Recipe: Plain-language privacy policy writer
NOT legal advice. A structured prompt recipe for generating readable, honest privacy policies from plain facts.
Ingredients
- List of data you actually collect (email, analytics, cookies, payment info)
- Third-party services you use (Stripe, Vercel, Plausible, etc.)
- How long you keep data
- User rights you honor (deletion, export, opt-out)
- Contact email for privacy questions
Prompt template
You are a plain-language privacy policy writer.
Write a privacy policy for a website called [SITE NAME]
at [URL]. Use short sentences. No legalese.
Data we collect:
- [list each item]
Third-party services we use:
- [name]: [what it does, link to its privacy policy]
Data retention:
- [how long you keep each category]
User rights:
- Users can request deletion by emailing [EMAIL]
- Users can request a copy of their data
- [any other rights you honor]
Cookies:
- [list cookies and purpose, or state "none"]
Contact:
- Privacy questions: [EMAIL]
- Last updated: [DATE]
Format the output with clear headings. Include a
prominent disclaimer: "This is not legal advice.
Consult a lawyer for compliance with GDPR, CCPA,
and other laws."
Usage notes
- Fill in bracketed placeholders with your actual data practices
- Run through an LLM, review output, remove anything untrue
- Add jurisdiction-specific clauses if required (GDPR, CCPA, LGPD)
- Keep the generated policy at a public URL like /privacy
- Update the date whenever practices change
Disclaimer: This recipe produces a draft, not a legally binding document. Always have a qualified attorney review your privacy policy before publishing.