Privacy Policy Notice Template for the United States

Generate a bespoke document

Trusted by 200k+ teams

4.7 Capterra
4.8 Product Hunt
4.6 Trustpilot

What is a Privacy Policy Notice?

A Privacy Policy Notice is essential for any organization that collects, processes, or stores personal information in the United States. This document is legally required under various federal and state privacy laws and must be readily accessible to users. The policy should detail the types of information collected, processing purposes, sharing practices, security measures, and user rights. It must be regularly updated to reflect changes in data practices and evolving privacy regulations. Organizations operating across multiple jurisdictions may need to ensure compliance with additional requirements beyond US regulations.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

Jurisdiction

United States

Publisher

GenieAI

Sector

Business

Cost

Free to use

Last updated

About the Privacy Policy Notice

A Privacy Policy Notice is a mandatory legal document that informs users about how your organization collects, uses, shares, and protects their personal information. Under United States law, this disclosure is required for virtually any business or organization that handles personal data, whether through websites, mobile applications, or offline operations.

When do you need this document?

You need a Privacy Policy Notice if your organization operates a website that collects user information, runs an e-commerce platform, provides healthcare services, operates as a financial institution, or targets services to children under 13. The document becomes essential when you collect email addresses for marketing, use cookies or tracking technologies, share data with third-party vendors, or process sensitive information like health records or financial data. Even basic contact forms or newsletter signups trigger the requirement for a comprehensive privacy policy under federal regulations.

Key legal considerations

Your Privacy Policy Notice must accurately reflect your actual data practices and cannot contain misleading statements, as the FTC Act prohibits deceptive practices. The policy should clearly identify what personal information you collect, including cookies and tracking data, and specify all purposes for which you use this information. You must disclose all third parties with whom you share data and provide clear information about user rights, including how individuals can access, correct, or delete their information. The document should address data retention periods, security measures, and procedures for handling data breaches. Special attention must be paid to sensitive categories like children's data under COPPA, health information under HIPAA, and financial data under GLBA.

Legal requirements in United States

Federal privacy laws impose specific requirements that your Privacy Policy Notice must address. Under COPPA, if you target children under 13, you must obtain verifiable parental consent and provide detailed disclosures about children's data collection. Healthcare organizations must comply with HIPAA requirements for protected health information, while financial institutions must meet GLBA standards for customer financial data. The CAN-SPAM Act requires clear opt-out mechanisms for commercial emails, which must be reflected in your policy. State laws like the California Consumer Privacy Act may impose additional disclosure requirements if you serve residents of those states. Your policy must be written in plain language, prominently displayed on your website, and updated whenever your data practices change. The document should be easily accessible through a clear link in your website footer and provide contact information for privacy-related inquiries.

GOVERNING LAW

Applicable law

This Privacy Policy Notice is drafted to comply with United States law. Key legislation includes:

GLBA: Gramm-Leach-Bliley Act - Federal legislation governing privacy requirements for financial institutions and the protection of customers' personal financial information

HIPAA: Health Insurance Portability and Accountability Act - Federal law that protects sensitive patient health information from being disclosed without patient consent

COPPA: Children's Online Privacy Protection Act - Federal law that imposes requirements on operators of websites or online services directed to children under 13 years of age

FTC Act: Federal Trade Commission Act - Provides broad consumer protection authority and enforces against unfair or deceptive privacy and data security practices

CAN-SPAM Act: Controlling the Assault of Non-Solicited Pornography And Marketing Act - Sets rules for commercial email practices and gives recipients the right to stop receiving them

CCPA/CPRA: California Consumer Privacy Act/California Privacy Rights Act - Comprehensive state privacy laws giving California residents rights over their personal information

VCDPA: Virginia Consumer Data Protection Act - State law providing Virginia residents with rights regarding their personal data

CPA: Colorado Privacy Act - State law establishing privacy rights for Colorado residents and obligations for businesses processing their personal data

UCPA: Utah Consumer Privacy Act - State privacy law providing Utah residents with certain rights regarding their personal data

CTDPA: Connecticut Data Privacy Act - State law establishing privacy rights for Connecticut residents and requirements for businesses processing their data

PCI DSS: Payment Card Industry Data Security Standard - Security standards for organizations that handle credit card data

FERPA: Family Educational Rights and Privacy Act - Federal law that protects the privacy of student education records

GDPR: General Data Protection Regulation - European Union privacy law with extraterritorial scope affecting businesses serving EU residents

PIPEDA: Personal Information Protection and Electronic Documents Act - Canadian federal privacy law governing how private sector organizations collect, use, and disclose personal information

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it