with privacy laws while also protecting the rights of your users.

A small business privacy policy template that you customize to your business and industry can ensure you include all the proper legal clauses and help you decide how much information you really need to request or store.

Read on to find out what a small business privacy policy is and why you need one.

Use our free privacy policy generator to create a comprehensive policy for your small business in minutes.

  1. Privacy Policies Explained for Small Businesses
  2. Does My Small Business Need A Privacy Policy?
  3. What’s Inside a Small Business Privacy Policy Template?
  4. What Makes a Good Small Business Privacy Policy?
  5. Where To Post Your Business's Privacy Policy
  6. Good Examples of a Small Company Privacy Policy
  7. Small Business Privacy Policy Template [Free Download]
  8. Summary

Privacy Policies Explained for Small Businesses

A privacy policy is a legal statement that tells your customers how, when, and why you gather their information and what you do with it. It lets them know whether you keep their information confidential, share with anyone, or sell it to other businesses.

Beyond providing transparency, a privacy policy keeps your business compliant with the patchwork of privacy laws in the US and around the world.

Does My Small Business Need A Privacy Policy?

You are not exempt from the need for a privacy policy because your business is small.

Any business that shares and uses information needs to have a privacy policy.

If you share personal information without your customers’ knowledge, you could infringe on local laws. A data breach or the mishandling of information can bring serious legal consequences.

Laws That Require Your Small Business To Have a Privacy Policy

Penalties for Violating a Privacy Regulation

Violating a data privacy regulation can be expensive:

Your small business could be on the hook for a bundle without a privacy policy.

What’s Inside a Small Business Privacy Policy Template?

A small business privacy policy contains multiple legal clauses covering the type of data collected, how it’s protected and used, and a procedure to allow customers to either opt in or opt out of sharing their data.

If you’re a small business, your privacy policy must describe what information you collect, including names, addresses, email addresses, and payment information.

What Should You Include in Your Privacy Policy?

Include the following information in your privacy policy:

Consider all the ways you collect personal data, including contact forms, payment applications, email newsletter registration, affiliate websites, advertising networks — including cookies — and buttons for social media sharing.

How Do You Share or Disclose the Information?

Report if you share the information for any of these reasons:

Be sure to tell customers when and under what circumstances you share the information.

How Can Customers Update Their Information?

If customers create an account with you or consent to storing their information with you, they may need to update it for various reasons.

The policy should state that you allow your customers access and provide contact information for making corrections and updates.

How Do You Protect the Data?

Telling customers how you plan to protect their data reassures them that it’s safe with you. Some laws require you to communicate how you protect customer information. You shouldn’t be too vague but keep to general steps.

How Can Customers Opt in or Out?

Some privacy laws require you to provide customers with a way to opt out of communications, information collection, or data storage. It’s a method of reducing unwanted or unsolicited emails and spam.

Provide a phone number or email address where the customer can contact you to opt out of communications. While it’s not part of a privacy policy, any email or text you send to a customer should indicate how they can opt-out of future communications, typically by an unsubscribe button or link or a specific text response like the word stop.

Other regulations require you to allow a customer to deliberately opt in before you can ask for information, which is more proactive than opting out. In this case, the customer agrees to provide the information before any is entered instead of asking people to look up your privacy policy or wait for the first communication to opt out.

What Makes a Good Small Business Privacy Policy?

Having a Strategy for Determining the Type of Information To Request or Retain

Before you ask, think about whether you need that information. Only collect the information you absolutely need and nothing more.

Keep privacy and security at the top of your mind anytime you purchase new computer equipment, software, or cloud services. Also, consider the type of information you collect, why you collect it, and where you intend to keep it.

Understand the privacy implications anytime you use personal information, including tracking cookies, Google Analytics, and other personalization or metric gathering service. Ensure you don’t discriminate against anyone who chooses not to share their data, including offering discounts or promotions to those who opt in that aren’t available for customers who opt out.

Not Copying a Privacy Policy From Another Website

Your privacy policy should fit your business. Copying a policy from someone else’s website is unlikely to cover your specific company or industry. It’s okay to start with a template or look at a borrowed policy but make it relevant to your business and the information you collect.

Writing in Clear Language and Avoiding Jargon or Legalese

Providing a page full of legal terms can turn people off because they feel like you’re hiding something. Use language like that which you use when speaking to your customers and explaining your business.

Experiment with different structures or add a table of contents to make the policy easier to read.

Seeking Legal Advice From an Attorney

If you run a complex business or expect a global audience, speak to a business lawyer who can help you avoid pitfalls. An expert attorney will understand the most current versions of any regulations you must follow, ensuring your compliance with standards.

Are you expecting minors to use your service or visit your website? An attorney can help you navigate any laws regarding information gathering from children or teenagers.

Asking Only for the Information You Need

Never ask for more data than necessary. The less you gather, the less you assume responsibility for. If you don’t need a date of birth, don’t ask for it.

If you minimize the amount of data you request, you have less liability for exposing sensitive information in cases of a data breach.

Implementing Good Information Practices

Don’t stop with a privacy policy. While it’s an excellent first step, you need to install the proper security and virus protection for your systems. Do everything you can to keep the data from exposure to bad actors.

Where To Post Your Business’s Privacy Policy

There are plenty of places to post your privacy policy on your website. Just don’t hide it; make it easy to find as well as easy to read.

Legal Policies

Create a menu item or page for legal policies, especially if you operate a complex or highly regulated business. Place access to your privacy policy under that menu item or header and put the policy with the rest of your legal documents.

Informational Section

Make “privacy policy” a link from a home page menu and put the policy on an informational page linked closely to your information gathering forms.

Website Footer

The footer at the bottom of your website or home page is an obvious place for a link to your privacy policy.

Banners and Pop-ups

People generally consider banners and pop-ups annoying, but you can limit their appearance by allowing form entries or payment sites to trigger them to open before a customer discloses any information.

Sign-up

Are you asking customers to register for promotions or open accounts? Put your privacy policy link or the policy itself at the top of the form.

Checkout

Customers appreciate learning that their financial information is safe. Place a link or the privacy policy at the top of the checkout page or create a banner or pop-up to trigger when they open the payment page.

Top-level Navigation

Put a link to your privacy policy right at the top of your website or home page. It can go next to your phone number or other legal information you need to share with customers.

Landing Page

If you expect people to enter your site from a link from an email or social media post to a landing page instead of your home page, put the privacy policy on the page or create a pop-up or banner to explain your privacy policy before the customer continues to the landing page.

Good Examples of a Small Company Privacy Policy

Here are some examples of small business privacy policies that check the appropriate boxes.

Ruiz Financial Solutions

Ruiz Financial Solutions used a table of contents to simplify its privacy policy. The business also opens its policy page by thanking the customer for doing business with them and explaining the terms.

Ruiz-Financial-Solutions-privacy-policy

The table of contents is arranged like a frequently asked questions (FAQ) page, with headings in the form of questions like “How do we use your information?”

Junkyard Dog

The Junkyard Dog privacy policy carefully explains concepts like “cookies” and how they get on a computer, the type of information they can gather, and why the company is asking for the data. It also lists examples of the data their web server logs might capture.

Junkyard-Dog-Marketing-privacy-policy-example

KEM Business Solutions

KEM Business Solutions takes pains to point out that the site is not meant for use by anyone under the age of 18 and explains that it’s because they are complying with COPPA. They also announce their compliance with the GDPR for European users.

KEM-Business-Solutions-privacy-policy-example

They also keep paragraphs short and use bulleted lists to make the policy more readable.

Small Business Privacy Policy Template [Free Download]

You can download our free small business privacy policy template below in Word Doc, PDF, or Google Doc format. You can also just copy & paste the HTML directly to your website.

Before using it, read through the entire small business privacy policy template – fill in all of the [brackets], remove any sections that do not apply to your app, and tweak any language as needed.

Website Privacy Policy Template [Text Format]

PRIVACY NOTICE

Last updated [Date]

This privacy notice for [Company Name] (doing business as [Company Short Name] ) ("Company," "we," "us," or "our"), describes how and why we might collect, store, use, and/or share ("process") your information when you use our services ("Services"), such as when you:


Privacy Policy Template HTML

You can copy our privacy policy template HTML code or download it using the options below.

Template HTML Copy HTML Code Copied!

Additional Template Download Options

Website Privacy Policy Template [Text Format]

PRIVACY NOTICE

Last updated [Date]

This privacy notice for [Company Name] (doing business as [Company Short Name] ) (“Company,” “we,” “us,” or “our“), describes how and why we might collect, store, use, and/or share (“process“) your information when you use our services (“Services“), such as when you:

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at [Email Address] .

This privacy policy was created by Termly’s Privacy Policy Generator.

SUMMARY OF KEY POINTS

This summary provides key points from our privacy notice, but you can find out more details about any of these topics by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with [Company Name] and the Services, the choices you make, and the products and features you use.

Do we process any sensitive personal information? [We do not process sensitive personal information. / We may process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law.]

Do you receive any information from third parties? We may receive information from public databases, marketing partners, social media platforms, and other outside sources.

How do you process my information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.

In what situations and with which types of parties do we share personal information? We may share information in specific situations and with specific categories of third parties.

How do we keep your information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information.

How do I exercise my rights? The easiest way to exercise your rights is by filling out our data subject request form available here: [DSAR Form URL] , or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what [Company Name] does with any information we collect? Review the notice in full below.

TABLE OF CONTENTS

1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE PROCESS YOUR INFORMATION?
3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
5. WHAT IS OUR STANCE ON THIRD-PARTY WEBSITES?
6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
8. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
9. HOW LONG DO WE KEEP YOUR INFORMATION?
10. HOW DO WE KEEP YOUR INFORMATION SAFE?
11. DO WE COLLECT INFORMATION FROM MINORS?
12. WHAT ARE YOUR PRIVACY RIGHTS?
13. CONTROLS FOR DO-NOT-TRACK FEATURES
14. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
15. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
16. DO WE MAKE UPDATES TO THIS NOTICE?
17. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
18. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you [register on the Services,] express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

Sensitive Information. [We do not process sensitive information. / When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:

Payment Data. We may collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number), and the security code associated with your payment instrument. All payment data is stored by [Vendor Name] . You may find their privacy notice link(s) here: [Vendor Privacy Policy] .

Social Media Login Data. We may provide you with the option to register with us using your existing social media account details, like your Facebook, Twitter, or other social media account. If you choose to register in this way, we will collect the information described in the section called “HOW DO WE HANDLE YOUR SOCIAL LOGINS?” below.

[Application Data. If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:

This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.]

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies. You can find out more about this in our Cookie Notice: [Cookie Notice URL].

The information we collect includes:

Information collected from other sources

In Short: We may collect limited data from public databases, marketing partners, social media platforms, and other outside sources.

In order to enhance our ability to provide relevant marketing, offers, and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social media platforms, and from other third parties. This information includes mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), Internet Protocol (IP) addresses, social media profiles, social media URLs, and custom profiles, for purposes of targeted advertising and event promotion. If you interact with us on a social media platform using your social media account (e.g., Facebook or Twitter), we receive personal information about you such as your name, email address, and gender. Any personal information that we collect from your social media account depends on your social media account’s privacy settings.

[Information collected when you use our Facebook application(s). We by default access your Facebook basic account information, including your name, email, gender, birthday, current city, and profile picture URL, as well as other information that you choose to make public. We may also request access to other permissions related to your account, such as friends, check-ins, and likes, and you may choose to grant or deny us access to each individual permission. For more information regarding Facebook permissions, refer to the Facebook Permissions Reference page.]

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information: