Skip to main content
Web Development 4 min read

Your Business Website Needs a Privacy Policy (Here Is Why)

David Orlov

David Orlov

Founder, Orlov Digital · May 7, 2026

Every website I build includes a privacy policy page. Not because I'm trying to pad the page count. Because it's required. If your business website collects any information from visitors, you need one. And yes, your website almost certainly collects information.

Let me explain what counts and what your policy actually needs to say.

You're Probably Collecting Data Right Now

You might be thinking: "I don't collect data. I just have a website." But here's the thing. If your site has any of the following, you're collecting personal information:

  • A contact form (name, email, phone number, message)
  • Google Analytics or any tracking script
  • Cookies of any kind (most websites use them)
  • An email signup or newsletter form
  • A booking or appointment system
  • An embedded Google Map that loads third-party cookies

That covers the vast majority of business websites. If someone fills out your contact form, you now have their name and email address. That's personal data. Full stop.

It's Not Optional

California's CCPA, Virginia's CDPA, Colorado, Connecticut, multiple other states all have privacy laws that require websites to disclose what data they collect. If a single visitor from any of those states lands on your site, those laws can apply to you.

Then there's GDPR. If anyone from Europe visits your website (and they will, because the internet has no borders), the European Union's privacy regulation applies. GDPR requires clear disclosure of what you collect, why you collect it, and how people can request their data be deleted.

Google also requires a privacy policy if you use Google Analytics or Google Ads. It's right there in their terms of service. No privacy policy means you're technically violating the agreement.

Is someone going to sue your small business in Sedalia over a missing privacy policy? Probably not tomorrow. But the laws exist, enforcement is increasing every year, and it takes so little effort to get it right that there's no reason to skip it.

What a Basic Privacy Policy Should Cover

You don't need a 30-page legal document. For most small business websites, a clear and honest privacy policy covers these things:

  • What information you collect. Names, emails, phone numbers from your contact form. Analytics data like pages visited and time on site. Cookies your site uses.
  • How you use that information. To respond to inquiries. To understand how people use your site. To improve your services.
  • Who you share it with. Your email provider, your analytics service, your hosting company. Be honest about the third parties involved.
  • How long you keep it. Do you delete contact form submissions after responding? Do you keep analytics data for a year? Say so.
  • How people can contact you. Give visitors a way to ask questions about their data or request its removal. An email address works.

That's really it for a basic small business site. Write it in plain language. If a normal person can't understand your privacy policy, it's not doing its job.

Free Generators Exist (But Read What They Produce)

There are free privacy policy generators online that will create one for you based on a few questions. They're a decent starting point. But please read the output before you paste it onto your site.

I've seen generated policies that reference services the business doesn't use, claim compliance with regulations that don't apply, or include language clearly written for a completely different type of business. A privacy policy that doesn't match your actual practices is arguably worse than not having one, because now you're making promises you're not keeping.

Read it. Edit it. Make sure it actually describes what your website does.

You Don't Need a Lawyer (But I'm Not One Either)

Let me be clear: I'm a web developer, not an attorney. Nothing in this article is legal advice. For most small business websites with a contact form and basic analytics, a straightforward privacy policy written in plain English covers the bases. If your business handles sensitive data (medical records, financial information, data from children), talk to an actual lawyer.

For everyone else, a simple, honest policy is better than nothing. And nothing is what most small business websites have right now.

It Builds Trust

Beyond the legal requirements, there's a practical reason to have a privacy policy. People notice. When someone is about to type their phone number into your contact form, some of them will look for a privacy policy link in the footer. If it's there, they feel more comfortable. If it's not, some of them will hesitate.

Both orlovdigital.com and lemkocoating.com have privacy policy pages. I include one with every site I build because it's the right thing to do. It takes me about 30 minutes to write one that's specific to the site, and it stays there forever. There's no reason not to.

Keep It Simple and Honest

Don't copy a 10-page corporate privacy policy from a Fortune 500 company and paste it onto your five-page business website. It won't be accurate, nobody will read it, and it'll make your site look like it's pretending to be something it's not.

Write what's true. Say what you collect, why you collect it, and how someone can reach you about it. Put it on a page. Link it in your footer. Done.

If your website doesn't have a privacy policy yet, or if it has one that doesn't match what your site actually does, let me know. I'll take a look and tell you what needs to be there.

Related Articles

Website Security

SSL Certificates: What That Padlock in Your Browser Actually Means

That padlock matters more than you think.
Website Security

Why Your Website Is Getting Hammered with Spam Emails

Your contact form is wide open.

Let's talk

Need help with your website?

No pressure, no sales pitch. Just a straight conversation about what your business actually needs.

Get in Touch