top of page


01. What data you collect and how you’ll use it

You should list the exact types of data that you collect from users, such as IP addresses and email addresses. This may include a person’s name, age, address, interests, credit card information, banking information and more. Be as specific as possible to avoid any misunderstandings.

In addition to telling people what you collect, you should also tell them why you collect it. Whether you’re using information to recommend new products or tailor promotions to your target audience, be transparent to help put customers at ease. A statement such as “We may use your information to provide you with special offers” is effective and to the point.

02. Methods of collection

Users will encounter some obvious data collection methods while using your site (such as their credit card information when they checkout), but your website privacy policy should lay out all the ways that you collect data. You should disclose your use of online forms, opt-in pop ups and checkout pages, but also mention any information that your website collects on the back end, like IP addresses and users’ location.

03. Customer communication

One of the principal reasons that websites collect data is to communicate with customers. If you’re collecting contact information, a communications clause is necessary.

This section should let users know how and why you plan to contact them. If you send regular email newsletters, text users about flash sales, or provide transaction updates through Facebook Messenger, SMS or email, your website privacy policy should say so. Be sure to list the methods of communication you use and how they’re used to avoid any confusion or breach of trust.

If, for any reason, users don’t want to have their information collected, they should have the choice to unsubscribe. The communication clause should therefore explain that visitors may opt out of having their information collected at any time. Tell them exactly how to do it by referring them to a link or providing an email address to reach out to. You can, however, mention that when they choose to opt out, it may affect their site experience. For example, products or deals relative to their location or demographic may not be disclosed.

04. Redress and security information

People’s financial information is a sensitive topic, and rightly so. Your website privacy policy may detail the encryption and website security measures implemented to protect sensitive information like credit cards, bank accounts and home addresses. If people don’t feel comfortable paying on your website, you’ll lose out on potential revenue.

In addition, you should provide information about a customers’ rights related to their personal information. In accordance with privacy regulations around the world, site visitors may have - among other rights - the right to access their data or ‘be forgotten’ (be permanently deleted from your databases). You should provide your users with a list of their rights and the ways on how to exercise them.

If customers feel that you have violated their privacy or that you have not honored your own policy in some way, they deserve a method of redress—a way to set things right. Your privacy policy is serious and you should take it seriously. Add a redress policy that tells visitors who to contact if they feel the policy has been violated. This shows that you stand by the policy and respect consumer privacy.

You can also let customers know they can report a privacy violation to the U.S. government.

Pro-tip: Websites built on Wix offer around-the-clock-monitoring and use the strongest encryption standard commercially available to safeguard businesses and their clients online. Supported by anti-fraud protection, sites are also compliant with the highest Payment Card Industry Data Standards. Therefore, businesses running on the platform receive enterprise-grade security managed by experts.  

05. Child privacy

Due to the Children's Online Privacy Protection Act (COPPA) in the United States, you need a clause that addresses child privacy. This law states that it is illegal for your site to collect private information from minors without using a specific protocol to do so.

Even if your business caters to adults, it may be necessary to add a brief clause to indemnify you in the event of any accidental violation of COPPA.

For instance, Hormel Foods uses this simple passage:

“Our Website is not intended for children under 18 years of age (or the age of majority in your jurisdiction). We do not knowingly collect, use, or disclose Personal Data from children under 18. If you believe that we have collected, used or disclosed Personal Data of a child under the age of 18 (or the age of majority in your jurisdiction), please contact us using the contact information below so that we can take appropriate action.”

If your website does target children under the age of 18, you’ll need to create a more detailed Children’s Privacy Policy on its own landing page. You can read more about Children’s Privacy rules here.

06. Future changes

Businesses grow and change, and so do privacy policies. As such, your privacy policy should include a section that informs users of your right to adjust the policy at any time, and of their right to know about any revisions.

This section should tell users that you may notify them of any changes when they occur and which method of communication you’ll use. You should also add a note in bold to the top of your website privacy policy to alert visitors of any new changes.

07. Contact information

It’s a good idea to add your contact information to your privacy policy. This offers customers an even greater degree of transparency. By giving them a clear way to contact you with any questions or concerns, you show that your company genuinely cares about user privacy. Another great way to do this is by creating a contact form.

BK 750
BK Logo
bottom of page