Privacy Policy Generator

The privacy policy generator produces a GDPR and CCPA compliant privacy policy for any website or app. Toggle sections for your specific data practices, email collection, analytics, cookies, advertising, and get a complete document instantly. No account needed. Copy or print to PDF.

Completeness

50%

About Your Website

Website / App Name *

Website URL

Company / Owner Name *

Contact Email *

Physical Address (optional)

Effective Date

Governing Jurisdiction

Compliance Scope

My site has users in the EU / EEA / UK

Adds GDPR-specific sections: legal basis for processing, data subject rights, supervisory authority complaints

My site has users in California (USA)

Adds CCPA section: right to know, right to delete, opt-out of sale, non-discrimination

Minimum Age Requirement

Adds COPPA-aware language for children under 13.

Data You Collect

Contact / inquiry forms

You have a contact form that collects name, email, and message

User account registration

Users can create accounts with name, email, and password

Email newsletter / mailing list

You capture email addresses for marketing or update emails

Payment processing

You sell products or services and collect billing information

User-generated content

Users can post comments, reviews, ratings, or upload files

Analytics, Cookies & Third Parties

Website analytics

You track page views, sessions, and usage behavior

Analytics Provider

Functional / session cookies

Cookies needed to remember preferences or keep users logged in

Advertising / targeting cookies

Third-party cookies used to serve personalized ads

Third-Party Integrations

Google Ads / AdSense

You run ads through Google's advertising network

Meta (Facebook) Pixel

You track conversions or retarget users via Meta

Stripe (payments)

You use Stripe to process payment cards

PayPal (payments)

You use PayPal as a payment option

Email marketing service

e.g. Mailchimp, ConvertKit, ActiveCampaign

Social media embed buttons

Share / follow buttons from Twitter, LinkedIn, Instagram, etc.

YouTube video embeds

You embed YouTube videos on your pages

Data Retention

How long you keep personal data before deleting or anonymizing it. 2 years is a common default for contact data. Tax records typically require 7 years.

Live Preview (15 sections)

Our Website

Last Updated: April 19, 2026

GDPR Compliant

CCPA Compliant

COPPA Aware

1. Introduction

This Privacy Policy ("Policy") describes how we ("we", "us", or "our") collects, uses, and shares information about you when you use our website (the "Site"). This Policy is effective as of April 19, 2026.

By accessing or using the Site, you acknowledge that you have read and understood this Policy. If you do not agree with it, please stop using the Site immediately.

We may update this Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. We encourage you to review this Policy periodically to stay informed.

2. Information We Collect

We collect the following categories of information:

Contact information (name, email address, and message content) when you submit a contact or inquiry form.
Usage data including pages visited, time spent on each page, links clicked, browser type, device type, operating system, and approximate geographic location derived from IP address.
Cookie identifiers and similar tracking technologies placed on your device when you visit the Site.

We do not collect sensitive personal information such as government identification numbers, health data, or financial account numbers beyond what is strictly necessary to provide a purchased service.

3. How We Use Your Information

We use the information we collect for the following purposes:

To respond to your inquiries and provide customer support.
To understand how visitors use the Site using Google Analytics, enabling us to improve content and functionality.
To monitor and analyze usage patterns to maintain and improve the security, reliability, and performance of the Site.
To comply with applicable laws, regulations, and legal processes, and to enforce our Terms of Service.

We will not use your information for any purpose that is materially different from those disclosed in this Policy without your explicit consent.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

Legitimate interests, responding to contact form submissions to provide the service you requested.
Legitimate interests, analyzing website usage to maintain and improve the Site, balanced against your right to privacy.
Legal obligation, processing data where required by applicable law or to protect the rights and safety of our users.

Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

5. Cookies and Tracking Technologies

We use cookies, small text files stored on your device, and similar technologies such as web beacons and pixel tags. We use the following categories of cookies:

Strictly necessary cookies: Required for the Site to function correctly, such as session state, security tokens, and user authentication. These cannot be disabled.
Functional cookies: Remember your preferences (such as language, region, or display settings) so you do not need to re-enter them on subsequent visits.
Analytics cookies: Placed by Google Analytics to collect anonymized data about how you interact with the Site. This data is used in aggregate to understand usage patterns and improve the Site.

You can control and delete cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Site. Most browsers allow you to view, manage, delete, and block cookies via their settings menus.

In accordance with GDPR and the ePrivacy Directive, we obtain your consent before placing non-essential cookies on your device. You may withdraw or change your consent at any time.

6. Third-Party Services

We uses the following third-party services that may collect or process your information. Each third party's data practices are governed by their own privacy policy:

Google Analytics (Google LLC): Collects anonymized usage data. Google may process this data on servers outside your country. See Google's Privacy Policy at policies.google.com/privacy. Opt-out: tools.google.com/dlpage/gaoptout

We are not responsible for the privacy practices of these third parties. We encourage you to review their respective privacy policies.

7. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

Service providers: We share information with trusted third-party vendors who help us operate the Site (such as hosting, analytics, and payment processors). These vendors are contractually required to keep your information confidential and use it only for the services they provide to us.
Legal requirements: We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect the rights, property, or safety of ourselves, our users, or the public.
Business transfers: If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is subject to a materially different privacy policy.
International transfers: If we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

We require all third parties to maintain appropriate security measures and to treat your personal data in accordance with applicable law.

8. Data Retention

We retain personal information only as long as necessary to fulfill the purposes described in this Policy, or as required by law. Our general data retention period is 2 years. Specific retention periods:

Contact form submissions are retained for 2 years and then securely deleted.
Analytics data is retained in accordance with the settings of Google Analytics and our internal data minimization policy.

When data is no longer needed, we delete it securely or anonymize it so that it can no longer be associated with you.

9. Data Security

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted data transmission (HTTPS/TLS), access controls limiting who can view personal data, and regular review of our security practices.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the secrecy of any passwords associated with your account.

10. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights regarding your personal data under GDPR:

Right of access: You may request a copy of the personal data we hold about you.
Right to rectification: You may request that we correct inaccurate or incomplete personal data.
Right to erasure ("right to be forgotten"): You may request that we delete your personal data where there is no compelling reason for its continued processing.
Right to restriction: You may request that we restrict processing of your personal data in certain circumstances.
Right to data portability: You may request that we provide your data in a structured, machine-readable format for transfer to another controller.
Right to object: You may object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time without affecting prior lawful processing.
Right to lodge a complaint: You have the right to file a complaint with your local supervisory authority (e.g., the ICO in the UK, or your national data protection authority in the EU).

To exercise any of these rights, please contact us at [contact email]. We will respond to all requests within 30 days, or notify you if we require more time. We may need to verify your identity before processing your request.

11. Your Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and its amendments:

Right to know: You may request that we disclose what personal information we have collected about you, the sources of that information, the business purpose for collecting it, and the categories of third parties with whom we share it.
Right to delete: You may request that we delete personal information we have collected about you, subject to certain exceptions.
Right to correct: You may request that we correct inaccurate personal information.
Right to opt out of sale: We do not sell your personal information. If this changes, we will provide explicit notice and a "Do Not Sell My Personal Information" link.
Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To submit a request, contact us at [contact email]. We will verify your identity and respond within 45 days, with one 45-day extension if needed.

12. Children's Privacy

The Site is not intended for use by persons under the age of 13. We do not knowingly collect personal information from persons under the age of 13.

In compliance with the Children's Online Privacy Protection Act (COPPA), if we become aware that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information immediately. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [contact email].

13. Links to Third-Party Websites

The Site may contain links to external websites that are not operated by us. Clicking a third-party link will direct you to that site. We have no control over and assume no responsibility for the content, privacy policies, or practices of third-party sites. We strongly advise you to review the privacy policy of every site you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by updating the effective date at the top of this page.

For material changes that affect how we use your personal information, we will provide a prominent notice on the Site or, where appropriate, send you a notification by email. We encourage you to review this page periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

Email: [contact email]

If you are based in the EU/EEA, you also have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk.

This Privacy Policy was generated by ToolCenterHub. Review it carefully before publishing. For regulated industries, consult a qualified attorney.

Free privacy policy generator: what your policy must cover

A compliant privacy policy must disclose: what personal data you collect from users, how you collect it (forms, cookies, analytics), why you collect it (the legal basis under GDPR), how you use the data, who you share it with and why, how long you retain it, what rights users have over their data, and how to contact you to exercise those rights. The free privacy policy generator covers all of these disclosures with toggle sections that activate or deactivate clauses based on your actual data practices.

For GDPR compliance, the policy must identify the legal basis for each category of processing: consent, legitimate interests, contract performance, or legal obligation. For CCPA compliance, the policy must disclose what categories of personal information are collected, the business purposes, whether the information is sold, and California residents' right to opt out of sale. The generator produces language addressing both regulations simultaneously.

GDPR privacy policy generator: when a privacy policy is legally required

A privacy policy is legally required whenever you collect any personal data from users in jurisdictions covered by GDPR (European Union), CCPA (California), PIPEDA (Canada), or equivalent national or state laws. Personal data includes names, email addresses, IP addresses, cookies, behavioral data collected by analytics, and any other information that can identify an individual directly or indirectly. Any website with a contact form, newsletter signup, or analytics tracker collects personal data and requires a policy.

Beyond legal compliance, privacy policies are required by most advertising networks (including Google AdSense and Google Analytics), app stores (Apple App Store and Google Play), and affiliate programs as a condition of participation. Even websites in jurisdictions without a privacy law may be required to have a policy by the platforms they use. The gdpr privacy policy generator output satisfies these requirements and can be published to any web page or app store listing.

Frequently asked questions

Yes, in practice. Any website that collects personal data, including email addresses through a contact form, IP addresses logged by a server, or behavioral data through analytics, is subject to privacy laws in the jurisdictions of its users. GDPR applies to any site with EU visitors regardless of where the site is hosted. CCPA applies to sites with California-based users that meet certain revenue or data volume thresholds. Publishing a clear privacy policy is required by law in most cases and by advertising platforms universally.

GDPR (General Data Protection Regulation) is the EU privacy law requiring explicit legal basis for data processing, user rights including erasure and portability, and mandatory data breach notification. CCPA (California Consumer Privacy Act) focuses on the right to know what data is collected, the right to delete, and the right to opt out of the sale of personal information. GDPR is broader and more prescriptive; CCPA is more focused on transparency and consumer choice. The generator produces a policy that addresses both.

A compliant privacy policy must include: the identity and contact details of the data controller, what personal data is collected and why, the legal basis for processing (GDPR), how long data is retained, who the data is shared with, what cookies and tracking technologies are used, users' rights (access, deletion, portability, objection), how to file a complaint with a supervisory authority, and how users will be notified of changes to the policy.

For websites with significant user bases, advertising revenue, or that operate in regulated industries such as healthcare, finance, or services targeting children, legal review is strongly recommended. The generated policy provides a solid, compliant foundation but cannot account for jurisdiction-specific nuances, industry-specific regulations (HIPAA, COPPA, PCI-DSS), or your specific business structure. For personal blogs and small business sites, the generated policy is a practical and commonly used solution.

Related tools

Generate complete terms of service for any website or app.

Disclaimer Generator

Generate a professional disclaimer for any website or blog.

NDA Generator

Create a non-disclosure agreement between two parties.