Do I need a Privacy Policy?

padlock and key on keyboard

If you’ve worked with us — or you’re about to — for a website project, you’ll at some point be introduced to the Privacy Policy. While we don’t write these legal documents for our clients, we sure do want you to have one! Why? Every state in the U.S. has some type of law governing Privacy Policies for websites. And we want you to be good, law-abiding citizens.

Website Muscle is based out of California, which has the strictest laws in the country regarding data collection and privacy. The interesting thing is, the purpose of the California Online Privacy Protection Act (CalOPPA) is to provide protection of personal data collected from California residents. Which means if you live in North Dakota but you have customers (or potential customers) in California, you need to have a Privacy Policy.

No matter what state you’re in, we can help steer you in the right direction to get your website’s Privacy Policy.

Here are some FAQs about Privacy Policies:

Who needs a Privacy Policy?

Businesses that collect personally identifiable information (PII) on their website — or who track users’ data via Google Analytics – need to have a Privacy Policy.

What’s Personally Identifiable Information?

Examples of personally identifiable information (PII) include:

  • name
  • email
  • phone number
  • date of birth
  • billing/shipping address
  • banking information
  • social security number

Most of our clients meet the PII criteria by having a contact form, job application form, or newsletter signup form on their website.

What if I don’t have a contact form on my site?

Even if you don’t have a contact form, job application form, or newsletter signup form on your site, you most likely have Google Analytics installed, which would still necessitate a Privacy Policy in CA.

While not personally identifiable data (PII), Google Analytics stores cookies on users’ computers, allowing you to track usage data such as how many times a user visits your site, what pages they visit, and how long they stay on your site.

Also, if you run an ad campaign, or if there’s a chance you might add Google Analytics or a contact form in the future, it’s a good idea to have a Privacy Policy in place. Most people don’t think to update their Privacy Policies as these things change.

Does having Google Analytics installed on my site require a Privacy Policy?

Yes! This is considered non-personally identifiable information, or non-PII.

Google Analytics stores cookies on users’ computers, allowing you to track usage data such as how many times a user visits your site, what pages they visit, and how long they stay on your site.

How do I get a Privacy Policy for my website?

Here are your options:

  • You can write one yourself. (Have fun with that!)
  • You can have an attorney prepare one for you.
  • You can use one of the many online generators out there. (This is the one we recommend.)

Online Privacy Policy generators allow you to answer some questions and for a small fee (some are even free!), they’ll produce a Privacy Policy for you. These websites also do other legal documents like Terms of Use, Disclaimers, Return & Refund Policies, Cookies Policies, and more.

Examples of online generators include:

Some sites like termageddon.com require an ongoing monthly membership but will auto-update your Privacy Policy as laws change.

What could happen if I don’t have a Privacy Policy?

To be honest, we’re not sure! Possibly fines, possibly a lawsuit? Basically you’re opening yourself up to allegations of misusing people’s personal data (or using it in a way that they haven’t been notified of). It’s better to spend the money to protect yourself now.

Back to Blog