Home/Legal/Privacy policy generator
Free tool, no signup

A starter privacy policy in 3 minutes.

Answer 8 questions, get a Markdown or text file you can drop straight into your site. GDPR-aware, CCPA-aware, COPPA-aware. Free, no email required. Not legal advice, but a defensible starting point.

Your details

Live preview

# Privacy Policy **Effective June 15, 2026** · **Last updated June 15, 2026** This Privacy Policy explains how Acme Inc. ("we", "us", "our") collects, uses, and shares personal information when you visit https://example.com, use any service we provide, or otherwise interact with us. ## 1. Who we are We are Acme Inc., the data controller responsible for the personal information described in this policy. You can reach us at [email protected]. ## 2. Information we collect We collect the following categories of personal information: - Identifiers (name, email, phone) - Account credentials (passwords, login tokens) - Device data (IP address, browser, OS) - Communications (chat, email, voice) We do not knowingly collect more than we need to provide our service. ## 3. How we use information We use the information we collect to: - Provide and improve our service. - Communicate with you about your account. - Process payments where applicable. - Detect, investigate, and prevent fraud. - Comply with legal obligations. - Send marketing communications you have opted into, which you can opt out of at any time. ## 4. Legal bases for processing (GDPR) Where the EU or UK GDPR applies, we rely on one or more of the following legal bases: - **Contract** for processing necessary to provide our service to you. - **Legitimate interests** for fraud detection, service improvement, and security. - **Consent** for marketing communications and any optional cookies. - **Legal obligation** for tax, accounting, and other statutory requirements. ## 5. Who we share information with We share personal information with the following categories of service providers, each of which acts as our processor and is contractually bound to protect your data: - Stripe (payments) - Google Analytics or Plausible (analytics) - Cloud hosting (AWS, GCP, DigitalOcean) We do not sell personal information. For California residents, this includes the meaning of "sell" under the CCPA. ## 6. International transfers Personal information may be transferred to, and processed in, countries outside your country of residence. Where required, transfers from the EEA, UK, or Switzerland are protected by Standard Contractual Clauses or another appropriate safeguard. ## 7. Data retention We retain personal information for as long as needed to provide our service and for the following additional periods: - Account data: for the life of the account, plus 90 days after closure. - Payment records: 7 years (US and EU tax requirements). - Support communications: 3 years. - Marketing preferences: until you opt out. ## 8. Your rights Depending on where you live, you may have the following rights: - Access to the personal information we hold about you. - Correction of inaccurate information. - Deletion, subject to legal retention requirements. - Portability of information you have provided. - Objection or restriction of certain processing. - Withdrawal of consent at any time, without affecting prior lawful processing. To exercise these rights, email [email protected]. ## 9. California residents (CCPA and CPRA) If you are a California resident, you have the right to know what personal information we collect, to request deletion, to opt out of sale or sharing for cross-context behavioral advertising, and to non-discrimination for exercising these rights. We do not sell or share personal information in the CCPA sense. To exercise any right, email [email protected]. ## 10. Security We protect personal information using encryption at rest and in transit, role-based access controls, multi-factor authentication for administrative access, and regular security reviews. No system is perfectly secure, but we treat it like one might fail tomorrow. ## 11. Cookies and similar technologies We use a small number of strictly necessary cookies to operate https://example.com, plus optional analytics cookies if you consent. See our cookie banner or settings page for details and controls. ## 12. Children's privacy Our service is not directed to children under 13 (or under 16 in the EEA and UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, email [email protected] and we will delete it. ## 13. Changes to this policy We may update this policy from time to time. We will post the new effective date at the top of this page and, where the change is material, notify you by email or in-product banner before it takes effect. ## 14. Contact Questions, requests, or complaints: [email protected]. For unresolved EU concerns, you have the right to lodge a complaint with your national data protection authority. --- _This policy was generated with the free [Message.com privacy policy generator](https://www.message.com/legal/privacy-policy-generator). It is a starting point only, not legal advice. Have a lawyer review before publishing._
Not legal advice. This is a starting point you can refine. Have a lawyer in your jurisdiction review before you publish, especially if you process special-category data, sell consumer goods to children, or operate in healthcare, finance, or education.