Everything you need to sell online

Set up an online store in minutes to sell on a website, social media, or marketplaces.

How to Write a Privacy Policy for Your E-Commerce Store

How to Write a Privacy Policy for Your Ecommerce Store

11 min read

A privacy policy is a must-have for any e-commerce store. It not only reassures customers that their private data will be protected but also helps you meet regulatory requirements.

Since the privacy policy is essentially a legal document, writing it yourself can be tricky. You’ll have to assess how you treat customer data while also staying in line with government regulations. You’ll also have to communicate your policies in a clear, transparent manner without significant legalese.

In this post, we’ll show you how to write a privacy policy for your e-commerce store. The information in this article is for educational purposes only. A privacy policy is a legal document. We recommend consulting a lawyer before you apply any of the advice here.

How to sell online
Tips from e-commerce experts for small business owners and aspiring entrepreneurs.
Please enter a valid email address

Understanding the Privacy Policy

The privacy policy is simply a document clarifying how you collect, use and disclose data. It is NOT a declaration of your shipping, payment or returns policies; these usually come under “terms”.

There are several other names for this policy — “privacy statement”, “privacy declaration” or sometimes, just “privacy”. Their purpose remains the same: to inform users about their private data use.

At its heart, a privacy policy is meant to fulfill four roles:

  • Notify users about private data collection and usage
  • Give users a choice in opting out of data collection
  • Give users access to the collected data or contest its accuracy
  • Assure users that their data is secure

All of this helps assure users that their private data won’t be sold to third parties or put to malicious use.

In most countries, you are required to have a privacy policy by law. Since every e-commerce store collects some form of private data (such as emails or credit card numbers), it is absolutely necessary to include this policy prominently on your site.

Researching Your Privacy Policy Requirements

Before you write the policy, it’s important that you understand your own requirements, local regulations, and industry best-practices.

Here are a few things you must do before getting started.

1. Understand local regulations

Although you have significant operational freedom as an e-commerce store, there are still a few regulations you need to follow.

This will depend on three things:

  • How your business is incorporated
  • What kind of products you’re selling
  • What state/jurisdiction your business is based out of.

Some jurisdictions and product categories (such as food supplements) have higher regulatory requirements than others.

You can find these regulations by Googling your “state/country/county name/product + e-commerce regulations”.

Note that as the home of Silicon Valley, California is considered a leader in privacy laws. Most states and even countries look to California for direction when framing their own laws. Reviewing California’s privacy laws (CalOPPA) is a good idea when you’re starting out.

2. Understand your own data needs

What are you going to use customer data for? How are you going to store this data? Are there any proprietary data storage or analysis systems customers should know about?

These are some questions you must ask yourself before writing a privacy policy.

Most e-commerce stores will typically require the following data:

  • Email addresses and passwords (registering for the site)
  • Names, addresses and phone numbers (placing orders)
  • Credit card and other payment data (paying for orders)
  • Data collection and user tracking via cookies

You’ll need to mention clearly how you collect and store this data. In case the data only “passes through” your site (i.e. you don’t store it), like credit card information, you need to mention this as well.

It’s also important that you meet your country or state’s requirements about data collection. Some countries like the UK require clear declarations if you’re going to track usage via cookies.

Here are some data-related laws you should know about, based on your location:

3. Research industry norms

Unless you are operating in a very obscure industry, you’ll likely have tons of competitors running their own profitable e-commerce stores.

Of course, these stores would have their own privacy policies as well. You can usually find them in the site’s footer.

Here’s Zappos’ privacy policy, for example:

privacy

Before you write your own policy, research a few competitors. Don’t borrow their exact policies but take note of the following:

  • How the policy is written
  • What information they’ve included in the policy, what they’ve omitted
  • How they’ve handled data collection and disclosure
  • Do they give users a way to opt out of data collection?

You’ll often notice a few patterns. Consider these your industry norms. Try to follow them when writing your own policy.

Writing a Privacy Policy for Your E-Commerce Store

Once you’ve done your research, it’s time to write the privacy policy.

Here are a few things to follow when you’re doing this:

1. Make a list of everything you need to include

Start by making a list of everything you need to include in the policy. Again, this will depend on your regulatory requirements, industry norms and data needs.

Broadly speaking, your privacy policy should include the following:

  • What personally identifiable information you’re collecting
  • What personally identifiable information you’re sharing with third parties (such as email addresses or credit card data)
  • The process by which users can request changes to any collected data
  • The process by which you can notify users about any change to the policy
  • The privacy policy date
  • What measures you’ve taken to protect data (such as using SSL)

Note that much of this is required by law.

Besides the above, you’ll also want to include the following:

  • How you’ll treat reviews posted by users (and any personal data included in those reviews)
  • Whether there is a minimum age for users to view the site (might be required for stores selling sensitive products)
  • How you use cookies and other tracking data
  • Whether you store sensitive payment information, and if yes, where and how

2. Write your policy

With the above data handy, start writing your privacy policy.
To make the process easier, use a quality template to create the basic structure. You can reframe it in your own words.

Of course, you’ll need to customize the template to fit your business. If the template doesn’t cover any specific regulation you need to follow (based on your jurisdiction/product), add sections as necessary.
Keep a few things in mind when writing the policy:

  • Make the policy easy to read. It shouldn’t read like a blog post, but there is no reason to pepper it with legalese either. Make it formal without being too complex for average readers.
  • Keep the policy brief. It can be tempting to include everything under the sun in the policy, but that will just make it harder to read. If you need to include a lot of information, consider adding a summary at the top to make it more reader-friendly.
  • Include contact information. Give users phone numbers, email addresses and physical addresses where they can get in touch for clarification or redressal.
  • Include a date when the policy was last updated.

Tools like Free Privacy Policy can help you wrap up the text and keep all the important information in.

3. Share the privacy policy

Your privacy policy is supposed to do two things — communicate your trustworthiness and keep you within legal regulations.

As such, it’s important to make the privacy policy easily visible and accessible.

A standard practice is to include a link to the privacy policy on the homepage. For example, here’s Bonobos.com:

privacy policy

In fact, California’s privacy laws require every website to either include the privacy policy in full on the homepage or include a link to it on the homepage under the name “privacy”.

It’s also a good idea to include a link to the policy anywhere you’re collecting private information such as a newsletter or sign-up form.

For example, Target includes a privacy policy link on its sign-up form:

privacy policy in a sign up form

This tells customers that you collect data responsibly, increasing trust.

You can enable and edit Privacy Policy and other legal pages in your Ecwid store going to Control Panel → Settings → General → Legal Pages.

It’s possible to show your Privacy Policy in a pop-up or link it to a separate web page.

If you want to link your Privacy Policy in a pop-up like Target does, get the Privy App and create this field for your template. Here’s an example:

Privy App

Conclusion

The privacy policy is an essential part of any e-commerce store. You need it not just to reassure customers, but also to meet local regulations and requirements.

To write your own policy, you’ll need to first understand industry norms and regulations. You’ll then want to frame all of this in a reader-friendly yet legally robust document.

Finally, make the policy easily visible to anyone who lands on your site. This will help underscore that you take privacy issues seriously.

 

Table of contents

Sell online

With Ecwid Ecommerce, you can easily sell anywhere, to anyone — across the internet and around the world.

About the author

Jesse is the Marketing Manager at Ecwid and has been in e-commerce and internet marketing since 2006. He has experience with PPC, SEO, conversion optimization and loves to work with entrepreneurs to make their dreams a reality.

Ecommerce that has your back

So simple to use – even my most technophobic clients can manage. Easy to install, quick to set up. Light years ahead of other shop plugins.
I’m so impressed I’ve recommended it to my website clients and am now using it for my own store along with four others for which I webmaster. Beautiful coding, excellent top-notch support, great documentation, fantastic how-to videos. Thank you so much Ecwid, you rock!
I’ve used Ecwid and I love the platform itself. Everything is so simplified it’s insane. I love how you have different options to choose shipping carriers, to be able to put in so many different variants. It’s a pretty open e-commerce gateway.
Easy to use, affordable (and a free option if starting off). Looks professional, many templates to select from. The App is my favorite feature as I can manage my store right from my phone. Highly recommended 👌👍
I like that Ecwid was easy to start and to use. Even for a person like me, without any technical background. Very well written help articles. And the support team is the best for my opinion.
For everything it has to offer, ECWID is incredibly easy to set up. Highly recommend! I did a lot of research and tried about 3 other competitors. Just try ECWID and you'll be online in no time.

Your ecommerce dreams start here

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.
Your Privacy

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information

More information

Strictly Necessary Cookies (Always active)
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Functional Cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Performance Cookies
These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.