How to Make a Privacy Policy That Customers Love

Customers Love Their Privacy -- Do They Love Your Privacy Policy?

How to Make a Privacy Policy
How to Make a Privacy Policy. John Lamb / Photographer's Choice RF / Getty Images

Ecommerce has brought about a change in the way we look at data. While consumers were once ignorant of the fact that their personally identifiable information was insecure, issues surrounding popular companies like Facebook, Google, and Apple have brought privacy into the limelight. Surprisingly, many ecommerce businesses have failed to catch on to the fact that this issue relates to them. That's my motivation for answering the "how to make a privacy policy" question.

If your customers are concerned about their privacy, so should you. Failing to properly address the issue could have a huge impact on the credibility of your company. And an ecommerce business without credibility is no business at all. That is why crafting and adhering to a sound privacy policy is very important.

Why Have A Privacy Policy?

There are many reasons to have a privacy policy that reflects the needs of your customers, and also unambiguously states the way you deal with private information.

  • A Privacy Policy Offers Some Amount of Legal Cover

    Being clear about what you do with sensitive information can save you from lawsuits – from customers as well as from other businesses. If you are sued, you can show that you had a publicly stated privacy policy that you adhered to.
  • A Privacy Policy Can Protect Your Affiliates

    If you have an affiliate program, the affiliates that you work with have a legal connection with your business. If one party makes a mistake, the other one could suffer an adverse outcome as a result. So, a privacy policy that delineates the way information is collected and shared between you and your affiliates is important.

    How to Make a Privacy Policy

    Some privacy policies are short and others run into many pages of legalese. What you choose to include depends on how specific you want to be. Different ecommerce websites take a different point of view on this count. Some have​ the privacy policy as a separate webpage while others prefer to keep it as part of the "terms and conditions" page or the "terms of service" page.

    What Should a Privacy Policy Include?

    • What Information You Collect

      Be clear about what user data you collect. For example: name, email, demographic information like age, location, interests, shopping records, clickstream and the like. You may also want to say what you will never collect, e.g., bank details. Knowing exactly what information you plan on storing and using will make your customers more comfortable. Note that there might be data that gets collected by your web host without a deliberate act on your part. Make sure you talk about that too. And if you store cookies on the customer's computer, this might be a good place to mention that too.
    • What You Do With It and Who Else Do You Share It With

      Here is a list of some of what you might end up doing with the data:
      • Improve products, services, or the website
      • Contact customers with promotional offers
      • Send invitations to market research studies
      • Sell the data to third parties (of course if you did this, you would be repelling customers en masse)
      • Not sell the raw data, but allow promotional messages to be sent by third parties.
      In many territories, you need to specifically mention the third parties who have access to your customer data. In addition, there might be other legal requirements for a privacy policy in the rapidly evolving ecommerce legislation landscape.
    • How You Protect It

      Many privacy policies do not state this, but you could consider talking about the protections you have in place to ensure security – software, employee protocols, and the like. This is another place where mention of cookies and their use is relevant.
    • How Customers Can Opt Out

      Not all customers will be comfortable with giving you permanent access to their personal information. You have to respect that choice. Provide them a means of opting out, such as a box to check they can check. Let them know that they can contact you to have themselves removed from your emailing list. If you offer them the option of avoiding cookies, it is perfectly fine to tell them about the website features that will not be available to them as a consequence.


    Whether you choose to have a quick privacy policy that covers the basics or a long one that spells out every detail, make sure that you have a legally compliant, easily found privacy policy.

    It keeps you safe and your customers happy. It also helps to eliminate misunderstandings and keeps you accountable for the data you collect.

    Also, note that there is no such thing as the perfect privacy policy. What works for one website might be irrelevant for another. With that disclaimer in mind, you could read the privacy policy that we follow, to get an idea of what privacy policies look like.