Back to docs
Recipe

Privacy Policy Template

A ready-to-customize privacy policy for your SaaS. Covers data collection, third-party processors, user rights, and retention.

What to include

  • Company name, contact email, and effective date
  • Types of data collected (account, usage, payment)
  • Purpose of collection and legal basis
  • Third-party services (hosting, analytics, payments)
  • Cookie usage and tracking technologies
  • Data retention periods and deletion procedures
  • User rights (access, rectification, erasure, portability)
  • International data transfers and safeguards
  • Children's privacy statement
  • Policy update notification method

Quick-start template

# Privacy Policy

**Effective Date:** [DATE]
**Company:** [LEGAL NAME]
**Contact:** privacy@[DOMAIN]

## 1. Information We Collect
- Account data: email, name, hashed password
- Usage data: pages visited, feature interactions
- Payment data: processed by [PROCESSOR], we store no full card numbers

## 2. How We Use Your Data
- To provide and maintain the Service
- To communicate updates and support responses
- To improve features through aggregated analytics

## 3. Third-Party Processors
| Processor   | Purpose        | Location |
|-------------|----------------|----------|
| Vercel      | Hosting        | US       |
| Stripe      | Payments       | US       |
| PostHog     | Analytics      | EU       |

## 4. Data Retention
We retain personal data for the life of your account plus 30 days
after deletion. Usage logs are retained for 90 days.

## 5. Your Rights
You may request access, correction, or deletion by emailing
privacy@[DOMAIN]. We respond within 30 days.

## 6. Cookies
We use essential session cookies and optional analytics cookies.
You may disable non-essential cookies in your browser settings.

## 7. Children's Privacy
Our Service is not directed to anyone under 16.

## 8. Changes
We will notify users of material changes via email and in-app
banner at least 14 days before the new policy takes effect.

Customization checklist

1Replace all [BRACKETED] placeholders
2Verify processor list matches your actual stack
3Confirm retention periods align with your data practices
4Add GDPR/CCPA-specific sections if applicable
5Have legal counsel review before publishing

Disclaimer: This template is for informational purposes only and does not constitute legal advice. Consult a qualified attorney to ensure compliance with applicable laws.