Privacy Policy for Lead Capture Tools

Privacy Policy for Lead Capture Tools

You can't include lead capture tools on your website or as part of your online marketing strategy without providing a Privacy Policy.

Privacy Policies are necessary if you plan on gathering personal information from anyone who lands on your website, enters their details into a lead capture tool or engages with your advertisements. The reason for this is because everyone has the right to know:

  • Who has access to their personally identifiable information
  • Why anyone is collecting this information in the first place
  • How the data is stored and handled
  • Which third parties, if any, the business shares this personal information with
  • What rights they have to opt out of data sharing and collection

Personal information, or personally identifiable information, is any data which can be used to identify an individual. This can be something as obvious as their name or their home address, or something less obvious like their IP address.

What's important is that, if you can identify a specific person, or a specific family, through the data, then it's personal information and you can't collect it without informing people that you're collecting it.

Since most companies operating online rely on some form of data analytics for their marketing purposes, whether it's data harvesting, cookies, or a lead capturing tool, you should assume that you need a Privacy Policy.

It's worth noting that, even if you don't capture or store personal data, you should still draft a brief Privacy Policy that expressly tells visitors that you don't collect any identifiable information about them.

Before we get started on drafting a Privacy Policy for lead capture tools, let's ensure we're clear on what lead capture tools are and why global privacy standards apply to them.

What are Lead Capture Tools?

The reality is that most businesses do not generate paying customers overnight. Potential clients will often check out a business and follow its progress before they try the product or service themselves.

Lead capture tools are, put simply, tools for generating potential customers. They help businesses turn cold leads or first-time visitors into loyal, paying clients. Lead capture tools include:

  • Pop-up newsletter sign up notifications
  • Embedded forms for filling in details
  • Invitations to join email lists
  • When a user provides some brief details in order to download a free resource, such as a whitepaper

What most lead capture tools have in common is that they help you build your email list. Whether you send out weekly newsletters, monthly long-form opinion pieces, or seasonal promotions, an email list gives you a whole host of possible leads to nurture into future customers.

Before we look at lead capture tools in action, let's make sure we're clear on why they're affected by privacy laws.

The Link Between Lead Capture Tools and Privacy Policies

We've touched on the idea that Privacy Policies are necessary for businesses collecting personal information from users. Why, though, is this the case?

Across the world, there are many laws regulating the collection and storage of personally identifiable information. For example, there's:

  • General Data Protection Regulation (GDPR) from the European Union
  • Personal Information Protection & Electronic Documents Act (PIPEDA) from Canada
  • California Online Privacy Protection Act (CalOPPA) from California

Luckily, these laws are all very similar in scope. The broad principle is that individuals have the right to tell businesses how they may use their personal details and whether they can share it with third parties for marketing purposes. Businesses should:

  • Never collect more information than necessary to fulfill a service or obligation to the user
  • Store personally identifiable information safely
  • Delete the data when it's no longer needed
  • Respect a user's decision to revoke consent to companies storing their information
  • Be accountable to users; meaning, they must explain what data they collect and why they need it

These principles have serious implications for businesses. For example, if a business uses an email hosting provider, such as MailChimp, it's sharing customer data with a third party to provide its services.

Businesses may also share customer data with server hosts, managed service providers, analytics companies, etc., for the purposes of storing data and securing it. At every stage, data must be properly safeguarded and shared only in ways which are specifically laid out in the Privacy Policy.

How to Create a Privacy Policy for Your Website

Need a Privacy Policy? Our Privacy Policy Generator will help you create a custom policy that you can use on your website and mobile app. Just follow these few easy steps:

  1. Click on "Start creating your Privacy Policy" on our website.
  2. Select the platforms where your Privacy Policy will be used and go to the next step.
  3. Privacy Policy Generator - Select platforms - Step 1

  4. Add information about your business: your website and/or app.
  5. Privacy Policy Generator - Add your business info - Step 2

  6. Select the country:
  7. Privacy Policy Generator - Add your business info - Step 2

  8. Answer the questions from our wizard relating to what type of information you collect from your users.
  9. Privacy Policy Generator - Answer questions from our wizard - Step 3

  10. Enter your email address where you'd like your Privacy Policy sent and click "Generate". Privacy Policy Generator - Enter your email address - Step 4

    And you're done! Now you can copy or link to your hosted Privacy Policy.

If you haven't been using lead capture tools and suddenly start to, you'll need to update your Privacy Policy to reflect this and should consider sending out or displaying an Update Notice to your users.

Before we consider Privacy Policies in more detail and how they relate to lead capture tools, let's look at some examples of lead capture tools and how these service providers are attempting to comply with the principles outlined above.

Newsletter Pop-ups

This is the pop-up users see when they visit a website's landing page. It encourages users to sign up for company's newsletter which gives them access to more material and promotional perks. These pop-ups rarely ask for much information because the goal is to get users inputting their data and moving onto the site as quickly as possible.

Vanity Fair uses this technique. When visitors land on the homepage, a newsletter sign up box appears and invites users to enter their email address to receive the top stories straight to their inboxes every day. You'll note there's also an option for users to reject this offer:

Vanity Fair email newsletter sign-up form

Other Pop-ups

Retailers often use pop-ups to highlight current promotions across their website. They encourage users to input just a few details in exchange for discounts or other benefits. In a competitive niche such as fashion, for example, this works well because potential customers feel like they'll get value from the promotion.

Hell Bunny, an online fashion retailer, uses this technique. When you first land on the site, a pop-up appears inviting users to input their email address and birthday in exchange for a discount on their first order. Users also get a special birthday treat discount, which is why this additional data is captured.

You'll note that Hell Bunny specifies, in small print, how it uses the data specified on the form, which encourages users to sign up:

Hell Bunny email sign-up form

Email Sign Up Bars

Some websites include invitations to subscribe to their newsletter embedded in the header, footer, or other prominent location. This is less direct than pop-ups because it lets users browse the site and then decide whether to enter their details or not.

Simba Sleep, an online mattress retailer, uses this technique. After scrolling to the bottom of each page on the website, users see a clear, concise bar asking them to enter their email address in exchange for a newsletter and exclusive offers.

Like Vanity Fair, Simba Sleep only asks for an email address as it keeps information collection to the minimum required to provide its services:

Simba Sleep email subscribe form

Embedded Forms

You can include embedded forms encouraging users to sign up for your newsletter anywhere across your site. For example, personal trainer Bret Contreras has a form embedded into the sidebar of his FAQs section which invites users to supply their email address and sign up for the newsletter.

Supplying a name is optional, because it isn't necessary to know someone's name to send them email newsletters:

Bret Contreras email sign-up form

As you can see, there are a number of different methods for using lead capture tools to get potential customers to stay in touch with your brand.

Requirements of a Privacy Policy for Lead Generation Tools


All Privacy Policies require the same broad clauses to be considered legally compliant. We will take a look at these clauses and specifically how they apply to lead generation tools.

Name and Contact Details

Tell users who you are and provide your full business address. Here's an example from Simba Sleep:

Simba Sleep Privacy Policy: Contact information clause

You should ideally place this information at the start of your policy, but the end is fine, too. Just make sure it's included somewhere.

What Data You Collect

Tell users, so far as possible, what data you collect from them. You can keep this clause reasonably vague, so long as it's clear you collect personal information, and that you give examples of what this information may include. Here's an example from Hell Bunny:

Hell Bunny Privacy Policy: What information we collect, when and why clause

Waterstones uses a bulleted list to disclose what types of personal data it may collect, which makes it really easy to read:

Waterstones Privacy Policy: What personal information do we collect clause

Why You Collect the Data

Users should know why you're collecting the information. In the case of lead generation tools, you're collecting the data to, in most cases, personalize the user experience, send them relevant information, and generally encourage them to come back.

Here's an example from Simba Sleep:

Simba Sleep Privacy Policy: Excerpt of How we use your information clause

And another example from Hell Bunny:

Hell Bunny Privacy Policy: Why do we store your details clause

You'll note that Hell Bunny makes it clear that users can revoke their consent at any time, too.

How You Use the Data

Don't just tell users what data you collect through your lead generation tools. Tell them how you use that data, and for what purpose. The clearer you are, the better.

Hell Bunny uses a list format to note a specific piece of data and then describe specifically what that piece of data is used for. This is a really user-friendly approach:

Hell Bunny Privacy Policy: How we use your data clause excerpt

Who the Data is Shared With

Be open with users if you share data collected through lead generation tools with other parties. This might be, for example, a third party who provides a user with a prize they won through your newsletter.

Here's how Waterstones words such a clause:

Waterstones Privacy Policy: Fulfilment of Products and Services clause

Here's a great, short and very standard clause you can use to disclose that you may share the information you collect through your lead capture tools with third parties for marketing purposes:

Generic Privacy Policy Marketing Communications clause

Again, you can keep these clauses fairly broad so that you're less restricted in who you share lead tool data with.

Always tell users how they can opt out of receiving marketing communications from you, or how they can request that you erase data you collected from lead generation tools.

Hell Bunny includes a clause for modifying, removing and opting out, as well as one for unsubscribing. This makes it very clear to a user how they can take control over what information the company has and how the information is used (if at all):

Hell Bunny Privacy Policy: How to Modify, Remove or Opt-Out and Unsubscribe clauses

Here's a good generic example of a clause that clearly and succinctly lets users know they can opt out of marketing messages, and how to do so:

Generic Privacy Policy Opt-Out of Marketing Communications clause

Make sure you're including an "unsubscribe" link at the bottom of every marketing message you send out! This is required by privacy laws.

Where to Display Your Privacy Policy

Where to Display Your Privacy Policy

However you draft your Privacy Policy, what matters is that users can find it and view it easily. You should link to the Privacy Policy from at least one of the following places.

Most companies put a link to a Privacy Policy in the footer. It's easily accessible and all users have to do is scroll to the bottom of the page to find it. Consumers are also accustomed to looking in a website footer for important links and policies.

Here's an example from Waterstones where the Privacy Policy link is placed in the Customer Services column of links in the footer:

Waterstones website footer with links

If you use tools like pop-up windows for newsletter sign up or promotional purposes, it's good practice to include a clear link to your Privacy Policy within the pop-up itself.

If you jump back up to the section of this article that shows examples of lead capture tools, you'll be able to see that a Privacy Policy link is included in the first few examples.

Close to Your Lead Capture Tool

If you don't use pop-ups, you should still put a link to your Privacy Policy somewhere close to any data capture boxes or embedded lists on your site.

Eve Sleep places its email subscribe form at the bottom of its website with the Privacy Policy link just a bit below it so both will be visible at the same time:

Eve Sleep website footer with email subscribe form and policy links

The easier your Privacy Policy link is to notice and access, the happier your customers will be. You'll also be complying with important privacy laws that require your Privacy Policy to be easily accessible.

How to Get Consent to Your Privacy Policy

You should ask users to 'opt in' to sharing their details with you in your lead capture tool. That way, you know that users explicitly consent to receiving emails from you. You should also make it clear that users can revoke consent at any time.

Kettlebell Kitchen has a very well-designed lead generation tool. Users don't just input their email address. They also tick a checkbox saying that they agree to be added to the database and confirm having read the Privacy Policy, which is linked right there:

Kettlebell Kitchen email sign-up form with checkbox for consent

Using a checkbox is practically fail-proof method of getting consent.


Generating new leads, or new customers, means collecting data from them. If you collect any personal data, or personally identifiable information, such as email addresses, names, and locations, then you're responsible for creating and publishing a Privacy Policy.

The Privacy Policy must tell people why you're collecting their data, how you use it for lead generation and marketing purposes, and how they can revoke consent or opt out of marketing communications.

It's best to keep your Privacy Policy user-friendly and easy to read. Place a link to it somewhere obvious, such as below your email signup tool, or embedded into a pop-up notification. Always add it to your website footer as well.

Remember, the moment you collect personal data from someone, you're responsible for what happens to it through your site. With a legally compliant Privacy Policy, you're showing potential customers that you take their privacy, and therefore their business, seriously.