Privacy policies tend to be a tough proposition for early stage entrepreneurs and established companies alike. Some founders aren't clear on when they need to post privacy policies, while others have a hard time complying with their own policies. This article is just a brief introduction to privacy policies and will provide you with some background on when you should use them. If you want to learn more on the topic of privacy policies, just visit our Privacy Policy resource page. 

When do you need a Privacy Policy?

Most states in the US, such as California, and international jurisdictions have strict laws (like these ones in California) around collection, use, and sharing of personal information.  To varying degrees, these laws require websites or mobile app operators who collect personally identifiable information from their users and visitors to conspicuously post a privacy policy and to comply with that policy. Each jurisdiction has slightly different requirements but the common thread is that you should conspicuously post a privacy policy on your site if you collect any personally identifiable information from your website or app users or visitors and you should comply with your own policy.

For example, you need a privacy policy if your website or mobile app collects any of the following from California residents: 

• A first or last name;
• A home or other physical address, including street name and name or a city or town;
• An email address;
• A telephone number;
• A social security number; 
• Any other identifier that permits the physical or online contacting of a specific individual; or
• Information concerning a user that the website or online service collects online from the user and maintains in personally identifiable form in combination with an identifier described above.

How can you meet the "conspicuously post" requirements?

That's easy! Just follow these steps:

1. Post your privacy policy on the home page of your website, on the first significant page after entering a website (after your splashy welcome page) or within 2 taps on your app (usually "settings" >> "privacy");
2. Use an icon or text link that hyperlinks to a web page on which the actual privacy policy is posted. The link should contain the words "privacy" in a color that contrasts with the background color of the web page. If you are linking to your privacy policy from within your app, it is recommended that you host your privacy policy on a separate, external website so that you aren't forced to resubmit your app to an app marketplace every time you update your privacy policy;
3. The link to your privacy policy should be in capital letters, equal to or greater in size than the surrounding text (for example: PRIVACY POLICY).

Startup Documents offers a fairly comprehensive Privacy Policy template generator. Remember to always consult with a lawyer if you have any questions!

Next article: How companies collect and use personal information