Disclaimer: Start Up Heart Up, LLC is not a law firm or a substitute for an attorney. We cannot provide any kind of advice, opinion, or recommendation about possible legal rights, remedies, defenses, selection of forms, or strategies. This publication is designed for general information purposes and does not constitute legal advice. See your attorney about your specific situation.

Why this matters:

While website Privacy Policies may not be required in every U.S. jurisdiction, it is certainly “best practices” to include one on your website. Due to increasing concerns around consumers’ personal information and data privacy, laws such as CCPA (California) and GDPR (Europe) have been growing in popularity and may soon be more widely applicable across the board.

In order to do this “the legal way”, do NOT simply copy and paste without understanding what’s in your privacy policy. It is solely your responsibility as a business owner to UNDERSTAND and VERIFY that the privacy policy on your website is truthful, accurate, and fully compliant with applicable law.

Below is an example privacy policy that I use on my own websites, www.startupheartup.com and www.thelegalway.biz. Do with it what you will, but at your own risk and at the advice of your own legal counsel of course.

Much love,

Kae

Lawyer, Author, & Founder of Start Up Heart Up

—-

PRIVACY POLICY

Date Updated: [INSERT DATE]

We at [INSERT COMPANY LEGAL NAME] along with our affiliates (collectively, “COMPANY”), respect your concerns about privacy. COMPANY operates one or more websites (collectively, the “COMPANY Websites”), including [LIST WEBSITES]. This Privacy Policy describes the types of information we may collect about consumers, how we may collect and use that information, with whom we may share it, and the measures we take to protect your personal information. This Privacy Policy is not a contract between you and COMPANY that creates any rights or obligations. COMPANY may change this Policy in its sole discretion from time to time and at any time without notice to you. It is your responsibility to subsequently visit this page for any changes to this Privacy Policy.

What information may be collected?

The types of information we may collect include:

(1) Information that consumers provide to COMPANY that is necessary to fulfill the purpose of the visitor’s interaction with COMPANY, such as user names and email addresses for those who sign up for a newsletter or other resources.

(2) Financial information necessary to complete certain transactions.

(3) Other personal information you may provide to us to obtain an COMPANY service or product.

(4) Upon visiting our COMPANY Websites, certain information by automated means which may include Internet Protocol addresses, unique device identifiers, browser characteristics, device characteristics, operating systems, language preferences, referring URL’s, information on actions taken, and dates and times of activity.

We may also obtain information about consumers from our third-party partners, such as our advertising and market research partners, or from public sources.

How do we protect your information?

COMPANY takes administrative, technical, and physical safeguards to protect against the unauthorized access, use, alteration or destruction of all potentially personally-identifying information.

How do we use collected information?

COMPANY collects consumer information solely as may be necessary or appropriate to fulfill the purpose of the consumer’s interaction with COMPANY. COMPANY does not use or disclose personally-identifying information other than for the following purposes:

(1) To send you news, updates, promotions, product information, event announcements, and other marketing communications.

(2) To disclose logged in user and commenter IP addresses under the same circumstances that it uses and discloses personally-identifying information as described below, except that blog commenter IP addresses are visible and disclosed to the administrators of the blog where the comment was left

(3) To release non-personally-identifying information in the aggregate

(4) To collect statistics about the behavior of visitors to its websites, such as monitoring popular blogs (but note that while COMPANY may display this information publicly or provide it to others, COMPANY does not disclose personally-identifying information other than as described herein)

(5) Provide potentially personally-identifying information that COMPANY employees, contractors, and affiliated organization need to know in order to process it on COMPANY’s behalf or to provide services available at COMPANY’s websites. Such information is only provided to those that have agreed not to disclose it to others.

How do we use “cookies”?

A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. COMPANY uses cookies to help COMPANY identify and track visitors, their usage of the COMPANY Websites, and their website access preferences. COMPANY visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using the COMPANY Website.

If you have supplied your email address to COMPANY via any COMPANY Website, you agree that in addition to any media or resources you may have solicited or requested, COMPANY may further send you emails to provide you with information, to inform you of new products, to solicit your feedback, or to keep you up to date on COMPANY and its products. If you send us a request (for example via email or other feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users.

What information do we share with or transfer to others?

COMPANY does not sell personally-identifying information to anyone. Other than as described herein, COMPANY will only disclose potentially personally-identifying and personally-identifying information in response to a subpoena, court order, government request, investigation, or at any point when COMPANY believes in good faith that disclosure is reasonably necessary to protect COMPANY’s rights and interests, third parties, or the public at large. However, in the event COMPANY engages in one more asset sales or purchases or is subject to an event bankruptcy, certain personally-identifying information such as user information may be deemed an asset of COMPANY and may subject to assignment, transfer, and/or acquisition by a third party.

How do we use your information for advertising?

On our websites, we may use cookies to collect information about your online activities for use in providing you with advertising about products and services that are tailored to your individual interests. Advertisements appearing on any COMPANY website may be delivered to users by advertising partners, who may set cookies. This Privacy Policy covers the use of cookies by COMPANY and does not cover the use of cookies by any advertisers.

How can you unsubscribe and/or make requests about your information?

You may choose not to receive marketing email communications from COMPANY by clicking the “unsubscribe” or “opt-out” link in our advertising emails. If you have any questions or comments about this Privacy Policy, or if you are a California resident and would like to ask us to refrain from sharing your personal information with certain of our affiliates and other third parties for their marketing purposes, or to submit an data access or data deletion request, please contact us by email: [INSERT COMPANY EMAIL]