Signbeesignb.ee
Templates
All templates

Technology Template

Free Privacy Policy Template

A privacy policy discloses how you collect, use, and protect personal data.

Template

Copy this markdown, replace the {{variables}}, and send via API.

Markdown
# Privacy Policy

**Company:** {{companyName}}
**Website:** {{websiteUrl}}
**Last Updated:** {{date}}

## Information We Collect

{{dataCollected}}

## How We Use Information

{{dataUsage}}

## Data Sharing

{{dataSharingPolicy}}

## Data Retention

{{retentionPolicy}}

## Your Rights

{{userRights}}

## Security

{{securityMeasures}}

## Contact

{{contactInfo}}

Send for e-signature

curl
curl -X POST https://signb.ee/api/send \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "content": "YOUR_RENDERED_MARKDOWN",
    "senderName": "Your Name",
    "senderEmail": "you@company.com",
    "recipientName": "Recipient",
    "recipientEmail": "recipient@email.com"
  }'

What happens next

  1. Signbee converts the markdown to a professional PDF
  2. Recipient gets an email with a signing link
  3. Both parties sign with an animated handwriting signature
  4. Both receive the signed PDF with a SHA-256 certificate

All signatures are legally binding under the ESIGN Act, eIDAS, and ECA.

More details

A privacy policy is a legal requirement in virtually every jurisdiction worldwide. If you collect any personal data — names, emails, IP addresses, cookies — you need one. It's not optional.

When is a privacy policy legally required? - GDPR (EU/UK): Required for any business processing personal data of EU/UK residents. Fines up to €20 million or 4% of global turnover. - CCPA/CPRA (California): Required for businesses meeting revenue or data volume thresholds. Must include a 'Do Not Sell My Information' link. - LGPD (Brazil): Modelled on GDPR with similar requirements and penalties. - Apple App Store / Google Play: Both require a privacy policy for any app that collects user data. No policy = no listing. - Google Analytics / AdSense: Google requires a privacy policy on any site using their tracking or advertising services.

What your privacy policy must disclose: 1. Data collected — Every category: personal identifiers, device data, location, cookies, payment info, behavioural data. Be exhaustive. 2. Collection methods — Forms, cookies, tracking pixels, third-party integrations, APIs. Users should understand how data enters your system. 3. Purpose — Why you collect each data category. Service delivery, marketing, analytics, personalisation, fraud prevention. Each purpose must have a legal basis under GDPR. 4. Third-party sharing — Who receives user data? Analytics providers, payment processors, advertising networks, cloud hosting. Name categories of recipients. 5. Retention periods — How long you keep each data category. 'As long as necessary' is too vague — specify timeframes. 6. User rights — Access, correction, deletion, portability, objection. Under GDPR, these are mandatory. Under CCPA, the right to know and delete. 7. Cookie policy — Types of cookies used (essential, functional, analytics, advertising), how to manage consent, and cookie duration. 8. International transfers — If data moves across borders, disclose the destination countries and legal mechanisms (SCCs, adequacy decisions). 9. Children's data — If your service is accessible to children, disclose COPPA compliance (US) or age verification requirements. 10. Contact information — How users can exercise their rights or file complaints.

Frequently asked questions

Is a privacy policy legally required?

Yes, in virtually every jurisdiction. GDPR (EU/UK), CCPA (California), LGPD (Brazil), and similar laws worldwide require businesses that collect personal data to publish a privacy policy. Apple and Google also require one for any app listed on their stores.

How often should a privacy policy be updated?

Review at least annually and update whenever you change data collection practices, add new third-party services, expand to new jurisdictions, or change how you use personal data. Always update the 'Last Updated' date and notify users of material changes.

Can a privacy policy be accepted electronically?

Privacy policies are typically presented rather than signed. However, for GDPR consent (marketing, cookies), active opt-in with a timestamp is required. Electronic consent mechanisms with audit trails provide the strongest evidence of compliance.

Related resources

Glossary

FERPA (Family Educational Rights and Privacy Act)

Blog

10 Best E-Signature APIs (2026)

Guide

How to Sign a Contract Online

Blog

E-Signature Compliance Guide

Send this template for signing — free, no credit card.

Read the docsGet started free