Privacy Policy template — startup-friendly
A lawyer-reviewable starting point for a SaaS Privacy Policy. Not legal advice — customize and get counsel review before publishing. Plain language, GDPR + CCPA-aware.
How to use
Customize company + jurisdiction details, then get a lawyer to review before publishing.
Template (markdown)
copy-paste, replace {{PLACEHOLDERS}}# Privacy Policy
**Last updated**: {{DATE}}
## 1. Who we are
{{COMPANY NAME}} (`{{COMPANY NAME}}`, "we", "us") operates {{DOMAIN}}. We are a {{STATE/COUNTRY}} {{ENTITY TYPE}}. Our data-protection contact is {{EMAIL}}.
## 2. Data we collect
- **Account data** — email, OAuth identity (GitHub / Google / Apple), name
- **Usage data** — what you do in our product, how often, from which region
- **Support data** — messages you send us, attachments, metadata
## 3. Legal basis (GDPR)
- **Contract** — to deliver the service you signed up for
- **Legitimate interest** — product analytics and abuse prevention
- **Consent** — marketing emails, optional features
- **Legal obligation** — tax records, court orders
## 4. How we share
- With sub-processors (see /sub-processors)
- With legal authorities when required by law
- Never sold to advertisers
## 5. Retention
- Account data: as long as you have an account
- Logs: 12 months
- Backups: 90 days
## 6. Your rights
Access, correction, deletion, portability, objection, restriction — email {{EMAIL}}. We respond within 30 days.
## 7. Security
Encryption at rest + in transit. Regular security scanning (Securie) on every code change. Breach notification within 72 hours of discovery (GDPR Article 33).
## 8. Children
We don't knowingly collect data from anyone under 16.
## 9. Changes
We post changes here + email active users for material changes.
## 10. Contact
Email {{EMAIL}} for any privacy question.