PolicyKitGet started
All templates

Privacy Policy template

Customer-facing privacy notice explaining what personal data you collect, why, how long you keep it, and how people can exercise their rights. Required under GDPR Article 13/14 and CCPA.

gdpruk-gdprccpacpradpa-2018

Generate your privacy policy in minutes

Answer a few questions about your business and PolicyKit produces a tailored, professionally structured document — ready to export as PDF or Word.

Generate free

About this document

A privacy policy is a public-facing notice that tells individuals how an organisation collects, uses, shares, and protects their personal data. It explains people’s rights and how to exercise them. A clear and accurate privacy policy supports transparency and helps meet legal disclosure obligations.

Who needs one: Any business or website that collects personal data from customers, users, or visitors.

What a strong privacy policy covers

  • Identity and contact details of the data controller
  • Categories of personal data collected and their sources
  • Purposes of processing and the lawful bases relied on
  • Who data is shared with and any international transfers
  • Retention periods and data security overview
  • Individual rights and how to make a complaint

Regulations and frameworks this aligns to

PolicyKit references the standards relevant to your jurisdiction when it generates your privacy policy.

GDPR
The EU General Data Protection Regulation, governing how organisations collect, use, and protect personal data of people in the EU.
UK GDPR
The retained UK version of the General Data Protection Regulation, governing how organisations process the personal data of people in the UK.
CCPA
The California Consumer Privacy Act, granting California residents rights over how businesses collect, share, and use their personal information.
CPRA
The California Privacy Rights Act, which amends and expands the CCPA and established the California Privacy Protection Agency.
Data Protection Act 2018
The UK statute that supplements and implements data protection law alongside the UK GDPR, including law-enforcement and intelligence-service processing.

Frequently asked questions

What should a privacy policy include?

A robust privacy policy sets out scope, roles and responsibilities, the specific controls or procedures involved, and how compliance is monitored and reviewed, mapped to frameworks like gdpr, uk-gdpr, ccpa. PolicyKit structures all of this automatically based on your business.

Is this legal advice?

No. PolicyKit generates AI-assisted professional templates and starting points, not legal advice. Every document should be reviewed with qualified legal and compliance counsel before use.

Can I tailor it to my country?

Yes — PolicyKit tailors each document to your jurisdiction, including UK, EU, United States, Australia, Singapore, Hong Kong and more.

You may also need

Cybersecurity & Information Security

Protect your systems, networks, and data from cyber threats. Aligned with NIST Cybersecurity Framework and Cyber Essentials.

Data Protection & Privacy

Manage personal data lawfully and transparently. Covers GDPR, UK GDPR, and US privacy law (CCPA/CPRA) requirements.

Acceptable Use & Access Control

Define how employees and contractors may use company systems, devices, and data — and who can access what.

Incident Response

Prepare for, detect, contain, and recover from security incidents and personal data breaches. Includes breach notification obligations.

Ready to create your privacy policy?

Start free

PolicyKit provides AI-assisted templates and starting points, not legal advice.