Smart Legal & Compliance
Tools for Modern Business 智能法律合规工具
为现代企业而生

Privacy Policy Generator

# Privacy Policy Generator Use this template to generate a privacy policy aligned with GDPR, CCPA/CPRA, COPPA, and PIPL. Replace bracketed text before publication and obtain legal review for the final policy. ## Homepage Tool Replacement Copy Title: Privacy Policy Generator Description: Generate a tailored privacy policy covering GDPR, CCPA/CPRA, COPPA, and PIPL requirements, including disclosures for data collection, use, sharing, user rights, children's privacy, cross-border transfers, retention, and security. Badge: GDPR / CCPA / COPPA / PIPL CTA: Generate Policy ## Privacy Policy Template Effective date: [Month Day, Year] Last updated: [Month Day, Year] ### 1. Who We Are [Company legal name] ("Company," "we," "us," or "our") provides [describe website, app, product, or service]. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you use [website/app/service name] or otherwise interact with us. Controller / business / personal information processor: [Company legal name] Address: [Company address] Privacy contact: [privacy email] Data Protection Officer or EU/UK representative, if applicable: [name/contact or "not applicable"] China personal information protection contact, if applicable: [name/contact or "not applicable"] ### 2. Personal Information We Collect We may collect the following categories of personal information: - Identity and contact information, such as name, email address, phone number, company, job title, and account credentials. - Commercial and transaction information, such as purchases, subscriptions, billing records, payment status, and customer-support history. - Internet or device information, such as IP address, device identifiers, browser type, operating system, log data, cookie identifiers, and usage analytics. - Professional or employment information, such as employer, role, business contact details, and professional profile information. - User content, such as documents, messages, form entries, prompts, uploaded files, and feedback you provide through the service. - Sensitive personal information, if collected, such as [precise geolocation, government ID, financial account data, health data, biometric data, children's data, or other sensitive categories]. - Inferences, such as preferences, service usage trends, and fraud or security risk signals. We collect personal information directly from you, automatically through the service, from service providers, from business partners, and from publicly available or legally permitted sources. ### 3. Purposes and Legal Bases We use personal information for the following purposes: - Provide, maintain, personalize, and improve the service. - Create and manage accounts, authenticate users, and provide customer support. - Process payments, subscriptions, invoices, and related transactions. - Communicate with you about service updates, security notices, and administrative messages. - Send marketing communications where permitted by law and your preferences. - Analyze usage, measure performance, debug issues, and develop new features. - Protect the service, prevent fraud, enforce terms, and maintain security. - Comply with legal obligations, respond to lawful requests, and establish or defend legal claims. Where GDPR or similar law applies, our legal bases may include performance of a contract, consent, legitimate interests, compliance with legal obligations, and, where applicable, protection of vital interests or tasks carried out in the public interest. Where PIPL applies, we process personal information when there is a lawful processing basis, such as individual consent, necessity for contract performance or human-resources management, legal duties, public-health or emergency necessity, legally permitted public-interest processing, processing of lawfully disclosed information within a reasonable scope, or other circumstances permitted by law. ### 4. Cookies and Similar Technologies We use cookies, pixels, SDKs, local storage, and similar technologies to operate the service, remember preferences, improve performance, analyze traffic, detect security incidents, and, where permitted, support advertising or measurement. You can manage cookies through browser settings and any cookie-preference tool we provide. Where required, we request consent before using non-essential cookies. ### 5. How We Disclose Personal Information We may disclose personal information to: - Service providers and processors that host, secure, analyze, support, or operate the service. - Payment processors and billing providers. - Professional advisors, such as lawyers, auditors, accountants, and insurers. - Business partners where you request or authorize the integration or disclosure. - Affiliates under common ownership or control. - Authorities, courts, regulators, or other parties when required by law or necessary to protect rights, safety, and security. - Successors in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets. We do not sell personal information in the traditional sense. If we engage in activities considered a "sale" or "sharing" under CCPA/CPRA, we will provide required notices and opt-out rights. ### 6. International and Cross-Border Transfers We may transfer personal information to countries or regions outside where you live. Where GDPR applies, we use appropriate transfer mechanisms such as adequacy decisions, Standard Contractual Clauses, or other lawful safeguards. Where PIPL applies and personal information is transferred outside mainland China, we will provide required notices, obtain separate consent where required, conduct personal information protection impact assessments where required, and use applicable transfer mechanisms such as security assessment, certification, standard contract, or other legally permitted mechanism. ### 7. Retention We retain personal information only as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the service, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, and maintain security. Retention periods depend on the category of information, the purpose of processing, legal requirements, limitation periods, and user preferences. When information is no longer needed, we delete, anonymize, or securely retain it as required by law. ### 8. Security We use reasonable administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. ### 9. Your Privacy Rights Depending on where you live, you may have rights to: - Access or know the personal information we process about you. - Request correction of inaccurate personal information. - Request deletion of personal information. - Object to or restrict certain processing. - Withdraw consent where processing is based on consent. - Request portability of personal information. - Opt out of sale, sharing, targeted advertising, or certain profiling where applicable. - Limit the use or disclosure of sensitive personal information where applicable. - Appeal a denied privacy-rights request where applicable. - File a complaint with a supervisory authority, regulator, or data protection authority. To exercise rights, contact us at [privacy email] or use [rights request link]. We may verify your request before responding. Authorized agents may submit requests where permitted by law and subject to verification requirements. ### 10. GDPR Notice If GDPR applies, you have the rights described above, including access, rectification, erasure, restriction, objection, portability, and withdrawal of consent. You may also lodge a complaint with your local supervisory authority. We provide information about our identity, contact details, purposes, legal bases, recipients, transfers, retention, rights, and whether providing information is required by contract or law at the time personal data is collected or otherwise as required. ### 11. CCPA/CPRA Notice for California Residents California residents may have the right to know, access, delete, correct, opt out of sale or sharing, limit the use and disclosure of sensitive personal information, and be free from discrimination for exercising CCPA rights. In the preceding 12 months, we may have collected the categories listed in Section 2, used them for the purposes listed in Section 3, and disclosed them to the categories of recipients listed in Section 5. We do not knowingly sell or share the personal information of consumers under 16 without required consent. If we sell or share personal information or use sensitive personal information beyond permitted purposes, we will provide a "Do Not Sell or Share My Personal Information" and/or "Limit the Use of My Sensitive Personal Information" mechanism as required. California requests may be submitted at [request link/email/toll-free number if required]. We honor legally required opt-out preference signals where applicable. ### 12. COPPA Children's Privacy Notice Our service is [not directed to children under 13 / directed to children under 13 / mixed audience]. We [do not knowingly collect / may collect] personal information from children under 13. If COPPA applies, we will: - Post a clear children's privacy notice. - Provide direct notice to parents where required. - Obtain verifiable parental consent before collecting, using, or disclosing personal information from children unless an exception applies. - Allow parents to review, delete, or refuse further collection or use of their child's personal information. - Limit child data collection to what is reasonably necessary. - Retain children's personal information only as long as necessary and delete it securely. - Require service providers handling children's information to maintain confidentiality, security, and integrity. Parent contact: [parent privacy email/address/phone] ### 13. PIPL Notice for Individuals in China If PIPL applies, we will process personal information in a truthful, accurate, complete, transparent, and purpose-limited manner. Before processing, we will notify individuals of our name and contact details, processing purposes and methods, personal information categories, retention periods, rights-exercise methods, and other legally required matters. For sensitive personal information, we will notify individuals of the necessity of processing and impact on personal rights and interests where required. For cross-border transfers, we will provide required information about overseas recipients and rights-exercise procedures and obtain separate consent where required. Individuals may have rights to know, decide, restrict or refuse processing, access, copy, correct, supplement, delete, withdraw consent, request explanation of processing rules, and exercise rights of close relatives over deceased individuals' personal information where permitted by law. ### 14. Automated Decision-Making If we use automated decision-making that has a significant impact on individual rights or interests, we will provide required transparency, safeguards, and rights to request explanation or refuse decisions based solely on automated processing where applicable. ### 15. Third-Party Links and Services The service may contain links to third-party websites, integrations, or services. Their privacy practices are governed by their own policies, not this Privacy Policy. ### 16. Changes to This Privacy Policy We may update this Privacy Policy from time to time. If changes are material, we will provide notice as required by law, such as by posting the updated policy, updating the effective date, or sending a direct notice. ### 17. Contact Us For privacy questions or requests, contact: [Company legal name] [Mailing address] [Privacy email] [Phone, if applicable] [Web request form, if applicable]