Privacy policies are used on websites to explain to the user how the organization is going to collect and use their digital data.


Civil society organizations should try to protect the privacy of the people they interact with. This means collecting the minimum amount of data possible, securing it as best you can, and destroying it when you are done.

Privacy policies are really “data use policies.” They explain what information is collected, how it is used, with whom it is shared, and how long it is kept. They should explain if and how a person can request that their information be returned or destroyed. They should make it clear how a person can contact your organization with a concern.

They apply to information that is actively submitted through a website (emails, phones, addresses, credit card) and that which may be passively collected by the system (computer address, etc).

Countries have different laws about data security and government access. You should identify which country’s laws apply, which will depend on where the servers storing the data are located.


Many websites collect a lot of information on the people who visit them. You should determine whether or not you really need that information, for what purpose, and, if you collect it, how you will protect it. You should also consider how you will share the information you collect with other organizations.

 If you don’t have a specific purpose in mind, and you’re not able to commit to high levels of web security, you may choose to not collect or store any identifiable information on your users. If you use a third party to host your website you will want to check that their approach to protecting users’ privacy and securing the information fits with your values.

Related Documents