Data Privacy Policy Template
Template for Data Privacy Policy. Customize this template for your specific needs.
Professional Review Required
This document involves significant legal, financial, or compliance considerations. You must have a qualified professional review and approve this document before use. Do not rely on this template as legal advice.
Document: Data Privacy Policy
Template Preview
Version 1 • Last updated 6/4/2026
Privacy Policy
Educational template — not legal advice. This template is a starting point only. Privacy law is complex and jurisdiction-specific. Have a qualified privacy lawyer review and adapt it to your actual data practices before you publish it. PropoDoc is not a law firm.
Effective date: [Date] Organisation: [Your legal entity name]
This Privacy Policy explains how [Organisation] ("we", "us") collects, uses, shares, and protects personal information when you use [your website, app, or service].
1. Who we are
We are [legal entity name], located at [registered address]. For any privacy question or request, contact us at [privacy contact email]. [If required, name your Data Protection Officer or EU/UK representative here.]
[Reminder: confirm with your lawyer whether you must appoint a Data Protection Officer or a representative in the EU/UK.]
2. Information we collect
Information you give us directly:
- [e.g., account details such as name and email address]
- [e.g., payment information, processed by our payment provider]
- [e.g., content, messages, or files you submit]
Information we collect automatically:
- [e.g., IP address, device and browser type]
- [e.g., usage and analytics data]
- [e.g., cookies and similar technologies — see section 7]
[Reminder: list every category of personal data you actually handle. Have your lawyer confirm the categories and any special or sensitive data that needs extra protection.]
3. Why we use your information and our legal basis
We use your information to:
- [Purpose 1 — e.g., provide and operate the service] — legal basis: [e.g., performance of a contract]
- [Purpose 2 — e.g., process payments and prevent fraud] — legal basis: [e.g., legitimate interests / legal obligation]
- [Purpose 3 — e.g., respond to support requests] — legal basis: [e.g., legitimate interests]
- [Purpose 4 — e.g., send marketing communications] — legal basis: [e.g., consent]
[Reminder: under GDPR-style laws, every use needs a lawful basis. Marketing usually requires consent. Have your lawyer confirm the basis for each purpose.]
4. How we share your information
We share personal information with:
- [Service providers — e.g., hosting, payment processing, analytics, email delivery]
- [Professional advisers, where necessary]
- [Authorities, where legally required]
We do not [sell / share] your personal information [except as described here].
[Reminder: list your real third parties and sub-processors. State whether "sale" or "sharing" occurs under CCPA/CPRA, and have your lawyer confirm the disclosures.]
5. International data transfers
[State whether data is transferred outside your or the user's country, and how those transfers are protected, e.g., standard contractual clauses.]
[Reminder: cross-border transfer rules are technical and change often — confirm the safeguards with your lawyer.]
6. How long we keep your information
We keep personal information for [period or the criteria that determine it], after which we [delete or anonymise] it. [Describe retention by category where they differ.]
[Reminder: be able to justify each retention period. Have your lawyer confirm any legal minimum or maximum.]
7. Cookies and tracking
We use cookies and similar technologies to [e.g., keep you signed in, remember preferences, and measure usage]. You can control non-essential cookies through [your cookie banner / browser settings].
[Reminder: many regions require consent before non-essential cookies load. Confirm your cookie banner and consent flow with your lawyer.]
8. Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your data
- Object to or restrict certain processing
- Receive your data in a portable format
- Withdraw consent at any time
- Opt out of the sale or sharing of your data
To exercise any right, contact us at [privacy contact email]. We will respond within [the period required by law].
[Reminder: only list rights you can actually honour, and make sure you have a working process for each.]
9. How we protect your information
We use reasonable technical and organisational measures to protect personal data, including [e.g., encryption in transit, access controls, and regular reviews]. No method of transmission or storage is completely secure.
[Reminder: describe real measures, and do not overstate them.]
10. Children's privacy
[State whether your service is intended for children and how you handle children's data, if at all.]
[Reminder: children's data is subject to stricter rules in many places — confirm your obligations with your lawyer.]
11. Changes to this policy
We may update this policy from time to time. When we do, we will change the effective date above and [describe how you notify users of material changes].
12. Contact us
If you have any question or complaint about this policy or your data, contact us at [privacy contact email]. [If applicable, name the regulator users can complain to.]
Reminder: this is a template, not a finished, compliant policy. Have a qualified privacy lawyer review it against your actual data practices and the laws that apply to you before you publish it. PropoDoc is not a law firm.
About this Template
Part of the Data Privacy Policy document collection
Document Type
Data Privacy Policy
How you collect, use, store, and protect personal data — and users' rights.