How To Write An E-Commerce Privacy Policy That Wins Customer Trust

You buy hundreds of products from eCommerce stores every year. And have never interacted with any of their employees. You don’t know who are the faces behind the store.

But you did business with them because I trusted them.

Yes. you look for trust signals on their websites.

So what are these trust signals?

Contact address. Site security badges. Customer testimonials. About Us page.

And privacy policy.

The privacy policy may be a legal compliance thing. And most of your site visitors may not care about reading them. But they are important.

And if done well it can be an effective tool towards building customer trust.

Why privacy policy matters for your eCommerce store?

  • Buyers have privacy concerns.

A survey by KPMG reveals

55% of consumers decided against buying something online due to privacy concerns

82% are not comfortable with the sale of their data to third-parties.

And they are more worried today.

A survey by IDC says that 84% of customers have concerns about the protection of their personal data.

And 7 in 10 are more worried today than they were 2 years ago.

  • It’s a law.

There isn’t a single law governing Privacy Policies.

But, regulators have embraced a sectoral approach to regulate the protection of customer information.

So your privacy policy is not guided by one law. But portions of different laws-

Federal Trade Commission’s Fair Information Practice

Section 22575 of the California Business Code

CalOPPA: California Online Privacy Protection Act

Student Online Personal Information Act (SOPIPA)

Children’s Online Privacy Protection Act (COPPA)

Health Insurance Portability and Accountability Act (HIPAA)

Gramm-Leach-Bliley Act (“GLB Act”)

Not all laws will apply to your business. So you have to assess your data collection practices. And identify relevant laws applicable to your business.

Also, you need to follow state laws if you are serving the population of a particular state. This applies even if your business is operating outside the state.

Then there are laws related to advertisements and endorsements on your website. You need to make disclosures about this on your website.

Legal Compliance Checklist

  • If you collect email and other personal information then you need a privacy policy.
  • If your website runs Google’s Adsense then you need to include notices on cookies. You also need to use SSL (“Secure Socket Layer”) technology on your website.
  • If your website collects information from children (aged 13 or less) then follow the law under COPPA. And make necessary disclosures in your policy.
  • If you pay cash and gifts to customers to endorse your website then you need to make disclosures. Here’s Guides Concerning the Use of Endorsements and Testimonials in Advertising
  • If you are an affiliate/re-seller then you need to disclose about the seller of the product.
  • If any customer endorsements make claims that don’t reflect generally expected results. Then you need to make disclosures as per FTC “Generally Expected Results”
  • If your website makes any results based claims on your products, then you need to make disclosures.
  • Does your business sell digital goods? Or provide services or sell downloadable items?
  • Your customers need to register and enter into an appropriate customer product agreement.Customer product agreements constitute following basic types of agreements: Website Terms of Sale/service, Content License Agreement, Membership/Subscription Agreement.
  • Is your business a “Post-Transaction Seller”? A post-transaction seller receives customer billing information from third party affiliates? Yes, then you need to get informed consent from the third party customer.
  • If your business allows your website visitors to post text, video or image files on your website? Then you need to have some type of User Submission Policy. You also need a DMCA Policy and file a DMCA Registration Form with the Copyright Office.

A privacy policy gives peace of mind to buyers concerned with their personal data. It also prevents your business from getting sued.

And moreover, it enhances your reputation to bring in more sales.

So a privacy policy is important. It matters for your business.

What to include in your privacy policy?

  1. How do you collect data- You should provide a clear notice of your data collection practices. This includes-
      • What data is being collected?
      • How are you collecting data?
      • What are the primary and secondary uses of the data?
      • Will you share the data with other parties? If yes then with whom and for what purpose?
      • What security mechanism you have put to safeguard the confidentiality of the data?
      • Will you share data with law enforcing agencies if required?

Source: Amazon

  1. What choices does the customer have: The choice can be in the form of opt-out and opt-in. Opt-out means by default the customer agrees to allow the use of their data. Whereas in opt-in, the default is not to use personal data. You can use any choice but it is good to state it in your policy.


  1. How can customers access and correct their data: You must give customers access to their data. And correct any inaccuracies or delete information.

Source: Amazon

  1. How is data secured: You need to state data security measures you have in place to protect customer data.

Source: Amazon

  1. How do you enforce this policy: What should customers do in case of privacy policy violation? How should they contact your business? What’s the dispute resolution process? What steps are you taking to enforce the privacy policy?

Source: Google

  1. What to do in case of violation of privacy policy: Is your privacy policy subject to change? How often you plan to review your policy? Will you inform your customers while changing your policy?

Source: Google

Posting a privacy policy

  • Provide a hyperlink to your privacy policy on the homepage. The best way is to put it in the footer of your website that it is accessible from all pages.
  • Include a link to the privacy policy in forms.

How To Write A Privacy Policy?

In our discussion, we talked about laws guiding a privacy policy. We also discussed the key elements of a privacy policy.

But it is a legal document. And so leaves no margin for errors.

Drafting a privacy policy can be a tough ask for some people.

So what to do?

Here’s an easy solution 

  1. Take help of privacy policy generators available online like shopify, privacypolicies, and termsfeed. You need to provide them with some business details and the tool will generate a privacy policy for you.
  2. Take help from an attorney and get it legally vetted and customized to your business. It’s always best to be safe.
  3. Write it in simple English. Translate it to local languages in case your business is serving to other countries.

How did it go? Tell me your experience creating a privacy policy for your store? Have questions? Drop a line in the comments section.

After working 7+ years as a digital marketer for startups and large enterprises I quit my job to start EcommerceYogi. Here I share the exact same tactics which I have used to drive millions of users per month to e-commerce stores. Follow me on Linkedin and Twitter to stay connected.