ClauseKit is a legal-tech platform, not a law firm. The tools and templates provided on this site are not legal documents and do not constitute legal advice, opinions, or recommendations.
We provide these templates to help you understand the standard structure and clauses typically found in professional contracts. However, because legal requirements vary by jurisdiction and specific business needs, we strongly recommend that you consult with a licensed attorney or legal firmto confirm and finalize any document before use. Use of this site does not create an attorney-client relationship.
Create a GDPR, CCPA, and CalOPPA compliant privacy policy for your website or app in minutes. No lawyer required. Generate a professional, legally-binding privacy policy generator in minutes. Completely free to download as PDF or Word.
No hidden fees, no paywalls, no "premium" features. Everything we offer is free.
We don't believe in gating legal access. Use our tools without ever creating an account.
Get your documents immediately in PDF or Word format, ready to sign and use.
Running an online store means handling some of the most sensitive personal data that exists: payment card numbers, home addresses, and full purchase histories. A generic privacy policy simply does not cover the specific disclosures required by PCI DSS for payment processing, or the opt-out rights mandated by the California Consumer Privacy Act (CCPA) for marketing lists. One non-compliant data breach can cost a small Shopify or WooCommerce store its payment processor — and its entire business.
Payment Data Handling: You must explicitly disclose that payment information is processed by a third-party provider (like Stripe or PayPal) and that you do not store raw card numbers. This protects you from PCI DSS liability and builds customer trust at the critical checkout stage.
Order History & Profiling: If you use a customer's purchase history to personalize marketing (as most modern e-commerce platforms do automatically), you must disclose this practice. Under GDPR, customers in the EU have the right to object to this type of profiling.
Shipping Address Usage: You must clarify whether you share shipping addresses with third-party logistics providers and whether those providers retain the data. This is a common gap that regulators have flagged in recent audits.
Return & Refund Data: Data collected during a return — like the reason for a return or a customer's dissatisfaction — is considered behavioral data and must be included in your policy's scope.
If you sell to customers in California, the CCPA requires you to provide a clear "Do Not Sell My Personal Information" link and honor opt-out requests within 45 days. If you sell to customers in the European Union, GDPR requires a legal basis for every type of data processing (consent, legitimate interest, or contract). Our generator handles both frameworks simultaneously, so you are covered no matter where your customers are located.
As a E-commerce Store, protecting user data is not just a legal requirement but a foundation of trust. Whether you use Shopify, WooCommerce, BigCommerce, you must disclose how you handle email, address, payment, order history.
Our generator specifically addresses payment processing, order data, shipping addresses, return policy data, product reviews to ensure you are compliant with laws like GDPR and CCPA and PCI DSS.
Our privacy policy generator generator is grounded in established legal principles and designed to help you comply with major global and local regulations.
