We rank vendors based on rigorous testing and research, but also take into account your feedback and our commercial agreements with providers. This page contains affiliate links.
Professional Reviews

vpnMentor contains reviews that are written by our community reviewers. These take into consideration the reviewers’ independent and professional examination of the products/services.


vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

Affiliate Commissions Advertising

vpnMentor contains reviews that follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will take into consideration the independent, honest and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, at no additional cost to them. On listicle pages, we rank vendors based on a system that prioritizes the reviewer’s examination of each service, but also considers feedback received from our readers and our commercial agreements with providers.

Reviews Guidelines

The reviews published on vpnMentor are written by community reviewers that examine the products according to our strict reviewing standards. Such standards ensure that each review prioritizes the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may also take into consideration the affiliate commissions we earn for purchases through links on our website.

Privacy Policy for Websites - Free Template

John Norris Updated on 1st July 2023 Technology Researcher

Few entrepreneurs consider online privacy policy issues when they build their websites. However, with the General Data Protection Regulation (GDPR) laws being passed in the EU, that will have to change if they hope to do business there.

In this post, we’ll detail the elements of a successful privacy policy and provide a GDPR compliant, free-to-use template at the bottom of this page so you can begin constructing your own agreement

Online Privacy Policy Basics

First, let's take a look at some basic information about a website's online privacy policy.

What type of site needs a privacy policy?

Any website or service that collects data from users, tracking users with analytics, or displays ads needs one. If the business is located in the EU or plans on doing business with citizens with the EU, they will have to make sure their privacy policy is up to the GDPR standards.

Why are these policies necessary?

Your online privacy policy explains to users:

  • What information you gather
  • How you collect the information
  • How you store and protect the information

Is there a difference in the types of information collected?

Yes. Most policies separate personally identifiable information from non-private data.

The National Institute of Standards and Technology (NIST) defines personally identifiable information as:

“Any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.”

Non-private data is defined as:

“Information that may correspond to a particular person, account or profile, but is not sufficient to identify, contact, or locate the person to whom such information pertains.”

Examples include:

  • Browser type
  • Browser plug-in details
  • Local time zone
  • Date and time of each visitor request (i.e. arrival, exit on each web page)
  • Language preference
  • Referring site
  • Device type (i.e. desktop, laptop, or smartphone)
  • Screen size, screen color depth, and system fonts

Many users concerned with sharing this non-private data employ browser extensions to mask its availability.  Also, VPNs help avoid sharing certain types of non-private data. For instance, a VPN can mask the time of the site visit as well as the user’s local time zone. If you're interested in learning more about VPNs, click here.

Are there legal consequences if I do not post a privacy policy?

Yes. Collecting data without detailing the activity to users is punishable by law. You are also at risk if you violate the terms of your policy by collecting more than what you state or otherwise change the data collection/use without updating the policy.

Sites that aren’t GDPR complaint could face fines up to 20 million Euro or 4% of their global revenue.

Online Privacy Policy - Free-to-Use Templates

Thanks to their length and complexity, most online privacy policies go unread. In fact, one study found they are so cumbersome that it would take the average person about 30 full working days to actually read the privacy policies of the websites they visit in a year.

One of the changes that web owners will need to make to keep their privacy policy GDPR compliant is to shorten their privacy policy, making it concise and easy to understand.

Complex as they can be, they also address many users’ greatest internet-related concerns: data security, fraud protection, and personal privacy. And since online consumers are becoming more aware of privacy issues, it behooves a website owner to make the online privacy policy as clear and concise as possible. In the analysis below, we detail the most important sections of these agreements and offer free-to-use template language that cuts through the legalese.

Point #1: Information Collection

Every policy should explicitly describe what information the site collects and its’ collection methods and what will happen with the collected data.

Point #2: Information Use

After detailing the information collection, the policies then describe how the website owners use it. Facebook had trouble with this message when it sought to update its privacy policy in 2013. The company wanted to add language to its policy so it could use personal data about its members, including children under 18, for advertising purposes.

Facebook eventually abandoned this language when watchdog groups called it to the attention of the Federal Trade Commission. In 2014, Facebook rolled out a plain English version of their privacy policy, which cut the legalese by two-thirds.

Companies – and their websites – who take your data security seriously:

  • Never sell personally identifiable information to 3rdparties
  • Anonymize and/or encrypt the data to protect against breaches
  • Only store the data for a short period of time

Point #3: E-Commerce Considerations

For e-commerce platforms, the policy must stipulate the protective measures in place for personal financial information gathered to facilitate transactions. This encompasses data like credit card details, social security digits, or banking account particulars.

Point #4: 3rd Party Information Disclosures

There should be clear language about the website’s relationship(s) with 3rd parties. Ideally, your site will not sell or share personally identifiable information unless there is a legally compelling reason. It should also detail what your company does with non-private data.

Point #5: Information Security and Tracking

Today’s best privacy policies highlight their information security and detail cookie use.

GoGoogle endured privacy policy issues last year thanks to its cookie disclosures. The UK’s Information Commissioner’s Office forced the internet giant to include information about who may collect “anonymous identifiers” – which are similar to cookies – and the purposes to which the company put that data.

Point #6: Unsubscribe Methods

Every online privacy policy should state how a customer can unsubscribe from unwanted communications.

Point #7: Consent

The standard online privacy policy states that users agree to the policy simply by using the website. In addition, the policy must explain the rights of the individual, such as sending in a request to delete or change some of the data and/or seeing the data that was collected about them.

Click here for a template you can use.

Summary: Your Online Privacy Policy Enhances User Trust

Your privacy policy offers valuable protection for your company and your users. Most of all, it creates a heightened level of trust. By presenting plain English, straightforward policies that describe concrete protections, your site will have an advantage over competitors with complex, confusing policies.

The template language provided in this post should be a starting point only. Every website has different methods and intentions and the best privacy policies reflect a high level of customization. To ensure the effectiveness of your policy, consult with privacy lawyers and research other policies from companies similar to yours. Most of all, keep checking www.vpnmentor.com for more information on policy language and privacy issues.

We rank vendors based on rigorous testing and research, but also take into account your feedback and our commercial agreements with providers. This page contains affiliate links.

About the Author

John Norris worked as a tech writer, journalist, and instructional designer before turning to tech blogging in 2013. While focusing on digital security and privacy issues, he is interested in any tech area that can enrich people's lives.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback