Skip Navigation

You might ask: Why do we need a privacy policy? Does it matter what is in there? Can I use a policy I copied from another website? When you ask these questions, you are assuming your well-meaning organization doesn’t need such extravagant language, after all, you would never do anything mean or wrong with a user’s information, so what is the big deal? Isn’t this a bit excessive?

Why do I need a privacy policy?

If you ask for, track, or retain any information about a user, you need to tell them. This includes tracking Google Analytics, allowing blog comments, having a Contact Us form, taking online donations, using an email subscribe form, etc.

The goal of your privacy policy is to protect by informing. Even a small policy protects you from disgruntled people, and protects your users from surprises. The policy simply needs to tell people what you will and will not do with the information they entrust to you.

Asking for information is asking for trust, therefore a good way to ask is by including a privacy policy on your website. People want to know what you will do with their information, and are more willing to give it, if there is clear communication about what they can expect – just like in a face-to-face conversation. This transparency and clarity bolsters trust between you and your supporters, giving you a competitive advantage over those who aren’t willing to, or won’t spend the time communicating.

*In some cases privacy policies are required by law. Please check with your friendly neighborhood Juris Doctor for more information.

Does it matter what’s in my privacy policy? Can I use a policy copied from another website?

Sort of, and not quite. Your website is unique, and so is the information you collect – figure out what information you collect from your users, then determine what promises your organization wants to make about how you use that information.

You are making commitments to your users – it matters that you say what you mean, and mean what you say. All the reassuring in the world means nothing if it’s not true. For example, saying “We will not share information with any third parties” but collecting donations, means you are sharing information with the third part processing system, as well as any database vendors that information feeds into.

You’ve convinced me, but how do I write a privacy policy?

  • Be honest. Know what you collect, and figure out what you are doing with that information. This may mean checking with different people in your organization – do you track Google Analytics? Where do email signups go? What third party vendors store information? Who processes credit card donations? What partners or other stakeholders have access to information?
  • Write in your own voice, and in a way people can understand. Some things require legal jargon, but where possible, make this information accessible. If no one understands what you are committing to, it’s hard for them to trust you. While a small page, your privacy policy is part of your website, so make sure you own the content and the voice.
  • A good resource for a baseline template is available here.

Information is how we know and trust each other. It benefits you to know what information you collect. This allows your organization to build relationships, communicate, and serve users. What you do with that knowledge matters, so instill trust and confidence by providing your relationships with clear commitments via a written Privacy Policy.

Photo by Vintagedept.

Claire Kennedy headshot
Claire Kennedy
Claire values context, creativity, and joy. She uses these skills to help causes invest in the good of others.