Privacy policies are one of the most underappreciated parts of your website. In fact, a privacy policy is one of the most important elements of your site. From providing legal protections (both domestic and international) to being an SEO ranking factor, making sure that your website’s privacy policy is top-notch, clear, and up-to-date is paramount. We have some tools and resources that can help you with this. We also as some tips and advice as to what to include in your WordPress privacy policy to begin with.

What is a Privacy Policy?

Privacy policies can look intimidating, but you should always read them when possible.

A privacy policy tells users what you’re doing with their data. Anything you gather from them, an email address, first name, location, whatever, has to be disclosed to your website visitor, and then you have to tell them what you plan to do with that information, even if your plans are as benign as sending a birthday discount via email. The General Data Protection Regulation (GDPR) is legislation passed by the European Union that even requires visitors to opt in before any data is collected at all (plus much more), no matter the reason.

If you use Google Analytics, Facebook Like buttons, run ads on your site or any number of other standard practices for 95% of websites out there, a privacy policy is 100% necessary.

Why Have a Privacy Policy?

The purpose of having a solid privacy policy is to make sure that your users know exactly what they’re opting into. Even if they don’t read it (and most won’t), they and you are still bound by it. Not having one opens you up to legal troubles. Not the least of which is thousands of dollars in fines. Beginning in 2020, legislation called the California Consumer Privacy Act (CCPA) is even more strict than GDPR in terms of both requirements and penalty, so tightening up your legalese should be at the top of your to-do list if you haven’t tidied it up in a while.

Ideally, you’d enlist the help of a lawyer to help you draft your privacy policy. However, that’s not a practical option for the vast majority of site owners. Knowing this, a lot of online services have sprung up to help fledgling websites craft basic privacy policies to cover their bases. Not all of them are created equal, however. We want to give you an idea of what you should look for in a privacy policy so that any generator or boilerplate you implement actually has you covered.

What Should Your Privacy Policy Include?

These points may or may not be everything you need to consider for a well-rounded privacy policy. Think of them only as the basics that the document should include. (You can also read up on critical clauses if you’re so inclined.)

  • how you collect information
  • what you do with collected information
  • what cookies, pixels, and other trackers your site uses and their purpose
  • any advertising networks and their methods/purpose of data collection and ad delivery
  • how your users can opt-in and opt-out of their data being collected and stored
  • how your users can request their data be turned over to them and/or deleted
  • contact information for site administrators

This is the bread and butter of privacy policies. Ideally, visitors would take a look at your policy and decide if they’re comfortable using your services. More realistically, it covers you legally. In case someone ever comes back with a dispute about how you used their information or data, you have a document indicating that they opted in for that usage.

A big part of these disclosures involves cookies. Cookies are files on your computer that contain personal settings for specific websites. The term itself supposedly comes from ‘magic cookies’, which are a type of token used by UNIX-based Operating Systems (OS). In any case, websites use cookies to track what you do within them. For example, cookies enable you to stay logged in even if you leave the website (although there are limitations). According to the European Union’s Cookie Law and new ePrivacy Regulation, sites need to inform visitors about their use of cookies and provide an option to disable them.

What Do You Do with User Data?

Here’s the real kicker: what you do with the data is just as important to disclose as that you collect it. Why? Data is big business. It’s really the business. Billions of dollars flow through the data industry each year. Many, many, man sites sell or share their user data. Others, more ethically, use the collected data to personalize content and ads and other, similar applications.

Regardless of what the use is, you must disclose it. While some users may consent to share personal data, they might not be happy with how you decide to use it and decide to not opt in. Or request that you remove their data from your collection after the fact.

One use of using a user’s data is us. If your Elegant Themes yearly subscription is about to expire, we send you an email reminder. In this case, we’re using your personal information to provide an update. We have the date on which you became a member, your name, and your email address. We use that to personalize our service to you.

In any case, if you’re not comfortable with the way a website uses your information, the GDPR outlines the ‘right to be forgotten‘. This means sites are bound by law to delete your information if you ask them to.

How to Create a Privacy Policy

We mentioned before that a lawyer is a good option. After all, this is a legal document that you and your business will be bound to. However, that’s unrealistic for most website owners. That’s why various services have sprung up over the years to generate boilerplate (but customizable) privacy policies for your websites. We’re going to touch on a few of them so that you can know that you’re in the right hands in letting your visitors know that they are, too.

1. Termageddon

WordPress privacy policy

Knowing fully how ridiculous their name is and leaning into it, Termageddon is a top-notch service that generates automatically updating privacy policies. Any time new laws are passed that affect privacy data, Termageddon updates your embedded policy to reflect them. So when CCPA went into effect, it was updated from when the GDPR started. Setting it up is as simple as answering questions about your business or website. Then you paste an embed code into the page where it will live. You can override any updates or changes, and you can edit the policy manually, too. If you handle a lot of user data, then this is $10 a month well spent.

Price: $10 per month/ $99 per year | More information

2. TermsFeed

WordPress privacy policy

TermsFeed enables you to generate basic privacy policies in minutes. You can easily customize them using your site’s information. Each time you want to create a new policy, the service will walk you through a questionnaire to help you determine the clauses you need. When the process is over, you’ll receive your new policy via email. The turnaround is pretty quick. That way, you can paste it into your website and have it live for your visitors immediately. The platform also offers you the option of updating your policies automatically as laws change. Plus, if you want more personalized customization, you can download various templates for terms of service and so on that you can edit and fill out on your own.

Price: Free and paid plans available | More Information

3. FireBase

WordPress privacy policy

Powered by Google and designed mostly for mobile apps, FireBase is a great privacy generator. Esepcially when you want something fast, easy, and customized for very specific services. It’s easy to implement and set up. It is a more simplistic privacy policy; however, that doesn’t mean it is useless or even bad. The policies generated show what you do with cookies and how you use various services, and we like it because it’s written in plainer language that your users will be able to understand and parse better than some of the more complex legalese that comes in other generators. If you want a quick, easy, and understandable privacy policy generator, this is it.

Price: free | More information

How to Add the WordPress Privacy Policy

Actually adding the privacy policy to your website is incredibly easy. All you need to do is create a new Page and title it something like Privacy or Privacy Policy.

Adding to your site

Then it’s a simple matter of pasting in either the WordPress privacy policy text or the embed code. For this example, we pasted the entire privacy policy into a Classic block in Gutenberg. But it could just have easily been a Custom HTML block or even just normal Text blocks.

linking to your policy

Upon hitting Publish, you just need to make it accessible to your users. Adding it to the bottom of your About page is always a good idea, as well as adding it to your primary navigation menu (as well as footer menus).

using privacy in WP

And make sure that you click Save Menu when you’re finished. Many people forget that WordPress requires confirmation of menu adjustment, and the last thing you want to do is put in a lot of time and effort making sure that you’ve added the best privacy policy to your website that you can…and then make it inaccessible.

the text on display

When that is done, your policy should be live on your site and visible to users.


Website privacy policies don’t get the spotlight they deserve. However, they’re essential elements of any website that takes data protection regulations seriously. On top of enabling you to keep your operations above board, your WordPress privacy policy outlines how your site handles personal information. That should put visitors’ minds at ease. And cover you legally and ethically, too.

What do you find the most important aspect of a privacy policy?

Article image thumbnail by Zeeker2526 /

The post How to Create a Privacy Policy for Your Website appeared first on Elegant Themes Blog.