Privacy notice checklist
A privacy notice should describe what your business does with personal data, in terms that match your forms and tools.
Check the notice against reality
- Does it describe the categories of personal data collected?
- Does it explain the purposes clearly?
- Does it match forms, sign-up flows, payment flows, support workflows, and marketing tools?
- Does it identify how someone can exercise rights or make a privacy complaint?
- Does it include a business contact for privacy questions?
Red flags
- Generic policy copied from another site
- Tools used but not mentioned internally
- No privacy contact
- No withdrawal or rights route
- Children’s data not considered
- Vendor processing not understood