Privacy Policy Notice Template for the United States
Generate a bespoke document
What is a Privacy Policy Notice?
A Privacy Policy Notice is essential for any organization that collects, processes, or stores personal information in the United States. This document is legally required under various federal and state privacy laws and must be readily accessible to users. The policy should detail the types of information collected, processing purposes, sharing practices, security measures, and user rights. It must be regularly updated to reflect changes in data practices and evolving privacy regulations. Organizations operating across multiple jurisdictions may need to ensure compliance with additional requirements beyond US regulations.
About the Privacy Policy Notice
A Privacy Policy Notice is a mandatory legal document that informs users about how your organization collects, uses, shares, and protects their personal information. Under United States law, this disclosure is required for virtually any business or organization that handles personal data, whether through websites, mobile applications, or offline operations.
When do you need this document?
You need a Privacy Policy Notice if your organization operates a website that collects user information, runs an e-commerce platform, provides healthcare services, operates as a financial institution, or targets services to children under 13. The document becomes essential when you collect email addresses for marketing, use cookies or tracking technologies, share data with third-party vendors, or process sensitive information like health records or financial data. Even basic contact forms or newsletter signups trigger the requirement for a comprehensive privacy policy under federal regulations.
Key legal considerations
Your Privacy Policy Notice must accurately reflect your actual data practices and cannot contain misleading statements, as the FTC Act prohibits deceptive practices. The policy should clearly identify what personal information you collect, including cookies and tracking data, and specify all purposes for which you use this information. You must disclose all third parties with whom you share data and provide clear information about user rights, including how individuals can access, correct, or delete their information. The document should address data retention periods, security measures, and procedures for handling data breaches. Special attention must be paid to sensitive categories like children's data under COPPA, health information under HIPAA, and financial data under GLBA.
Legal requirements in United States
Federal privacy laws impose specific requirements that your Privacy Policy Notice must address. Under COPPA, if you target children under 13, you must obtain verifiable parental consent and provide detailed disclosures about children's data collection. Healthcare organizations must comply with HIPAA requirements for protected health information, while financial institutions must meet GLBA standards for customer financial data. The CAN-SPAM Act requires clear opt-out mechanisms for commercial emails, which must be reflected in your policy. State laws like the California Consumer Privacy Act may impose additional disclosure requirements if you serve residents of those states. Your policy must be written in plain language, prominently displayed on your website, and updated whenever your data practices change. The document should be easily accessible through a clear link in your website footer and provide contact information for privacy-related inquiries.
GOVERNING LAW
Applicable law
This Privacy Policy Notice is drafted to comply with United States law. Key legislation includes:
Explore 208,390+ legal templates
Explore 208,390+ legal templates
Genie's Security Promise
Genie is the safest place to draft. Here's how we prioritise your privacy and security.
Your data is private:
We do not train on your data; Genie's AI improves independently
All data stored on Genie is private to your organisation
Your documents are protected:
Your documents are protected by ultra-secure 256-bit encryption
We are ISO27001 certified, so your data is secure
Organizational security:
You retain IP ownership of your documents and their information
You have full control over your data and who gets to see it