Confused about the privacy policy requirements for your WordPress blog or website? Don’t worry. We had the same questions. So we did the research and found the answers. Privacy policy requirements can be involved but the answer is surprisingly straightforward.
Does your website or blog need a privacy policy? Yes, your website needs a privacy policy. The require policy text and clauses are determined by the features of your site. The more functionality on your site the more complex the privacy policy will be. User accounts, Google Analytics, tracking scripts, eCommerce, and advertising all factor into the final privacy policy requirements.
Feel overwhelmed? Do not fret, we will take this step by step. We will start with the privacy policy overview, explain why you need one, explore the options for creating policy and finish up with how to add it to your website.
Table of Contents
Privacy Policy Overview
A privacy policy is a legal document outlining how your website will handle is visitors, users, and customers personal information. The data collected varies from site to site and is based on website functionality. Technical factors can include:
- Cookies
- User Accounts
- Advertising & Remarketing
- Analytics
- Tracking Scripts
- Contact Form Fields
- Ecommerce or Online Sales
In addition to the technical factors, the physical location of your website, the location of your offline business and where your website targets its audience, all play a factor in the legal requirements.
Privacy Policy Link Location
Visitors looking for a privacy polity will typically look to the footer to find links to all the “Legal Pages.” You will be best served by placing a link to your privacy policy in the footer of every page.
Value of a Privacy Policy
Having a privacy policy and making it easy to find is a clear sign, that your website values its visitor’s privacy. In addition to feeling valued, users also know what to expect and what will be done with their information. Taking these steps will help protect your business from any legal issues.
Building Trust
In addition to mitigating any legal issues, a privacy policy helps you build trust with your visitors. The more they know what to expect the more they will trust the site.
GDPR
In addition to complying with local laws, there is a good chance your privacy policy needs to be GDPR compliant. GDPR is a European Union law that allows visitors to have more control over their personal data. GDPR stands for General Data Protection Regulation.
Default WordPress Privacy Template
WordPress, as of Summer 2019, includes a privacy policy template. This template is part of every new WordPress site. If you use this default template, it should be considered just a starting point. This template is NOT a complete policy.
If your site lacks a privacy policy, then start with the default template. Something is better than nothing. But, please consider a free or paid options below.
Free Privacy Policies
Moving up from the default privacy policy template, there are free privacy policy generators. These do pretty well. Many find them adequate for hobby sites, sites that do not let users log in or sites that are not selling anything.
Many times these free privacy policies are do not go into there greatest of detail and will ask that you include a link back to them in return for using their service. If you can get by with a free policy then great, free is a great way to go.
If your site is more advanced and allows people to log in, collects any data, sets advertising or persistent cookies, then you should really consider a paid privacy policy.
Paid Privacy Policies
If your site makes money or represents a physical business then a paid privacy policy is the only option. Paid policies are generally created by answering several questions about your business, website functionality and information collected from users.
Paid Privacy Policies typically cost between $50 and $250.
There are many Paid Privacy Policy Generators and some are better than others. Later in the article, we go into what to look for and these services we have tested and recommend.
Why WordPress Needs a Privacy Policy
WordPress needs a privacy policy because at its core visitors can create accounts and make comments on pages and posts. These two actions use cookies to make the process easier. These cookies become persistent identifiers of visitors to your site, requiring you to need a privacy policy.
In addition to these two cookies, WP plugins can set dozens of other cookies. These can be for tracking, online sales, and just about anything else that a website can do.
Do you have a contact form or allow users to signup for a newsletter? Then you are definitely collecting personal information. All of this data becomes part of the basis for needing a privacy policy.
The biggest reason that you need a privacy policy is that most countries around the world require one. In California, the California Online Privacy Act (CalOPPA) says if you collect any personal information you are required to have a privacy policy. This information can be GPS location, phone numbers, email addresses, etc.
Another reason for a privacy policy is that many services you run on your website require one. These services can be Google Analytics, Bing Advertising, Google Advertising, Hubspot, Salesforce, or any of a number of online tools and platforms.
Finally, WordPress needs a privacy policy because people want to know what data is being collected on them. As big data continues to grow, true privacy continues to decline and it is important that everyone respects privacy as much as possible.
When you add a privacy policy to your website and abide by it, you are doing the right thing, These clear and transparent acts are good business and help you to be a more credible and trustworthy source in your visitor’s eyes.
Cookies that WordPress Uses
As mentioned previously a default or core WordPress install always uses two cookies:
- User Session
- User Comments
These cookies are used anytime a user creates an account, logs in to your site, or leaves a comment on a post or page. By default, the Users session cookie is set for 15 days and the comment cookie is set for just under 1 year.
Want to learn more about WordPress Cookie? We put together a really helpful post that goes into great detail about the Cookies used in WordPress.
These two cookies are just the start of what can be used on your website. Use items with toggle states? There can be cookies there. Use Google Analytics? Tracking cookies are being set there. Advertising and remarketing? More cookies are being set there. Have a shopping cart? You know the shopping cart will be setting lots of cookies.
It is easy to see how the two core cookies used WordPress core can quickly turn into dozens that are used during every session on your website. If you are using lots of cookies it is best to get and add a cookie policy to your website.
Privacy Policy Generator Options
There are several options for getting a privacy policy:
- The template WordPress Gives You
- Free Privacy Policy Generator
- Paid Privacy Policy Generator
- Hire a team of lawyers
Now, which is the correct solution for your website? A good starting point is if your website makes money online or represents an offline business.
If Your website does not make money, free can be an option. If it makes money then you will probably need a paid policy.
Free
The plus side to the free option is just that it is free. If your site is a hobby site just getting started then the included WordPress template or a free generator is a good way to go.
The free policy will not be as perfect as the paid but it does show that you are making an effort to be transparent about data collected your visitor’s privacy.
Paid
If you are a business with any assets or make money online, it is best to go with a paid version. A paid version will be more detailed, have greater specificity and give you somewhere to go should you have any questions.
Hopefully, it is clear that no matter what type of site you have, you need a privacy policy. The worst choice to make is no privacy policy at all, and with the free options, there is not really a reason to do nothing.
Builtin WordPress Privacy Policy
Free Privacy Policy Generator Options
There are not many detailed free privacy policy generators. A few companies have free options. If you are a business or do have any website functionality, you will need to get a paid option.
Here are a few free options, just know that they may include a link back to the generator or the free option will turn into a paid option depending on your requirements
Privacy Policy Online
https://www.privacypolicyonline.com/privacy-policy-generator/
This one is actually a very good option for a free privacy policy. They ask a few questions during the creation process and then provide you with the policy. They do not ask for an email address to send it to. The only email address the request is the one that will be used as the contact for the policy.
If you are looking for a basic free policy this could you best option.
Paid Privacy Policy Generator Options
Terms Feed
They offer several excellent paid privacy policies as well as quite a few other legal docs for websites. If you think you may need other documents such as a term of service or cookie policy, then Terms feed could be a good option. Getting all the legal documents from one location makes updating them or remembering where they came from much easier two years from now.
How to Add a Privacy Policy to WordPress
Once you have your privacy policy it is time to create a privacy policy page, add the copy, and publish it. This can be done in several ways. Essentially you are creating a new WordPress page and adding the content. Since the Privacy policy is a special page WP has a backend setting for it which helps. Here are the steps to do this
In the backend go to Settings > Privacy
Once you are there you can then select an existing WordPress page or create a new one. For our example, we will create a new page.
Click “Create New Page”
You are now taken to a screen to edit the new privacy policy page. Many elements of the page have been already been entered. They are:
- Title: Privacy Policy
- Permalink: privacy-policy
- Privacy Policy Text
At this screen you will default WordPress Privacy Policy text or add the privacy policy text you got from another source in an earlier step.
NOTE 1: in the above example it is privacy-policy-2 because we already had a privacy policy created.
NOTE 2: the above screen shots show the text from the WP default template. You will most likely be getting your text from another source. If this is the case just clear out the text WP added and paste in your new privacy policy text.
Once you have everything set the way you want to click the publish button on the backend.
How to set the privacy policy in WP Backend
If you just went through the step of creating and adding a new privacy policy you do not need to worry about this step.
This step is for those who have an existing up to date privacy policy.
If your existing privacy policy is good then just make sure that it is selected from the dropdown of all your pages.
Once this is done WordPress knows which page is the privacy policy and will use it when search engines or other online platforms request it.
Link to your Privacy Policy
Adding the privacy policy is the first and most important part of the task. The second part is to link to it so that all visitors know where to find it. The most common place to place a link is in the footer and the link text should be “privacy policy”.
When you look at standard web conventions the footer is where users expect to see legal or housekeeping pages. If you have other pages such as terms of use, cookie policy, contact or about it is best to group all of these pages together.
A final usability tip is to set the link text as “Privacy Policy” this is what users are expecting to see and now is not the time to get clever or cute. If they are looking for your privacy policy make it easy to find by putting it in the footer and easy to understand by using the link text of “privacy policy”
Additional Required Legal Pages
Along with the privacy policy, you will commonly see:
- Terms and Conditions (sometimes called Terms of
- Use or Terms of Service)
- Cookie Policy
- Refund Policy (if it is eCommerce)
Getting into the details of these documents is outside the scope of this post but you can follow the above links to find out more.
We have found when including these documents it is best to link to them in the same location and if possible obtain them from the same source. We have found that Terms Feed is a great place to get these documents especially when you need more than one.
Conclusion
Your website needs a privacy policy even if it is a simple hobby site. A privacy policy lets visitors and users know what to expect and how you will handle the data you collect on them. The more features and functionality your website has the more detailed the policy needs to be.
Privacy policies can be created in WordPress. This is a very basic starting point. The next level up is a free privacy policy generator. These are great for personal sites and sites that do not make money online. The next level is a paid privacy policy generator. These can get very detailed and provide clauses for a wide range of sites. These paid options can range from $50 to $150.
The most important aspect of a privacy policy is to have one. It can feel overwhelming but if you add one or use one of the generators mentioned you will be in better shape than not having one at all.
Additional Resources
Wikipedia: Privacy Policy Entry
Terms Feed: 4 Reasons You need a privacy policy
Thoughts or suggestions? Please let us know in the comments!
Steven Johnson, a WP Hosting Reviews senior editor, works from Atlanta and covers all things related to WordPress and Hosting.
He graduated from Georgia Tech in Chemical Engineering, has managed hosting companies and now builds WordPress and Joomla Websites for small to medium companies full time.
