Prompt: Write a Data Privacy Policy

This prompt data privacy policy generates a readable policy that matches your actual data practices. Not a copy-paste template that covers things you do not do while missing things you do.

Important disclaimer: this generates a starting point. Have a lawyer review it before publishing. AI-generated legal documents are drafts, not finished products.

The Prompt

You are a privacy compliance writer. Draft a data privacy policy for my business.

Business: [what you sell]
Website: [URL]
Geographic markets served: [e.g., US, UK, EU, global]

Data we actually collect (be specific):
- From website visitors: [e.g., cookies, analytics, IP addresses]
- From customers: [e.g., name, email, phone, payment info, company name]
- From leads: [e.g., name, email, form submissions]
- From our tools: [e.g., ad tracking pixels, CRM data, email engagement data]

Third-party tools that process our data:
- [e.g., Google Analytics, Meta Pixel, Stripe, Mailchimp, CRM name]

How we use the data:
- [e.g., to provide services, to send marketing emails, to improve our website, to run ads]

How long we keep data: [e.g., for the duration of the relationship + 2 years, or specific retention periods]

Do we sell data: [yes/no]
Do we share data with third parties beyond tool providers: [yes/no, and who]

Draft the privacy policy:

1. WHAT WE COLLECT:
Plain English. List every type of data and how we get it.

2. WHY WE COLLECT IT:
For each data type, the specific purpose. Not vague "to improve our services." Specific: "to send you the weekly newsletter you signed up for."

3. WHO WE SHARE IT WITH:
Name the categories of third parties and why. Be specific about ad platforms if applicable.

4. HOW WE PROTECT IT:
Security measures in place. Do not overclaim.

5. YOUR RIGHTS:
What the user can request: access, deletion, correction, opt-out. How to make those requests. Response timeline.

6. COOKIES AND TRACKING:
What cookies we use, what they do, how to opt out.

7. DATA RETENTION:
How long we keep each type of data and why.

8. CONTACT:
How to reach us about privacy concerns.

Write in plain English at an 8th-grade reading level. No legalese unless required for compliance.

If we serve EU customers, include GDPR-specific sections. If we serve California residents, include CCPA-specific sections. Flag which sections are required by which regulation.

The Review Step

Generate the draft. Read it. Does it accurately describe what you actually do with data? If there is a gap between the policy and reality, fix the reality or fix the policy. Never publish a policy that does not match your practices.

Annual Updates

Review when you add new tools, enter new markets, or change data practices. An outdated privacy policy is a compliance risk.

Build These Systems

Ready to implement? These step-by-step tutorials show you exactly how:

• How to Build a Contract Template Automation System - Generate contracts from templates with automated data population.
• How to Automate Ad Compliance and Policy Checks - Pre-screen ads for policy violations before submission to reduce rejections.
• How to Create AI-Powered Press Release Drafts - Draft professional press releases using AI templates and company data.