Privacy Policy Template

[Legal Name]
Privacy Policy

Last Updated: [DATE]

[Legal Name] ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy ("Policy") explains how we collect, use, store, and share your personal information when you use [Product / Service Name] (the "Service"), and the rights available to you.

Please read this Policy carefully before using the Service. By using the Service, you agree to this Policy. We may update this Policy periodically and will notify you of material changes via [notification method, e.g., email or in-product notice].

1. Data Controller

The data controller for this Service is:
- Company Name: [full legal company name]
- Registered Address: [business registration address]
- Privacy Email: [privacy@yourcompany.com]
- Data Protection Officer (DPO): [name / contact, or "Not applicable"]

2. Personal Information We Collect

2.1 Information You Provide Directly
- Account Info: name, email, password (stored encrypted), [other registration fields].
- Payment Info: transaction amount and payment status. Full card numbers are not stored by us — card data is processed by our payment processor (see Section 5).
- Communications: emails, support tickets, and feedback you send us.
- [Other business-specific fields, e.g., delivery address, business license.]

2.2 Information We Collect Automatically
- Device & Network: IP address, device model, operating system, browser type, time zone.
- Usage Data: pages visited, feature usage, activity logs, session duration.
- Log Data: request timestamps, error logs, performance metrics.
- [Other business-specific data, e.g., search history, playback records.]

[Optional]
- Location: collected with your authorization, for [describe purpose].
- Third-Party Login: basic profile information shared by [WeChat / Google / etc.] when you sign in through them.

3. How We Use Your Information

| Purpose | Legal Basis |
|---|---|
| Service delivery & maintenance | Contract performance |
| Billing & payment processing | Contract performance |
| Customer support | Contract / Legitimate interests |
| Service notifications (billing, security, policy) | Legitimate interests |
| Security & fraud prevention | Legitimate interests |
| Product analytics & improvement | Legitimate interests |
| Legal compliance | Legal obligation |
| Marketing — [describe content] (optional) | Your consent |

We may aggregate or anonymize data for statistical purposes. Such data cannot be linked to any individual.

4. Cookies & Tracking Technologies

| Type | Purpose | Disableable |
|---|---|---|
| Strictly necessary | Login sessions, core functionality | No |
| Functional | Language preferences, personalization | Yes |
| Analytics | Anonymous usage stats, product optimization | Yes |
| Marketing (optional) | Targeted ads and effectiveness measurement | Yes |

Analytics tools in use: [list tools and link to their privacy policies, e.g., Google Analytics]. You can manage your preferences via your browser settings or our Cookie Preference Center.

5. Sharing & Disclosure

We do not sell your personal information, including as defined under applicable laws such as the CCPA. We share your information only in the following circumstances:
- Service Providers: cloud, payment, support, and analytics vendors, bound by confidentiality. Payment card data is processed exclusively by our PCI-DSS certified payment processor, [Waffo Pancake], and is not stored on our servers.
- Business Partners: [if applicable, describe partner type and data scope; otherwise delete].
- Legal Requirements: where required by law, court order, or a lawful regulatory request.
- Business Transactions: in a merger, acquisition, or similar event, with advance notice and continued protections.
- With Your Consent: for any other purpose, with your explicit prior consent.

[Optional: For platform businesses, add a note on data sharing with counterparties. For third-party API integrations, describe the data flow to those providers.]

6. Data Security

- Encryption in transit: TLS / HTTPS.
- Secure storage: passwords and sensitive data are encrypted or hashed.
- Access controls: least-privilege principle; staff sign confidentiality agreements.
- Regular security audits and vulnerability assessments.
- [Additional measures, e.g., ISO 27001, SOC 2.]

In the event of a security incident affecting your rights, we will notify you and the relevant authorities within [timeframe, e.g., 72 hours of discovery] as required by law. Please keep your credentials secure and do not share them.

7. Data Retention

| Data Type | Retention Period | Upon Expiry |
|---|---|---|
| Account information | While active; [X] years after deletion | Delete or anonymize |
| Transaction records | Per regulations, typically [X] years | Delete or archive |
| Support records | [X] years | Secure deletion |
| Security audit logs | [X] months | Secure deletion |
| [Other data type] | [period] | [method] |

8. Your Data Rights

To exercise any right below, contact us; we respond within [e.g., 30 calendar days].

| Right | Description |
|---|---|
| Right to be informed | Know what data we collect and how we use it |
| Right of access | Obtain a copy of your personal information |
| Right to rectification | Correct inaccurate or incomplete data |
| Right to erasure | Request deletion under certain conditions |
| Right to restrict processing | Temporarily suspend processing in certain cases |
| Right to data portability | Receive your data in a machine-readable format |
| Right to object | Object to processing based on legitimate interests or marketing |
| Right to withdraw consent | Withdraw consent for consent-based processing |

You may also lodge a complaint with your local data protection authority.

9. Marketing & Opt-Out

With your consent, we may send marketing communications about [describe content types] via email, SMS, or in-app notifications. You can opt out at any time: click "Unsubscribe" in any email, disable marketing in your account settings, or contact us. Opting out does not affect essential service notifications (e.g., billing, security alerts).

10. International Data Transfers

Our servers and partners may be located in [list regions, e.g., Singapore, the United States]. For international transfers, we safeguard your data through:
- Data processing agreements incorporating EU Standard Contractual Clauses (SCCs).
- Transfers only to recipients with an equivalent level of protection.
- [Other safeguards, e.g., adequacy decisions, BCRs.]

11. Children's Privacy

The Service is intended for users aged [13 / 16 / 18] and above. We do not knowingly collect information from children below that age. If you believe your child has provided information, contact us immediately and we will promptly delete it.

12. Third-Party Links & Services

The Service may include links to, or integrations with, third-party services. This Policy applies only to data we directly collect. We are not responsible for third-party privacy practices and encourage you to review their policies before use.

13. Policy Changes

For material changes, we will provide at least [X, e.g., 15] days' advance notice via platform announcement or your registered email, and update the "Last Updated" date at the top of this page. Continued use after the effective date constitutes acceptance.

14. Contact Us

- Privacy Email: [privacy@yourcompany.com]
- Support Email: [support@yourcompany.com]
- Company Name: [full legal name]
- Mailing Address: [postal address]
- Business Hours: [e.g., Mon–Fri, 09:00–18:00 UTC+8]

This Privacy Policy is for general reference only and does not constitute legal advice. We strongly recommend having it reviewed by a qualified legal professional in your target market before publication.

[Legal Name] · [Website URL]

1. Data Controller

The data controller for this Service is:
- Company Name: [full legal company name]
- Registered Address: [business registration address]
- Privacy Email: [privacy@yourcompany.com]
- Data Protection Officer (DPO): [name / contact, or "Not applicable"]

2. Personal Information We Collect

2.1 Information You Provide Directly
- Account Info: name, email, password (stored encrypted), [other registration fields].
- Payment Info: transaction amount and payment status. Full card numbers are not stored by us — card data is processed by our payment processor (see Section 5).
- Communications: emails, support tickets, and feedback you send us.
- [Other business-specific fields, e.g., delivery address, business license.]

2.2 Information We Collect Automatically
- Device & Network: IP address, device model, operating system, browser type, time zone.
- Usage Data: pages visited, feature usage, activity logs, session duration.
- Log Data: request timestamps, error logs, performance metrics.
- [Other business-specific data, e.g., search history, playback records.]

[Optional]
- Location: collected with your authorization, for [describe purpose].
- Third-Party Login: basic profile information shared by [WeChat / Google / etc.] when you sign in through them.

3. How We Use Your Information

| Purpose | Legal Basis |
|---|---|
| Service delivery & maintenance | Contract performance |
| Billing & payment processing | Contract performance |
| Customer support | Contract / Legitimate interests |
| Service notifications (billing, security, policy) | Legitimate interests |
| Security & fraud prevention | Legitimate interests |
| Product analytics & improvement | Legitimate interests |
| Legal compliance | Legal obligation |
| Marketing — [describe content] (optional) | Your consent |

We may aggregate or anonymize data for statistical purposes. Such data cannot be linked to any individual.

4. Cookies & Tracking Technologies

| Type | Purpose | Disableable |
|---|---|---|
| Strictly necessary | Login sessions, core functionality | No |
| Functional | Language preferences, personalization | Yes |
| Analytics | Anonymous usage stats, product optimization | Yes |
| Marketing (optional) | Targeted ads and effectiveness measurement | Yes |

Analytics tools in use: [list tools and link to their privacy policies, e.g., Google Analytics]. You can manage your preferences via your browser settings or our Cookie Preference Center.

5. Sharing & Disclosure

We do not sell your personal information, including as defined under applicable laws such as the CCPA. We share your information only in the following circumstances:
- Service Providers: cloud, payment, support, and analytics vendors, bound by confidentiality. Payment card data is processed exclusively by our PCI-DSS certified payment processor, [Waffo Pancake], and is not stored on our servers.
- Business Partners: [if applicable, describe partner type and data scope; otherwise delete].
- Legal Requirements: where required by law, court order, or a lawful regulatory request.
- Business Transactions: in a merger, acquisition, or similar event, with advance notice and continued protections.
- With Your Consent: for any other purpose, with your explicit prior consent.

[Optional: For platform businesses, add a note on data sharing with counterparties. For third-party API integrations, describe the data flow to those providers.]

6. Data Security

- Encryption in transit: TLS / HTTPS.
- Secure storage: passwords and sensitive data are encrypted or hashed.
- Access controls: least-privilege principle; staff sign confidentiality agreements.
- Regular security audits and vulnerability assessments.
- [Additional measures, e.g., ISO 27001, SOC 2.]

In the event of a security incident affecting your rights, we will notify you and the relevant authorities within [timeframe, e.g., 72 hours of discovery] as required by law. Please keep your credentials secure and do not share them.

7. Data Retention

| Data Type | Retention Period | Upon Expiry |
|---|---|---|
| Account information | While active; [X] years after deletion | Delete or anonymize |
| Transaction records | Per regulations, typically [X] years | Delete or archive |
| Support records | [X] years | Secure deletion |
| Security audit logs | [X] months | Secure deletion |
| [Other data type] | [period] | [method] |

8. Your Data Rights

To exercise any right below, contact us; we respond within [e.g., 30 calendar days].

| Right | Description |
|---|---|
| Right to be informed | Know what data we collect and how we use it |
| Right of access | Obtain a copy of your personal information |
| Right to rectification | Correct inaccurate or incomplete data |
| Right to erasure | Request deletion under certain conditions |
| Right to restrict processing | Temporarily suspend processing in certain cases |
| Right to data portability | Receive your data in a machine-readable format |
| Right to object | Object to processing based on legitimate interests or marketing |
| Right to withdraw consent | Withdraw consent for consent-based processing |

You may also lodge a complaint with your local data protection authority.

9. Marketing & Opt-Out

With your consent, we may send marketing communications about [describe content types] via email, SMS, or in-app notifications. You can opt out at any time: click "Unsubscribe" in any email, disable marketing in your account settings, or contact us. Opting out does not affect essential service notifications (e.g., billing, security alerts).

10. International Data Transfers

Our servers and partners may be located in [list regions, e.g., Singapore, the United States]. For international transfers, we safeguard your data through:
- Data processing agreements incorporating EU Standard Contractual Clauses (SCCs).
- Transfers only to recipients with an equivalent level of protection.
- [Other safeguards, e.g., adequacy decisions, BCRs.]

11. Children's Privacy

The Service is intended for users aged [13 / 16 / 18] and above. We do not knowingly collect information from children below that age. If you believe your child has provided information, contact us immediately and we will promptly delete it.

12. Third-Party Links & Services

The Service may include links to, or integrations with, third-party services. This Policy applies only to data we directly collect. We are not responsible for third-party privacy practices and encourage you to review their policies before use.

13. Policy Changes

For material changes, we will provide at least [X, e.g., 15] days' advance notice via platform announcement or your registered email, and update the "Last Updated" date at the top of this page. Continued use after the effective date constitutes acceptance.

14. Contact Us

- Privacy Email: [privacy@yourcompany.com]
- Support Email: [support@yourcompany.com]
- Company Name: [full legal name]
- Mailing Address: [postal address]
- Business Hours: [e.g., Mon–Fri, 09:00–18:00 UTC+8]