Blog Details

Author - Varun Pathak

1. What is privacy policy?

A privacy policy is the legal document that states how the startup/website owners gather and intend to use customer information. It is the promise companies make to their users to use their sensitive information in a responsible way so as to win their trust. It usually functions on the principles of transparency, legitimate purpose and proportionality providing users with full assurance and knowledge of what they’re getting into.

Privacy policy is mostly not necessitated by law, but having one is the wise way to go about things, especially if you’re a web-based startup with an online presence intending to buy/sell products on the basis of sensitive consumer information. It is an absolute must if you intend to keep users’ banking and other financial details as they need assurance that their information and details are safe. People need to be assured that their privacy is not the price they’ll have to pay to access your services.

According to technologist, Gary Kovacs, ‘Privacy is not an option and it shouldn’t be the price we accept for just getting on the internet.’

Moreover, it fulfils the legal requirement guaranteeing customer protection. Having a privacy policy helps avoid a messy affair with legalities as a startup/website with a well-defined privacy policy can’t be called up for questioning regarding the same and thus is protected against unnecessary legal insinuations.

In India, the privacy policy guidelines are incorporated under the ‘Information Technology Act 2000 (IT Act 2000)’. It lays down provisions regarding data protection in India and is the only Act dedicated to this purpose.

2. Why is privacy policy important for startups?

It might very well be the case that the law doesn’t demand a privacy policy in the operating sphere of your startup, nevertheless, having one is always profitable. By law, you are dictated to have a well-drafted privacy policy for your startup if it does any of the following:

• Collects any personal data
• Shows any advertising
• Tracks visitor behaviour
• Accepts online payments

Not having a startup privacy policy, in the above-mentioned cases and otherwise, is a risky manoeuvre as not only would you be inviting a civil lawsuit and/or criminal proceedings, the customers need assurance that their sensitive information is safe and not getting exploited.

Watch this video to understand your standing if you fail to draft proper policies for your startup.

A good startup privacy policy must enlist details such as how you store customer information, how it is used and for what purposes, and whether or not you intend to share that information with other service providers and any other special clause that the user must be aware of. It is important as it is the first step towards building a solid readership which you can later convert into trustworthy buyers.

3. Mistakes made by startups in their privacy policy

Startups sometimes fail to understand the importance of this crucial document and in a sense of false security and juvenility decide either that they can do without any such document or simply copy it from somewhere. These, amongst others, are the biggest mistakes made by startups when it comes to a privacy policy. This can cost them in the long run. Here are top 5 mistakes made by startups in this area:

3.1. Not having a privacy policy

Whom do you first go to whenever you have some secret to share? Surely, your answer is that best friend of yours you’ve known for the longest of times and have grown to trust completely. Similar is the case with user information and companies. You cannot expect users to trust you with their sensitive information if you don’t provide them with proper assurance as to the safe and responsible use of the same. Having an easy-to-understand, simple and appropriate privacy policy goes a long way in establishing the much-needed trust of the user in you.

Moreover, it safeguards you from unnecessary legal hassles by acting as a protective covering to your business failing which can land you in trouble with the Department of Consumer Affairs. In fact, it is even illegal in many places for a company to operate without a privacy policy and not paying attention to this crucial detail is one of the biggest mistakes a startup can make which can have dire consequences.

3.2. Blindly copying the privacy policy of some other company

As a new startup with a lot on your hands you might figure it’d be ok not to invest much of your precious time in actually drafting a privacy policy for your business but to simply copy one from an already existing, successful company. This is one of the worst mistakes you can make. These companies you intend to copy from might just be corporate giants with perfect legal documents including privacy policy drafted by top attorneys, especially for them. But herein lies the problem. The privacy policies of these companies are drafted keeping them in mind and cater to their requirements highlighting ‘their’ intentions. And by blindly copying their policy, a company which might not even belong to the same kind of market as you, you make the mistake of de-personalizing your privacy policy and what you promise the users in it.

A copied policy won’t highlight your intentions and can misguide the users. Moreover, faulty editing of the copied terms can lead to legal issues later on if these terms are ever brought into question.

3.3. Not hiring a lawyer to draft your privacy policy

With a lot of professionals on your team who know just what they’re doing you might choose to believe that you don’t need another one just to draft a simple, not very important, document. This is another mistake you must avoid.

As you must be aware by now, the privacy policy is a crucial document and no matter how much research you might have done and how many templates you might have explored, a professional touch can’t be done without. A startup lawyer, with the right expertise, is what you need. They know their job well and will provide you with a fool-proof privacy policy compatible with your company and its intentions. This will also save you from probable legal hassles as the word of a professional is highly unlikely to be called into question.

You can find adept startup lawyers to draft privacy policy for you here at Lawyered

3.4. Having a privacy policy that contradicts state laws

No one is above the law. Neither is your startup. As in any work of life, you cannot afford to not abide by the rules and regulation of the law in this venture. You need to keep the government laws regarding the issue in mind while drafting a privacy policy, failure to do which can land you in trouble and can very well spell the end for you.

Moreover, many a times state laws differ and you need to adjust accordingly. Not accommodating for this can stir trouble for you. It is best to approach a startup lawyer with expertise in the matter.

3.5. Making promises you don’t intend to keep

The best privacy policy is one that sticks to the point and does not mislead users by making false promises. It might seem like an enticing idea to make extravagant promises in order to attract and please potential users but failure to keep them up will only lead to problems and can make managing your dream into a nightmare, both PR and legal. Your extravagant promises can be brought into question and failure to keep them can land you in legal trouble.

In this endeavour, it is very important that the entire team, especially marketing and business sections, abide by the promises made in the privacy policy and do not end up embarrassing the company.

Moreover, you need to keep on updating your terms in accordance with changing times and keep your users in the loop regarding the same. Facebook is one of social networking site that often fails to inform users about such changes and has had to face a lot of propaganda and insinuations regarding the same. Make sure you, as a startup, never follow in the footsteps of this networking giant.

Many have been spat by Facebook by its vague privacy policy and brazen application of changes in the same. Dave Carroll, a professor of media got into an awkward situation with facebook over behavioural advertising. The dispute was taken over to Twitter and was done away with in a very shoddy manner by the website in haste to cover its mistake.

You can follow the whole dispute either on Dave Carroll’s Twitter handle, or read about it in his own words on medium.

Avoiding these privacy policy blunders will definitely help secure your startup and build customer trust in your brand.

4. How to write your own privacy policy

If you still persist on writing on your own privacy policy, you must keep certain things in mind.

• It should be written in a readable language understandable to a 9th grader.
• It should be considered a part of your site and designed accordingly
• It must be short, simple and to the point highlighting your intentions clearly, what information is being collected and what you intend to do with it
• It mustn’t be heavily worded with unnecessary, complicated jargon
• It should be easily accessible
• It should provide information on important matters like cookies and how you intend to put them into use
• It should be personalised to your startup or website laying down ‘your’ intended course of action
• Provide for regular updates on the same so as to keep in line with the changing standards

You must keep the above points in mind and provide users with an assurance of the importance of their information and clearly define your intended course of action regarding the same.

Lastly, you mustn’t forget to run your self-drafted privacy policy by a lawyer to get its legal standing certified. You might think your self-drafted private policy is a work of art detailing all your objectives and intentions, but lacing the legal know-how you might have missed some legally viable point that might just make the difference between a fool-proof privacy policy and a legally faulty one. A lawyer’s expertise will help you avoid getting in trouble over some seemingly trivial mistake.

If you wish to avoid such seemingly trivial but potentially fatal legal mistake with your startup privacy policy, consult a lawyer here at Lawyered.

5. Why you should not use a privacy policy generator

Privacy policy generators are online platforms that offer to write a privacy policy for you. It is the easy way out for the startups not willing to allocate their time in formulating a privacy policy because they are either disinterested or not financially stable enough to appoint a lawyer to do the same for them.

The internet is swarming with a plethora of sample templates and privacy policy generators to make you believe you can do without taking this aspect of business seriously and can have any de-personalized sample template turned into one of your most important customer related documents with just filling in a few blanks with your company information. This idea is bound to fail.

These generators just recycle the few sample templates that they have, making a few changes in company information and provide you with a dull, homogeneous document which might not be the least bit descriptive of your intentions. They are stoic, unimaginative and de-personal and must be avoided at all costs.

The only good generators are the ones that function on ‘Rule-Based Document Assembly (RDBA)’ technology which takes the pains to quiz you regarding your venture and generate a policy based on your answers. But since most generators don’t use this approach, it is better to dismiss this option

Here is a simple description of the types of privacy policy generators available to you:

6. Difference between privacy policy and Terms and Conditions

If you have done your thorough research into all things you need to know about the startup business, you surely must have come across the term, ‘Terms and Conditions’, possibly in relation with the privacy policy and must be wondering what the difference between the two is. Rest assured, the answer to all your queries lies below.

The two are different and are listed separately, though references can be made in one towards the other. While a privacy policy governs the way startups and websites use the user information regulated by law, T&C include netiquettes expected from the users. They underline the users’ rights and responsibilities, definitions, terms of proper use of the services offered, accountability for various online actions of the user and limitations imposed on them. They are the instruction manual for the user availing the services of the website whereas; privacy policy is a promise to the user.

While a privacy policy is mostly required by law, it is not the same in the case of T&C, but it is useful for a startup/website to have one to safeguard itself against potential abuse.

Hope you found the article an interesting read and gained as much from reading it as we did compiling it for you. Let us know if you have any queries on the matter. We would love to hear from you.