A website that collects personal information should have a privacy policy. A privacy policy tells your website visitors what your nonprofit will do with information gathered, how information is gathered, and how the information is stored.

Once you have a privacy policy in place, be sure you adhere to what is in your policy regarding collection, storage, and use of information.

Some special considerations related to privacy policies:

  • Links to other sites: If your nonprofit’s website provides links to websites of others, you may need to include third party privacy requirements into your policy.
  • Use by children: If your nonprofit’s website will be used or visited by those under the age of 13, there are specific requirements under the Children’s Online Privacy Protection Act of 1998 (COPPA). The state of California has the “California Office of Privacy Protection” with certain Privacy Policy provisions that apply to any website collecting data from California residents.
  • E-commerce: If you operate an e-commerce site, there are certain provisions you should include.

You can find a sample privacy policy from Standford Law School here. Do not just copy and paste a privacy policy onto your website. The privacy policy must factually state your actual practices, and having the final policy reviewed by counsel is a good idea.