Privacy Policy for WordPress Sites

Privacy Policy for WordPress Sites

There are so many different methods of building a website these days. With numerous platforms to use and so many components to address, it can be difficult for business owners to remember everything they need to do - especially when it comes to the legal stuff.

One incredibly important legal aspect of running an online business (regardless of what kind of business it is) is the necessity of a Privacy Policy. This article will detail what you need to know to write up an effective Privacy Policy that covers all the relevant regulations, specifically for those using the WordPress platform.

Need a Privacy Policy? Our Privacy Policy Generator will help you create a custom policy that you can use on your website and mobile app. Just follow these few easy steps:

  1. Click on "Start creating your Privacy Policy" on our website.
  2. Select the platforms where your Privacy Policy will be used and go to the next step.
  3. Privacy Policy Generator - Select platforms - Step 1

  4. Add information about your business: your website and/or app.
  5. Privacy Policy Generator - Add your business info - Step 2

  6. Select the country:
  7. Privacy Policy Generator - Add your business info - Step 2

  8. Answer the questions from our wizard relating to what type of information you collect from your users.
  9. Privacy Policy Generator - Answer questions from our wizard - Step 3

  10. Enter your email address where you'd like your Privacy Policy sent and click "Generate". Privacy Policy Generator - Enter your email address - Step 4

    And you're done! Now you can copy or link to your hosted Privacy Policy.

What's a Privacy Policy?

A Privacy Policy is a document that details the collection and use of information that happens between a company and its website visitors. Generally, it focuses on things like what information is collected, the purpose of this collection, and whether it is shared or sold to third-party companies or remains confidential.

All websites will gather information on their visitors, and there are a number of different ways and reasons for doing this. Having a well-written Privacy Policy gives your business a professional edge and can build trust between you and your consumer while protecting you from any potential legal issues. It can also stop you from receiving potentially large fines for failing to comply with regulations issued by relevant government bodies.

Why Your WordPress Website May Need a Privacy Policy

Why Your WordPress Website May Need a Privacy Policy

When you sign up with WordPress to run your site, part of the registration process is your agreeance with the Terms of Service of Automattic, WordPress' parent company.

Here's part of the Terms of Service that requires you to comply with all applicable laws, including privacy laws:

WordPress Terms of Service: General Representation and Warranty clause

This means that if you don't have a compliant Privacy Policy, you're not only in breach of those regulations, but also of WordPress' ToS. This can result in the suspension of your account.

Screenshot of WordPress notice of violation of Terms of Service page

So, whether you run an e-commerce site, an online magazine, or simply use your website as a platform for your business, if you're collecting any personal information from your WordPress site visitors, you'll need a Privacy Policy.

Personal information might seem like a broad term, but it will usually apply to things like contact names, email addresses, credit card or bank details and even cookie-collected location data.

Here's an example of the type of personal information Evernote collects, which is a great reference for what you may need to include in your own policy. Does your business collect similar information? If so, include it in your policy.

Evernote Privacy Policy: What information does Evernote collect clause

While it might seem difficult trying to figure out the ins and outs of your own business' Privacy Policy, it really is quite simple, especially if you run your site through WordPress, the popular content management system (CMS).

It's important to note that no matter which CMS you use, whether it's WordPress, InfusionSoft, Wix, Joomla or any of the other various options, you are required to write and include a Privacy Policy.

You don't need a legal degree to successfully write up a Privacy Policy, and while there are plenty of organizations that can do it for you, it's easy enough to do yourself.

There are several pieces of information you need to include in your Privacy Policy, such as:

  • What information you collect from your users and site visitors (such as names, email addresses and contact details)
  • The ways you collect this information (for example, registration forms, user comments and cookies)
  • Whether you collect information from minors, and/or whether parental supervision is required for those under a certain age
  • Information about your cookies usage, and a link to the separate Cookies Policy (if you have one)
  • Make clear reference to any third-party software or companies that will also collect this information, such as Google Adsense, Amazon Associates, Infolinks and Adsterra
  • The ways users can block cookies from tracking their activity on your site and opt-out of third-party advertising
  • Links to Privacy Policies of third-party software you're affiliated with
  • Your contact information (so your users can easily connect with you if they have any issues, queries or questions)

There are many reasons why, as a business owner or CEO, you should write up and maintain a Privacy Policy for your website. Two main reasons are to create a safer online environment for your clients and customers, and to ensure you're following the particular laws and regulations that relate to online privacy.

Google does a great job of providing users with a detailed Privacy Policy, including a menu that lists everything from the type of information collected and the reasons behind the collection, to how they keep such information secure, and the compliance and regulations they abide by.

Contents menu of Google Privacy Policy

Including a menu like this in your Privacy Policy helps your users navigate quickly to relevant sections and get an overview of what types of topics they can read about. This is good for transparency and accessibility.

Regulations You Need to Know About and How to Comply

Regulations You Need to Know About and How to Comply

These regulations include the California Online Privacy Protection Act (CalOPPA) in the US, which is a broad-reaching set of regulations that aims to protect online users and their personal information, the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, the General Data Protection Regulation (GDPR) in the EU, and the Privacy Act of 1988 in Australia.


CalOPPA is a U.S. state law from California that protects online users and the personal information they give out on websites. When this law came into effect in 2004 (and was amended again in 2013), some businesses struggled to figure out whether it affected them or not - especially if they weren't located in the US.

A simple way of looking at it is like this: if your website has the potential to gain personal information from users who live in California, you need to include CalOPPA aspects in your Privacy Policy - even if you're based elsewhere like Europe or Australasia.

Under CalOPPA law, personal information applies to things like first and last names, street addresses, email addresses and/or mobile phone and landline numbers, birthdates, IP addresses and other identifying pieces of personal information.

To make sure your Privacy Policy covers everything CalOPPA requires of you, you need to include a link on your site's homepage, which is generally placed in the footer.

This link needs to be conspicuous, meaning it should stand out from the background and the rest of the text around it, and it should also include the word "privacy."

You also need to ensure your Privacy Policy contains the following:

  • The date your most recent Privacy Policy came into effect
  • The various types of personal information you collect from users
  • Any third-parties who may also gain access to that information
  • Whether your users can review and edit/delete their own previously collected information
  • The way you'll inform your users about any changes to your policy
  • Whether or not you follow Do Not Track (DNT) requests
  • A notice regarding any collection of personal information from minors

Further, you're required to adhere to your stated policy. This simply means that you should be doing what your Privacy Policy says you do.

You might be surprised at how many businesses accidentally stray from their written policy, so it's important to keep in mind.

Tech giant Apple adheres to CalOPPA requirements by not only providing users with a very detailed Privacy Policy, but also adding a separate page that lists the privacy disclosures significant to California; namely Do Not Track requests, and collecting information from minors.

Apple Privacy Policy: Intro clause with California Privacy Disclosures link highlighted

These California disclosures are required by CalOPPA.

Apple California Privacy Disclosures for CalOPPA: Do Not Track and Notice for Minors clauses


The GDPR was created by the EU Parliament and came into effect on the 25th of May, 2018. It aims to give online users higher levels of control over the data they share online, as well as providing users with enhanced rights when it comes to their data.

Similarly to CalOPPA, even if you're not based in the EU, if your website caters to anyone from the EU, regardless of your product or service, then you will need to keep it in mind when you're writing up your Privacy Policy.

While you'll need to include aspects that have already been covered due to the standard Privacy Policy and CalOPPA requirements, the GDPR has a few additional points that must also be covered to make sure you're compliant.

These additional points are:

  • How long you keep user data
  • How secure the collected data will be when it's in your possession.
  • A reiteration of your user's rights
  • Contact details of your Data Controllers, Processors and DPO if applicable

Password management system LogMeIn includes an entire section dedicated to the GDPR in its Privacy Policy. This provides precise detail to users regarding all the aspects they should know about, and is a helpful approach to take.

LogMeIn legal links menu with GDPR highlighted

Your Privacy Policy should not be too wordy or riddled with legalese. Remember, your users are likely not from a legal background, so you want to tailor your policy in a way that makes it as clear and transparent as possible to anyone reading it.

To be compliant with regulations, a conspicuous hyperlink to your Privacy Policy should be visible on your homepage, down in the footer. This can easily be set up through WordPress if your theme allows for footer widgets, which you can access through the Customization tab.


No matter which platform you use to host your website, you'll have to include a Privacy Policy. It's the best business practice for today's digital age, and is important to protect both you and your users.

Here's a basic rundown of how to approach Privacy Policies for your WordPress site/s:

  • If your site collects anything considered to be personal information (even if it's just an email address) from visitors, you're required to have a Privacy Policy.
  • If you're catering to (or could potentially cater to) users from the EU or California, you're required to follow both the GDPR and CalOPPA requirements for your Privacy Policy.
  • Make your Privacy Policy easy accessible from your WordPress site. A common place to do this is within the website footer.

And remember to keep updating your Privacy Policy and notifying your users as any changes within your business occur, whether it's how the information is collected, where it's stored, who it's shared with, or simply a change of your own contact details.