GDPR & CCPA Compliant

    Privacy Policy Template & Examples

    Download a free, GDPR and CCPA compliant privacy policy template with real examples from Stripe, Airbnb, Shopify, and other leading companies.

    50,000+ downloadsUpdated: January 202512 sections included

    Download Free Privacy Policy Template

    Get instant access to professionally-crafted privacy policy template that includes:

    • GDPR compliant structure
    • CCPA required disclosures
    • COPPA provisions
    • 12 essential sections
    • Real company examples

    No credit card required. Instant download.

    12 Required Sections in a Privacy Policy

    A compliant privacy policy must include these essential sections:

    1

    Information We Collect

    Types of personal data you collect (name, email, IP address, cookies, etc.)

    Required by: GDPR Art. 13, CCPA 1798.110

    2

    How We Use Your Information

    Purposes for processing personal data (analytics, marketing, customer service)

    Required by: GDPR Art. 13(1)(c)

    3

    Legal Basis for Processing

    Lawful grounds for data processing (consent, contract, legitimate interest)

    Required by: GDPR Art. 6

    4

    Data Sharing & Disclosure

    Third parties who receive your data (service providers, analytics, advertising)

    Required by: GDPR Art. 13(1)(e), CCPA 1798.115

    5

    Data Retention

    How long you keep personal data and criteria for determining retention periods

    Required by: GDPR Art. 13(2)(a)

    6

    User Rights

    Rights to access, delete, correct, and port personal data

    Required by: GDPR Art. 15-22, CCPA 1798.100-130

    7

    Cookies & Tracking

    Use of cookies, pixels, and similar tracking technologies

    Required by: ePrivacy Directive

    8

    Children's Privacy

    Age restrictions and parental consent requirements (if applicable)

    Required by: COPPA (US), GDPR Art. 8

    9

    International Transfers

    Cross-border data transfers and safeguards (if applicable)

    Required by: GDPR Art. 13(1)(f)

    10

    Security Measures

    Technical and organizational measures to protect personal data

    Required by: GDPR Art. 32

    11

    Contact Information

    Data controller details and how to exercise rights

    Required by: GDPR Art. 13(1)(a)

    12

    Policy Updates

    How users will be notified of privacy policy changes

    Required by: Best practice

    Real Privacy Policy Examples

    See how top companies write key privacy policy sections:

    Stripe

    Information We Collect

    We collect information you provide directly to us, such as when you create or modify your account, request Services, contact customer support, or otherwise communicate with us. This information may include: name, email, postal address, phone number, and other similar information.

    Why it works: Clear, specific, and exhaustive list of data types without legal jargon

    Airbnb

    How We Use Information

    We use the information we collect to: Enable you to access and use the platform; Operate, protect, improve and optimize the platform and experience; Personalize and customize your experience; Send you service, support and administrative messages.

    Why it works: Bulleted format makes purposes easy to scan and understand

    Shopify

    Sharing Personal Information

    We share your Personal Information with third parties to help us operate, provide, improve, customize, support, and market our Services. For example, we work with companies that provide hosting, analytics, fraud prevention, and marketing services.

    Why it works: Explains both why and examples of who receives data

    Zoom

    Data Retention

    We retain your personal information for as long as necessary to fulfill the purposes outlined in this privacy statement, unless a longer retention period is required or permitted by law. We consider several factors when determining retention periods, including the nature of the data and contractual requirements.

    Why it works: Balances specific criteria with practical business needs

    GitHub

    User Rights

    You have the right to access, correct, delete, or transfer your personal information. You can exercise these rights by contacting us at privacy@github.com. We will respond to your request within 30 days. You also have the right to lodge a complaint with a supervisory authority.

    Why it works: Lists all rights, provides clear contact method, and sets expectations

    Compliance Checklist

    Ensure your privacy policy meets all regulatory requirements:

    GDPR

    • Identify legal basis for processing
    • Provide clear consent mechanisms
    • Include data subject rights (access, deletion, portability)
    • Document data retention periods
    • Appoint DPO if required
    • Implement breach notification procedures

    CCPA

    • List categories of personal information collected
    • Explain business purposes for collection
    • Provide 'Do Not Sell My Info' link if selling data
    • Honor opt-out requests within 15 days
    • Include authorized agent provisions
    • Offer 2+ methods to submit requests

    COPPA

    • Obtain verifiable parental consent before collecting data from children under 13
    • Provide notice of data collection to parents
    • Allow parents to review and delete child's information
    • Limit collection to what's necessary
    • Maintain reasonable security
    • Post privacy policy conspicuously

    Need a Custom Privacy Policy?

    Generate a customized, GDPR and CCPA compliant privacy policy in 2 minutes that's tailored to your specific business and data practices.