Privacy Policy Generator
Generate a privacy policy for your website or app — GDPR, CCPA, COPPA compliance, HTML and plain-text output
Basic Information
Data Collected
Select all types of data your site collects.
Third-Party Services Used
Select all third-party services integrated into your site.
Data Retention Period
User Rights & Compliance
Select applicable privacy regulations for your audience.
Children's Privacy (COPPA)
You’re launching a SaaS product next week and need a privacy policy before you can submit to the App Store, enable Google Analytics, or integrate Stripe. A lawyer costs $500+ and takes two weeks. You need a reasonable starting policy that covers data collection, third-party services, cookies, and GDPR/CCPA compliance requirements — one you can customize and have reviewed later.
Why This Generator (Not the Terms of Service Generator)
PureDevTools has a Terms of Service Generator for usage terms and liability. This tool generates privacy policies — covering data collection types, third-party services (analytics, payments, advertising), cookie usage, user rights (GDPR, CCPA), and contact information. Outputs as formatted HTML or plain text. Everything runs in your browser; no data is sent anywhere.
Why Every Website Needs a Privacy Policy
A privacy policy is a legal document that explains how your website collects, uses, stores, and shares personal information from visitors and users. It is not optional: if you collect any personal data — including email addresses, analytics data, or cookies — you are legally required to publish a privacy policy in most countries and jurisdictions.
Privacy policies are required by:
- GDPR: Any website that collects data from EU or EEA residents
- CCPA / CPRA: Businesses handling data of California residents that meet specific thresholds
- COPPA: Websites directed at children under 13 in the United States
- PIPEDA: Organizations collecting personal data from Canadian residents
- Google AdSense / Analytics: Contractually required by Google’s Terms of Service
- Apple App Store / Google Play: Required for all published applications
Even if no explicit law applies to your situation, having a clear privacy policy builds trust with users and protects your organization from potential legal liability.
How to Use the Privacy Policy Generator
1. Fill In Basic Information
Start by entering your Company or Site Name, Website URL, Contact Email, and Effective Date. These appear prominently in the generated policy’s header and contact section.
- Use your legal entity name or the brand name users recognize
- Enter the full URL including
https:// - Use an email address that you actively monitor for privacy inquiries
- Set the effective date to today or a future launch date
2. Select Data Collected
Check every category of data your website or app collects. Be thorough — omitting data categories from your policy can create legal and trust problems:
| Category | Examples |
|---|---|
| Personal Information | Name, email, phone number, postal address |
| Usage Data | Pages visited, time on page, clicked links |
| Cookies & Tracking | Session cookies, preference cookies, ad cookies |
| Analytics Data | Traffic statistics, referral sources, browser type |
| Device Information | IP address, browser version, operating system |
| Location Data | Country, city, approximate GPS coordinates |
| Payment Information | Billing address, payment method (via processors) |
| Communications | Support tickets, feedback, email correspondence |
When in doubt, include a category. It is better to disclose more than needed than to omit something you actually collect.
3. Add Third-Party Services
If you use any third-party services that receive user data, you must disclose them. The generator includes pre-configured disclosures for 12 common services:
- Analytics: Google Analytics, Hotjar
- Advertising: Google AdSense
- Payment Processing: Stripe, PayPal
- Infrastructure: Cloudflare, AWS
- Email: SendGrid, Mailchimp
- Backend: Firebase
- Support: Intercom
- Monitoring: Sentry
Select every service you use. The generator automatically includes the correct description and a link to each service’s privacy policy.
4. Configure Data Retention
Specify how long you retain user data. Common retention periods:
- 30–90 days: Short-term data like analytics sessions or support chat logs
- 1–2 years: Standard for user accounts and interaction history
- 5 years or as required by law: Financial records and compliance-sensitive data
Choose a retention period that matches your actual data storage practices.
5. Add Compliance Sections
Enable the regulations that apply to your audience:
GDPR (General Data Protection Regulation): Enable if you have users in the European Economic Area or United Kingdom. This adds sections explaining users’ rights to access, rectify, erase, and port their data, plus how to contact your Data Protection Authority.
CCPA / CPRA (California Consumer Privacy Act): Enable if you have California users. This adds disclosures about the right to know, delete, correct, and opt out of sale of personal information.
COPPA (Children’s Online Privacy Protection Act): Enable if your site is not directed at children and you need to state that. Configure the minimum age (default: 13, or 16 for GDPR-strict deployments).
6. Generate and Copy
Click Generate Privacy Policy to create your policy. Three output tabs appear:
- Preview: Rendered view of the final policy — check all details are correct
- HTML Code: Clean, embeddable HTML with inline styles — paste into any webpage
- Plain Text: Formatted text — suitable for emails, PDFs, or CMS plain-text editors
Use the Quick Copy buttons at the bottom to copy either format with one click.
How to Add a Privacy Policy to Your Website
Once you have your generated privacy policy:
- Create a dedicated page at
/privacy-policyor/privacyon your website - Paste the HTML output into the page’s content area
- Add a footer link — this is required by most regulations and ad networks
- Link from cookie banners — if you show a cookie consent notice, link to the policy
- Update it when things change — if you add a new service or change data practices, regenerate and update
For common platforms:
- WordPress: Create a new Page, switch to HTML editor, paste the HTML output
- Squarespace / Wix: Add an HTML/Embed block to a new page
- Static HTML sites: Paste the HTML snippet into a
<main>section ofprivacy-policy.html - Shopify: Use the built-in “Privacy Policy” page editor and paste the plain-text version
Understanding Privacy Regulations
GDPR Key Requirements
The General Data Protection Regulation (GDPR) applies to any organization processing personal data of EU residents, regardless of where the organization is based. Key principles:
- Lawfulness: You must have a legal basis for processing data (consent, contract, legitimate interest, legal obligation, vital interest, or public task)
- Data Minimization: Collect only the data you need for the stated purpose
- Storage Limitation: Do not keep data longer than necessary
- Security: Implement appropriate technical and organizational measures
- Rights: Provide mechanisms for users to exercise their rights within 30 days
- Data Breach Notification: Notify authorities within 72 hours of discovering a breach
CCPA Key Requirements
The California Consumer Privacy Act (CCPA), updated by the CPRA, applies to for-profit businesses meeting revenue, data volume, or data sales thresholds:
- Right to Know: Tell consumers what personal information you collect and how you use it
- Right to Delete: Honor deletion requests with limited exceptions
- Right to Opt Out: Do not sell personal information without opt-out mechanism
- Non-Discrimination: Do not penalize users for exercising their rights
COPPA Key Requirements
The Children’s Online Privacy Protection Act (COPPA) applies to US websites and apps that knowingly collect personal information from children under 13:
- Get verifiable parental consent before collecting any personal data
- Post a clear and comprehensive privacy policy
- Provide parents the ability to review and delete their child’s information
- Do not condition participation on providing more personal information than necessary
Frequently Asked Questions
Is a generated privacy policy legally sufficient?
Generated privacy policies cover the most common scenarios and legal requirements, providing a solid starting point. However, for complex operations, high-risk data processing, or jurisdictions with specific requirements, you should have a qualified attorney review the document. The most important thing is ensuring the policy accurately reflects your actual data practices.
How often should I update my privacy policy?
Update your privacy policy whenever: you add or remove a third-party service, you start collecting a new type of data, regulations that apply to you change, or at minimum once per year as a good practice review. Update the effective date each time you make changes.
Do I need a cookie banner in addition to a privacy policy?
GDPR requires explicit consent before setting non-essential cookies (analytics, advertising). A cookie consent banner or cookie preference center is separate from — but should link to — your privacy policy. CCPA has different requirements around cookies and the “Do Not Sell” opt-out mechanism. The Privacy Policy Generator focuses on the policy document; consider a separate cookie consent solution for consent management.
What is the difference between HTML and plain-text output?
The HTML output is a self-contained snippet with inline CSS styles, ready to paste into any webpage without requiring external stylesheets. The plain-text output uses ASCII formatting (underlines, bullets) for readability without any markup — use it for email, PDF generation, or CMS platforms that do not support HTML.
Can I use this policy for a mobile app?
Yes. The generated policy covers both websites and mobile applications. If you are publishing on the App Store or Google Play, you will also need to provide the policy URL in the app store listing. Some app stores require accepting specific terms about children’s data if your app is accessible to minors.