Privacy Notice Template for the United States

Generate a bespoke document

Trusted by 200k+ teams

4.7 Capterra
4.8 Product Hunt
4.6 Trustpilot

What is a Privacy Notice?

A Privacy Notice serves as a transparent disclosure of an organization's data handling practices, required by U.S. privacy laws and regulations. This document is essential for businesses collecting personal information and must detail the types of data collected, purposes for collection, sharing practices, security measures, and individual rights. The Privacy Notice should be tailored to comply with applicable federal regulations (such as FTC requirements) and state-specific laws (such as CCPA). It's particularly crucial in today's digital landscape where data collection and processing are ubiquitous.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

Jurisdiction

United States

Publisher

GenieAI

Sector

Business

Cost

Free to use

Last updated

About the Privacy Notice

A Privacy Notice is your organization's formal commitment to transparency about data handling practices, serving as both a legal requirement and a trust-building tool with your customers or users. Under United States privacy law, this document must clearly communicate how you collect, use, share, and protect personal information while informing individuals of their privacy rights.

When do you need this document?

You need a Privacy Notice if your organization collects any personal information from individuals, whether through websites, mobile apps, in-person interactions, or business transactions. This requirement applies to businesses of all sizes, from small startups collecting email addresses to large corporations processing extensive customer data. Healthcare providers handling patient information, financial institutions managing account data, and online retailers collecting purchase information all require comprehensive privacy notices. Educational institutions, employers collecting employee data, and any organization targeting children under 13 must also maintain compliant privacy notices tailored to their specific data practices.

Key legal considerations

Your Privacy Notice must accurately reflect your actual data practices and cannot contain misleading statements, as the FTC actively enforces truth-in-advertising principles for privacy policies. The document should specify the categories of personal information you collect, the business purposes for collection, and any third parties with whom you share data. You must clearly explain individuals' rights regarding their personal information, including rights to access, correct, or delete their data where applicable. The notice should describe your security measures for protecting personal information and provide clear contact information for privacy-related inquiries. Regular updates are essential whenever your data practices change, and you must notify users of material changes to your privacy practices.

Legal requirements in United States

Federal requirements under the FTC Act mandate that privacy notices cannot contain deceptive statements and must accurately represent your data practices. If you handle children's data, COPPA requires specific disclosures and parental consent mechanisms for users under 13. Healthcare organizations must comply with HIPAA's detailed notice requirements, while financial institutions face GLBA obligations for safeguarding customer information. State laws add additional layers of complexity, with California's CCPA and CPRA requiring specific disclosures about data sales, consumer rights, and opt-out mechanisms for businesses meeting certain thresholds. Virginia's VCDPA and Colorado's CPA impose similar requirements with state-specific variations. Your notice must address all applicable laws based on your industry, the types of data you collect, and the states where you operate or have customers.

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it