Tutorials UPDATED: 30 June 2023

What to Include in Your WordPress Privacy Policy

Jessica Day

10 min read

There’s a lot to consider when creating a website, especially when using the website builder WordPress. What will your color scheme include? What will the menu options contain? How does the user experience flow? Does it work on every browser type?

One critical element you may overlook is your website’s privacy policy. It may seem arbitrary, but it’s a fundamental building block of your website that you can’t afford to ignore.

In this article, I’m going to detail everything you need to craft the perfect WordPress privacy policy. From what a privacy policy is to creating one for your WordPress website, no stone will be left unturned. Let’s get started.

What is a Privacy Policy?

Website cookies, contact forms asking for your email address, payment transactions—there are dozens of ways that websites collect user data. Even your dedicated WordPress hosting website collects data.

A privacy policy is a document, usually in the form of a pop-up window, explaining to users how their data is collected, why it’s collected, and if it’s shared with third-party services while on your website. A detailed privacy policy instills trust between your website users and your company, while protecting your business from legal and regulatory violations.

Why Your WordPress Website Needs a Privacy Policy

First, if you’re collecting any personal information from your users, you’re going to need a privacy policy, end of story.

Second, when you sign up to use WordPress, you must agree to their terms of service, which includes a section about following privacy laws and regulations. If you decide to forego a privacy policy, you’ll not only be violating privacy laws, but also WordPress’ terms of service.

Try our Award-Winning WordPress Hosting today!

Violating WordPress’ terms of service can result in your website and account being suspended or ultimately terminated.

Privacy Laws and Regulations You Need to Follow

In 2018, Virginia and California proposed two bills addressing online privacy. In 2021, the number of online privacy bills jumped to 27.

In recent years, more and more people have become concerned about their online privacy and what companies do with their user data. Whether browsing Nike for new shoes or TrustRadius for an alternative to RingCentral, individuals want to know that their data is protected. As this sentiment grows, more laws and regulations are being introduced.

Below are some of the laws and regulations you’ll need to follow when setting up your WordPress website and privacy policy.


Adopted in 2016 and enforceable from 2018, the GDPR (General Data Protection Regulation) is perhaps the most well-known data protection regulation. The GDPR enhances individuals’ rights over their personal data and online privacy. It protects anyone in the EU (European Union) and EEA (European Economic Area).

The GDPR serves as a model for other data protection laws in other countries, including the CCPA (California Consumer Privacy Act). This regulation affected many businesses and nations, not just those in the EU when it was passed, as it applies to any company collecting personal information about individuals in the EEA, regardless of its location and the user’s citizenship or residence.


Brazil’s LGPD (General Personal Data Protection Law) was enacted in 2020 and is similar to GDPR. The LGPD regulates the collection and processing of personal data and visitor behavior of individuals, where that data is located, how it is processed and stored, and how that data is used to offer goods or services to users in Brazil.

The LGPD, like GDPR, combines several existing data laws under one unifying protection act. However, the LGPD does not specify a specific period for when enterprises must report data breaches, and the fines for violating the rules of the LGPD are lower than the GDPR.


Before GDPR or LGPD, there was California’s CalOPPA (California Online Privacy Protection Act of 2003). CalOPPA was the first state law in the United States requiring websites and online services to include a privacy policy on their websites.

CalOPPA affects websites well beyond California’s borders, as a website merely has to be accessed by a California resident to fall under CalOPPA.


Passed in 2018, the CCPA (California Consumer Privacy Act) further protects the privacy rights and consumer protections of residents of California. Under the CCPA, residents have the right to:

  • Know what personal data is being collected.
  • Know if their data is sold or disclosed.
  • Decline the sale of their data.
  • Access their data.
  • Request that a business delete personal information.
  • Exercise their privacy rights without facing discrimination.

Here’s a look at where other states stand in their efforts to pass privacy laws in the United States:

Image sourced from IAPP

Building Blocks of a Solid Privacy Policy

There are several essential elements you’ll need to include to protect your users and your business. Below is a breakdown of topics you’ll need to cover in your privacy policy:

  • You need to let your users know who owns the website or app they’re using. Additionally, include contact information so users can reach out to the correct parties with questions or concerns.
  • What user data is collected, including email addresses, names, physical addresses, contact details, social security numbers, payment details, etc. If you’re running a healthcare business and need to follow HIPAA compliance, you may also be handling sensitive information regarding patients’ medical history.
  • How user data is collected; for example, personal information from forms, numbers from a phone number forwarding service, comments, or cookies. In this section, you should also detail what features on your site collect data, like opt-in forms or social media buttons.
  • Explain in the privacy policy what you use user information for and why it’s collected. Include any third-party services the data is shared with and links to their privacy policies.
  • State whether you collect information from minors and if parental supervision is required. For example, the CCPA requires companies to implement processes to obtain parental consent for minors under 13 years for data sharing purposes.
  • How and where data is stored, and the amount of time it’s stored. Similarly, state how data is secured with information about safety and security procedures, including how data is transferred across borders and overseas.
  • List information about how your website collects and uses cookies, or link to your separate cookies policy. Let users know how they can block cookies from tracking their activity while on your site and how they can opt out of third-party advertising.

Remember, when creating your privacy policy, while something may seem obvious, it’s best to cover it in detail. Although most users won’t read every piece of an easy quoting software website privacy policy, for example, it’s better to cover everything than face fines or a WordPress suspension down the road.

Crafting a Privacy Policy for Your WordPress Website

To craft a privacy policy, you have three options: subscribe to a premium privacy policy tool, use a generic online privacy policy generator, or use WordPress’ privacy policy page and fill in your information.

I think WordPress’s privacy policy page is enough coverage for most businesses, but if you’re unsure or want to cover all of your bases, check with your lawyer or legal team. A basic privacy policy generator may not address all the information you need, and a subscription to a premium service can be pricey, with little additional benefit.

Here’s how to create a privacy policy in WordPress:

  1. From your dashboard, head to the Privacy page located under Settings. Review the information provided and choose whether you want to use WordPress’ privacy policy template or create a new one from scratch.

A WordPress editor page will generate headings and content that you can customize to meet your needs—perfect for when you need a basic disclosure or when you need to address the specifics of your auto attendant app, for instance.

  1. As you go through the template and fill in your information, double-check the template content for any incorrect or outdated information. WordPress does provide helpful information as you go through the template, explaining what each section means and providing examples of how to phrase it for your users.

Be particular as you fill in your information. Consult GDPR, CCPA, and other privacy regulations and laws as you move through each section. Once you’ve completed your privacy policy, review it and get ready to click publish on your WordPress privacy policy.

  1. A key aspect of every privacy policy is that it should be easy for your website visitors to find. Don’t bury it in a lengthy FAQs page on your affiliate marketing website, for example; instead, a good place to put it is on the footer menu of your site. That way, visitors can access it from any page on your website.

Finally, check your Pages tab to ensure your privacy policy page is live. If it isn’t, make sure to Publish your page. Go to your website and confirm the link to your new privacy policy page is working.

Get in the habit of checking your privacy policy page every so often to ensure the information is up to date and in compliance with WordPress’ terms of service.


When setting up your WordPress website, you may have overlooked privacy features. Although it’s a minor element of your website’s design, it’s a critical piece of compliance for your business and a reassurance for your visitors. It’s just as important as any contact form, domain name, or the overall website appearance, and it’s easier than figuring out how to apply for an EIN!

With the information from this article, you now know what a privacy policy is, what it should include, why it’s essential, and how to create your own WordPress privacy policy. With a perfectly crafted privacy policy under your belt, you can sit back, relax, and focus on all of those other “more important” website features.


About our Guest Author: Jessica Day is the Senior Director for Marketing Strategy at Dialpad, a modern business communications platform and call recording solutions provider that takes every kind of conversation to the next level—turning conversations into opportunities. Jessica is an expert in collaborating with multifunctional teams to execute and optimize marketing efforts, for both company and client campaigns. Jessica has also written for other domains such as Plutio and Virtual Vocations. Here is her LinkedIn.

Start Your 14 Day Free Trial

Try our award winning WordPress Hosting!


See how Pressidium can help you scale
your business with ease.