How You Should Write a Privacy Policy – in a friendly way!


Something that is either overlooked, ignored or can be completely bloated is a privacy policy. Even if you’re running a small blog or portfolio website, by law, you must have some form of a privacy policy. The only absolute exception you can have to not include one is if you are 100% sure that your website or server does not take any user information – including things like device information or even a singular IP address. Any type of data that is obtained through visiting your website must be stated.

Photo by Lianhao Qu on Unsplash

You’re probably collecting data without knowing it.

Even if you think your website doesn’t take data, it’s more than likely the server your website is hosted on does. By default, websites hosted with cPanel and Apache log every single connection to your server and by extension, your website. Although you may not look at these logs – they will still be collected and stored and since you might not look at them, it’s likely that they’ll stay on your server for a very long time.

What’s The Basics?

Privacy Policies are often completely overcomplicated, with more information than you really need to read. Unless you’re a company like Google that takes any data you give it and turns it into a magic unicorn 🦄 or something along those lines… You really do not need to make a complicated privacy page.

The example I always use when discussing privacy policies is Britain’s very own government. GOV UK has, what some people may find, an unbelievably short privacy policy – and it includes everything you, as a customer/visitor needs to know!

Granted, if you’re taking payment information and other, more personal information, you’re going to need to extend your privacy policy to account for this, but for the most part, you will only need these headers.

Headings for ANY Privacy Policy

  • What data you collect
  • Why you need their data
  • How you process the data you collect
  • What you do with their data
  • (and in some cases) Links to other websites

Other Topics to Include

Sometimes, it’s a good idea to include contact information at the bottom of the page and if you’re a registered business, this is a great place to put your company number, registered address and anything that people need to find out more about the business.

In addition, it’s important to let your customers/visitors know when your privacy policy receives an update so that they can be comfortable giving their data to you. At the bottom of your privacy policy, adding a heading called “Changes to this policy” with information about when it was last updated is a good idea too.

What Do I Write?

You only need to write what you legally need to tell your customers/visitors and what they should (morally) know. Under each heading, write a paragraph that explains what you’re collecting, how it’s used, making sure that you reassure your visitors that their data is being handled securely. If it isn’t, then your new priority is website security, which I’ve also written an article on which I suggest you read!

The way I’ve found best to show what data you collect is through creating a table that mentions any technologies you use (like analytics programs), submission forms, etc.

My privacy policy has this table (see below), which I recommend you try on your site as this is one of the easiest ways to show how your website collects data!

Ben GreenConfirm if you have closed the privacy policy and terms of service popup and cache any images and appearance files. This cookie does not contain any tracking or malicious code.
Google AnalyticsProvides me with real-time tracking information about the device you are using, your IP address and how you are using the website so I can make appropriate changes to enhance your experience. This cookie contains tracking code to tell if you are a returning or new visitor.
Google reCAPTCHATo prevent misuse and spam attempts on our submission forms, we operate reCAPTCHA v3 by Google. This is a clickable box that takes steps to verify you are a human and not attempting to maliciously submit forms.

Once you’ve gone through each header and you feel that you’ve covered each header in enough detail to satisfy your visitors, save your page and make sure that it’s linked on your website – a good place being your footer! It doesn’t have to be front and centre, but if it’s at the bottom of a page, it’ll be noticed by those who want to find it.


If you’re unsure how to get started writing a privacy policy, look around well-established websites, like the government or businesses similar to yours. Make sure to account for all the technologies that you use and you can always refer to their own privacy policies if you’re not 100% sure on what they do.

Another part of a privacy policy, that I haven’t gone through in this post but is vital, are cookies. Cookies are files placed on the visitor’s device that store information like login data, analytics code or referral information. Making sure you have a cookie popup bar if you need one is the easiest ways to ensure your visitors know they exist.

If in doubt, it’s always best to get a legal consultant to help write or check over your privacy policy as this is a legally binding document between your business/you and the visitor of your website, along with being something necessary by law.

Lots of websites are available to automatically generate privacy policies, which are good but sometimes include some not so friendly language for your customers. At the end of the day, it’s important that you choose the way to address your visitors/customers and make sure that they trust you to do their business with.

Since this is my website, I should probably point out that you can hire me to make a privacy policy for you, on top of optimising your website for search engines and mobile devices. If you’re interested, let’s get talking and submit your project enquiry 🙂

Thank you for reading my blog post, if you have any feedback or questions, please email me and I'd love to have a conversation with you! This article was written on October 30, 2020.