The Do’s and Don’ts of Privacy Policies: A Guide to Not Scaring Your Users Away

Written By Jennifer Newton

Ah, privacy policies. The fine print that no one reads but everyone knows is lurking at the bottom of every website. Writing a privacy policy is like trying to make a vegetable smoothie—necessary, but tricky to make enjoyable. So, let’s inject a little humor into the process with this guide to the Do’s and Don’ts of crafting a privacy policy that won't make your users want to delete their browser history.

DO: Be Clear and Honest

No one’s here for a mystery novel.

Your users want to know what you're doing with their data, not unravel the plot of a conspiracy thriller. Tell them what you collect, why you collect it, and how you plan to use it. Straightforward. Simple. No twists where suddenly, you’re also collecting their astrological sign and favorite ice cream flavor for “research.”

DON’T: Write Like You’re a Lawyer with a Thesaurus

Just because it’s a legal document doesn’t mean it needs to sound like one. Sure, you need some legal jargon in there, but you don’t need to throw in words like "heretofore" and "aforementioned." No one has time to consult a dictionary just to figure out you're tracking cookies. Keep it conversational. You're not trying to impress Shakespeare—just explain your privacy practices.

DO: Mention Cookies (And Not the Delicious Kind)

Speaking of cookies, let’s get real: if your site is handing them out, you’ve got to spill the beans. No one likes a cookie monster sneaking around in the background. So, tell your users what kinds of cookies you’re collecting, how you're using them, and for how long they’ll be munching away on their data.

DON’T: Say “We Will Protect Your Data at All Costs”

Oh really? At all costs? Does this mean you're employing an elite squad of ninjas to guard your servers? Or maybe you've invested in a titanium vault straight out of a spy movie?

Unless you’ve hired Liam Neeson to ensure the safety of your users' personal information, it’s better to be realistic. Say you'll do your best to protect their data, but leave the action-movie promises out of it.

DO: Explain What You’re Doing with the Data

“We collect your email for totally legitimate reasons” won’t cut it. Be transparent! If you’re going to send users 37 newsletters a week or analyze their browsing habits to sell them ads for shoes they’ll never buy, just say so. The truth is, people appreciate honesty—even if it's just to prepare for the wave of emails.

DON’T: Pretend to Care About Privacy if You Don’t

If your site is essentially a black hole for personal information, don’t pretend you’re a privacy champion. Sure, your users want to know their info isn’t going to be sold to aliens, but don't over-promise and under-deliver. Keep it real.

DO: Provide an Easy Way to Opt-Out

Look, we’ve all signed up for something and later regretted it—whether it's a gym membership or that one free trial you forgot to cancel. Make opting out of data collection or communications easy and painless. Users shouldn’t have to send a carrier pigeon to get off your mailing list.

DON’T: Make It 72 Pages Long

If your privacy policy requires a scroll bar that’s half the screen, you’ve gone too far. This isn’t the next installment of War and Peace. People are here for a quick “this is what we do with your data,” not an epic saga that spans generations. Keep it short, keep it sweet, and get to the point.

DO: Make Sure It’s Up-to-Date

Your privacy policy shouldn’t look like it was written during the dial-up era. Privacy laws and regulations are constantly evolving (hello, GDPR), so make sure you’re staying compliant. Plus, nothing says “we don’t care” like an outdated policy referencing laws that haven’t been relevant since MySpace was a thing.

DON’T: Forget to Include Contact Information

If someone reads your privacy policy and has a question (probably a rare event, but still), they shouldn’t have to conduct a scavenger hunt to get in touch with you. Make sure you include a contact email or phone number. And no, “contacting our support bot that never responds” does not count.

DO: Throw in a Joke (Maybe Just One)

If your privacy policy is a bit of a snooze-fest (and let’s be honest, it probably is), it doesn’t hurt to add a little humor. You know, like maybe saying, “We promise not to spam you... unless it’s with pictures of adorable puppies.” A little lightheartedness can go a long way in building trust with your users.

DON’T: Forget Why You’re Doing This

At the end of the day, privacy policies exist to protect you and your users. It’s not just a box to check off. When done right, your privacy policy will inform users, build trust, and keep your business compliant.

And who knows? Maybe one day, someone will actually read it. Maybe.

Jennifer Newton
Previous

The Importance of a Dispute Provision: Because Not Every Disagreement Should End in a Duel
Next

Business Growth vs. Consumer Trust: Lessons from the Mielle Organics Controversy