Yes, landing pages need a privacy policy if they collect any personal data. Most landing pages collect email addresses through forms, track visitors with analytics tools like Google Analytics, and run advertising pixels like Meta Pixel. All of this constitutes personal data collection under GDPR, CCPA, and CalOPPA, requiring a privacy policy even for a single-page site.
Landing pages are designed to do one thing: convert visitors into leads or customers. They collect email addresses, phone numbers, payment information, and more. They run analytics to measure performance. They fire advertising pixels to track conversions. Every one of these activities involves collecting personal data from your visitors.
Many marketers and business owners assume that because a landing page is "just one page," privacy laws do not apply. This is incorrect. Privacy laws like GDPR, CCPA, and CalOPPA apply based on what data you collect, not how many pages your site has. A single landing page with an email capture form and Google Analytics is collecting personal data from every visitor, and that collection triggers legal requirements.
This guide explains exactly when a landing page requires a privacy policy, what specific data collection activities trigger the requirement, how different landing page builders handle data collection behind the scenes, and how to add a compliant privacy policy to any landing page in minutes.
Does a Landing Page Need a Privacy Policy?
Yes, if it collects any personal data. And in practice, almost every landing page does. Here are the most common ways landing pages collect personal data, many of which happen automatically without the page owner realizing it.
Form Submissions
The most obvious data collection on a landing page is the lead capture form. When a visitor enters their name, email address, phone number, or any other personal information, that data is personal data under every major privacy law. GDPR defines personal data as any information relating to an identified or identifiable person. An email address is one of the clearest examples.
Analytics and Tracking
Even if your landing page has no form at all, analytics tools collect personal data. Google Analytics (GA4) collects IP addresses, device information, browser type, screen resolution, geographic location, and behavioral data about how visitors interact with your page. Under GDPR, IP addresses are explicitly classified as personal data. The Meta Pixel, Google Ads conversion tag, and other advertising scripts collect similar information.
Advertising Pixels
Landing pages that run paid advertising almost always include conversion tracking pixels. The Meta Pixel tracks visitor actions and matches them to Facebook user profiles. The Google Ads conversion tag tracks whether ad clicks result in form submissions or purchases. LinkedIn Insight Tag, TikTok Pixel, and Twitter Pixel all do similar things. Each of these scripts collects personal data from your visitors and sends it to a third party.
Cookies and Session Data
Landing page builders themselves set cookies for session management, A/B testing, and performance tracking. Your hosting provider logs IP addresses. Even without any deliberate data collection on your part, your landing page infrastructure is collecting personal data from visitors the moment the page loads.
Q: What if my landing page has no form?
If your landing page uses any analytics tool, advertising pixel, or sets cookies, it is still collecting personal data. IP addresses and device identifiers are personal data under GDPR. Even a form-free landing page with Google Analytics needs a privacy policy.
Q: Does a landing page with only a "Buy Now" button need a privacy policy?
Yes. If the button redirects to a payment processor like Stripe or PayPal, those services collect personal data. If you track clicks with analytics, that collects data too. The payment processor's data collection on your behalf still requires disclosure in your privacy policy.
What Landing Pages Typically Collect
Most landing pages collect far more data than their owners realize. Here is a comprehensive breakdown of the personal data commonly collected on landing pages, both actively through forms and passively through scripts and infrastructure.
| Data Source | Data Collected | Collection Method | Privacy Impact |
|---|---|---|---|
| Lead capture forms | Names, email addresses, phone numbers, company names, job titles | Active (user submits) | High |
| Google Analytics (GA4) | IP addresses, device info, location, page views, session duration, referral source | Passive (automatic) | Medium |
| Meta Pixel (Facebook) | Browsing behavior, conversion events, device identifiers, matched to Facebook profiles | Passive (automatic) | High |
| Google Ads conversion | Click IDs, conversion actions, device data, geographic location | Passive (automatic) | Medium |
| Payment processing | Credit card numbers, billing addresses, transaction details | Active (user submits) | Very High |
| Cookies (builder + tools) | Session IDs, A/B test variants, user preferences, return visitor tracking | Passive (automatic) | Medium |
| IP addresses via hosting | IP addresses, access timestamps, user agent strings | Passive (server logs) | Medium |
Did you know?
The Meta Pixel alone can match visitor behavior on your landing page to specific Facebook user profiles, even if the visitor never interacts with your form. This creates a direct link between a visitor's identity and their behavior on your page. Under GDPR, this constitutes processing of personal data and requires explicit consent in the EU, plus full disclosure in your privacy policy.
The key takeaway is that data collection on a landing page goes far beyond the visible form fields. The scripts running in the background, the cookies being set, and the server logs being generated all constitute personal data collection. Your privacy policy must account for all of this, not just the data visitors consciously provide.
Landing Page Builders and Their Data Collection
Different landing page builders collect different types of data automatically, beyond whatever you explicitly add to your forms. Understanding what your builder collects is essential for writing an accurate privacy policy.
| Builder | Built-in Data Collection | Privacy Policy Support |
|---|---|---|
| Unbounce | Session cookies, A/B test tracking, Smart Traffic AI optimization, visitor analytics, form submission data | Footer section supports privacy policy links. Does not generate a policy for you. |
| Leadpages | Analytics tracking, conversion tracking, session cookies, Leadmeter performance data, form submission data | Built-in footer link option. Templates include privacy policy link placeholder. |
| Instapage | Heatmaps, A/B testing data, session recordings (on some plans), analytics, form submission data | Footer customization available. Custom HTML for policy links. |
| Carrd | Minimal built-in tracking. Form submission data sent to connected services (Mailchimp, Google Sheets, etc.) | Footer container supports links. Pro plan allows custom code for consent banners. |
| ClickFunnels | Funnel analytics, page view tracking, order tracking, affiliate cookies, session data, payment processing data | Footer section in page editor. Templates often include policy link placeholders. |
| Webflow | Hosting analytics, form submission data, session cookies, CMS data if applicable | Full design control. Can create a dedicated privacy policy page or modal. |
The important point is that every landing page builder collects some data automatically, independent of what you add to your forms. Unbounce's Smart Traffic feature, for example, uses machine learning to route visitors to the best-performing page variant, which requires collecting and processing visitor data. Instapage's heatmap feature records mouse movements and click patterns. All of this must be disclosed in your privacy policy.
Did you know?
Many landing page builders integrate with dozens of third-party services through native integrations or Zapier connections. Each integration that receives visitor data (email service providers, CRM systems, SMS platforms) is a data processor that must be disclosed in your privacy policy. A landing page connected to Mailchimp, Salesforce, and Twilio has three separate third-party processors to disclose, even if the visitor only sees one form field.
When creating your privacy policy, do not just consider what your form collects. Map out every integration, every analytics tool, and every script running on your landing page. Each one represents a data flow that needs to be disclosed. If you use a privacy policy generator, make sure to include all of these services when answering the questionnaire.
Google Ads and Privacy Policy Requirements
If you are driving traffic to your landing page through Google Ads (formerly Google AdWords), there is an additional layer of privacy requirements. Google Ads policies require that landing pages comply with applicable privacy laws and provide adequate privacy disclosures.
This is separate from AdSense. AdSense is for publishers who display ads on their site. Google Ads is for advertisers who run ads that send traffic to their landing pages. Both have privacy policy requirements, but they apply in different contexts. If you are running Google Ads campaigns that point to a landing page, Google expects that landing page to have a visible privacy policy.
What Google Ads Checks
Google Ads reviews landing pages as part of its ad approval process. Ads can be disapproved if the landing page does not meet Google's requirements. While Google does not publish an exhaustive checklist, their policies state that landing pages must provide "a clear and accurate privacy policy" when collecting personal information. In practice, this means having a visible privacy policy link, typically in the footer, that leads to a page explaining your data practices.
Consequences of Non-Compliance
If Google Ads disapproves your ad for a landing page policy violation, the ad stops running until you fix the issue. Repeated violations can escalate to warnings and eventually account suspension. For businesses that depend on Google Ads for lead generation, losing ad access even temporarily can be very costly. Adding a privacy policy to your landing page before launching your campaign prevents this entirely.
Meta Ads (Facebook and Instagram) Requirements
Meta's advertising platform also has privacy requirements. If you use the Meta Pixel on your landing page, Meta's terms require you to disclose this in your privacy policy. If you use Custom Audiences or Conversions API, you must inform users that their data may be shared with Meta for advertising purposes. Landing pages running Meta ads without proper privacy disclosures risk ad account restrictions.
The bottom line: if you are spending money on ads to drive traffic to your landing page, the ad platforms themselves require you to have a privacy policy on that landing page. This is true for Google Ads, Meta Ads, LinkedIn Ads, TikTok Ads, and most other major advertising platforms. A privacy policy is not just a legal requirement. It is an operational necessity for running paid campaigns.
Where to Put a Privacy Policy on a Landing Page
Landing pages present a unique challenge for privacy policies. Unlike a full website with multiple pages and a consistent footer navigation, a landing page is often a single page designed to minimize distractions and maximize conversions. Adding a privacy policy link without disrupting the user experience requires some thought.
Option 1: Footer Link (Recommended)
The most common and most recommended approach is to add a small privacy policy link in the footer of your landing page. This is the standard placement that Google Ads reviewers look for, that privacy regulators expect, and that users are accustomed to finding. The link should say "Privacy Policy" and lead to your full privacy policy document. Footer links do not typically impact conversion rates because they are below the fold and visible only to users who scroll to the bottom.
Option 2: Separate Hosted Page
Create a dedicated privacy policy page on the same domain as your landing page. For example, if your landing page is at example.com/offer, host your privacy policy at example.com/privacy-policy. This is clean, professional, and gives you full control over the policy content. Most landing page builders allow you to create additional pages that are not part of your main funnel.
Option 3: Modal or Popup
Some marketers prefer to display the privacy policy in a modal or popup overlay. The footer link says "Privacy Policy," and clicking it opens a popup with the full text instead of navigating away from the landing page. This keeps the visitor on the page and avoids any risk of losing them during the conversion process. However, make sure the popup is easily scrollable and the full text is accessible.
Option 4: Link to Main Website Policy
If your landing page is a subdomain or subdirectory of your main website, you can link to the privacy policy on your main site. For example, if your landing page is at offers.example.com and your main site has a policy at example.com/privacy, you can link to it. However, make sure the main site's policy accurately covers the data collection happening on the landing page, including any tools or integrations specific to that page.
Did you know?
Google Ads specifically checks for a privacy policy link in the footer of landing pages that collect personal information. If Google's automated review system cannot find a privacy policy link on your landing page, your ad may be disapproved for "Destination requirements" violations. Adding a visible footer link before launching your campaign prevents this common rejection reason.
Q: Will adding a privacy policy link hurt my conversion rate?
No. Studies consistently show that footer links to privacy policies have no measurable impact on conversion rates. In fact, having a privacy policy link can increase trust and conversions for users who are privacy-conscious. The link is small, unobtrusive, and expected by modern internet users.
Q: Should I add a consent checkbox to my form?
If you serve visitors from the EU or UK, yes. GDPR requires affirmative consent for data processing. An unchecked checkbox that says "I agree to the Privacy Policy" with a link to your policy satisfies this requirement. For non-EU visitors, it is still a best practice but not always legally required.
Common Landing Page Privacy Mistakes
Here are the five most common misconceptions about privacy policies and landing pages, and why each one can lead to legal problems, ad disapprovals, or both.
Myth: "It's just one page, not a real website."
Reality: Privacy laws do not distinguish between single-page sites and multi-page websites. GDPR applies to any entity that processes personal data of EU residents. CCPA applies to any business that collects personal information from California residents. CalOPPA applies to any commercial website or app that collects personal information. The number of pages on your site is irrelevant. What matters is what data you collect.
Myth: "I only collect emails, that's not personal data."
Reality: Email addresses are one of the clearest examples of personal data under every major privacy law. GDPR defines personal data as any information relating to an identified or identifiable natural person. An email address directly identifies an individual. Collecting even a single email address triggers the requirement for a privacy policy that discloses how you collect, use, store, and protect that data.
Myth: "My ad platform handles compliance."
Reality: Ad platforms like Google Ads and Meta Ads have their own privacy practices and compliance programs, but these do not extend to your landing page. You are the data controller for the personal information collected on your landing page. The ad platform is either a separate controller or a processor, depending on the data flow. Either way, you have your own independent obligation to disclose your data practices in a privacy policy.
Myth: "Landing pages are temporary so policies don't apply."
Reality: The duration a page is online has no bearing on privacy law obligations. A landing page that is live for one day collects the same types of personal data as a page that runs for a year. GDPR applies from the moment you process personal data, not after a certain time period. Furthermore, your obligations regarding the data you collected continue even after you take the landing page down. You must still honor data subject access requests and deletion requests for the data collected during the campaign.
Myth: "I'll add one when I get more traffic."
Reality: Privacy laws do not have traffic thresholds. GDPR applies if you process personal data of even one EU resident. CalOPPA applies to any commercial website with any California visitors. If your landing page is live and collecting data from a single visitor, you need a privacy policy. Waiting until you have more traffic means you are collecting data without proper disclosure from day one, which is non-compliant from the start and also risks Google Ads disapprovals that delay your campaign launch.
How to Add a Privacy Policy to Your Landing Page (6 Steps)
Follow these steps to create and add a compliant privacy policy to any landing page, regardless of which builder you use.
Audit all data collection on your landing page
List every piece of data your landing page collects. Start with your form fields (name, email, phone, company). Then list every analytics tool (Google Analytics, Hotjar, Microsoft Clarity). Then list every advertising pixel (Meta Pixel, Google Ads conversion, LinkedIn Insight Tag). Finally, check what cookies your landing page builder sets automatically. This complete inventory is the foundation of your privacy policy.
Generate a privacy policy covering your practices
Use a privacy policy generator that allows you to specify each analytics tool, form type, and third-party service. Indicate that you collect data through forms, use specific analytics tools, and employ advertising pixels. The generator will produce a policy that includes all required disclosures for GDPR, CCPA, CalOPPA, and platform-specific requirements. This takes under five minutes and costs a fraction of a lawyer.
Host the policy on an accessible URL
Publish your privacy policy so it is accessible to anyone. Options: create a new page in your landing page builder (e.g., example.com/privacy), add it to your main website (example.com/privacy-policy), or use a privacy policy hosting service. The page must load for all visitors, must not be behind a login, and must be on an HTTPS URL.
Add a footer link on your landing page
Add a "Privacy Policy" link to the footer of your landing page. In Unbounce, use the footer section of the page builder. In Leadpages, add a text element with a hyperlink in the footer area. In Carrd, use a container at the bottom of your page. In ClickFunnels, add an element to the footer row. In Webflow, add a link in your footer component. The link should be small but clearly visible.
Add a consent checkbox for EU visitors
If you serve visitors from the EU or UK, add an unchecked consent checkbox to your lead capture form. The label should read something like "I agree to the Privacy Policy" with "Privacy Policy" linked to your policy page. GDPR requires this checkbox to be unchecked by default. Pre-checked consent boxes are not valid under GDPR. This checkbox also serves as evidence that the user actively consented to your data collection.
Implement a cookie consent banner for EU visitors
If your landing page sets non-essential cookies (analytics, advertising) and serves EU or UK visitors, add a cookie consent banner. The banner should appear before any non-essential cookies are loaded. It must provide accept and reject options. Many tools integrate with landing page builders: CookieYes, Termly, and CookieBot all offer embeddable consent banners that work with Unbounce, Leadpages, and other builders.
Shortcut: A privacy policy generator walks you through steps 1 and 2 automatically. You answer questions about your landing page's data collection, and it generates a complete policy. Then you just need to host it (step 3) and add the links (steps 4-6). The entire process takes under ten minutes. Generate your landing page privacy policy.
Frequently Asked Questions
Does a landing page need a privacy policy?
Yes. If your landing page collects any personal data, including email addresses, names, phone numbers, or even IP addresses through analytics tools, you need a privacy policy. GDPR, CCPA, and CalOPPA all require it. Even a single-page site with one form and Google Analytics is collecting enough personal data to trigger the requirement.
Do I need a privacy policy for a lead generation page?
Yes. Lead generation pages collect personal information by definition. Names, email addresses, and phone numbers are all personal data. Your privacy policy must disclose what data you collect through the form, how you will use it (including email marketing), which third-party services receive the data, and what rights users have regarding their information.
Does Google Ads require a privacy policy on my landing page?
Yes. Google Ads policies require landing pages that collect personal information to have a visible privacy policy link, typically in the footer. Ads pointing to landing pages without adequate privacy disclosures may be disapproved. Repeated violations can result in account suspension. Adding a privacy policy before launching your campaign prevents these issues.
Where should I put a privacy policy on a landing page?
The standard placement is a link in the footer of your landing page. This can open a separate page on the same domain, a popup or modal overlay, or link to your main website's privacy policy. Google Ads specifically looks for footer links during ad review. Most landing page builders (Unbounce, Leadpages, Carrd, ClickFunnels, Webflow) support adding footer links.
Can I link to my main website's privacy policy?
Yes, provided that your main site's privacy policy accurately covers the data collection on your landing page. If your landing page uses different tools or collects different data than your main site, the main policy may not be adequate. The safest approach is to ensure the main policy explicitly covers landing page data collection, or to create a separate policy for the landing page.
Do I need a privacy policy if I only collect emails?
Yes. Email addresses are personal data under GDPR, CCPA, and every other major privacy law. Collecting a single email address triggers the requirement. Your policy must disclose that you collect emails, explain why (marketing, newsletters), identify your email service provider (Mailchimp, ConvertKit, etc.), and explain how users can unsubscribe or request data deletion.
What analytics tools on my landing page require disclosure?
Any analytics or tracking tool that collects user data must be disclosed. This includes Google Analytics (GA4), Meta Pixel, Google Ads conversion tracking, LinkedIn Insight Tag, TikTok Pixel, Hotjar, Microsoft Clarity, and UTM parameter tracking. Each of these tools collects personal data such as IP addresses, device identifiers, and browsing behavior.
Related Resources
Privacy Policy for Email Collection
What you must disclose when building an email list
Privacy Policy for Carrd
How to add a privacy policy to Carrd sites
Privacy Policy for a Blog
Complete guide for bloggers and content publishers
Privacy Policy for Websites
A comprehensive guide for standard website operators
GDPR Privacy Policy Template
Compliant GDPR template with all required disclosures
What Happens Without a Privacy Policy
The real consequences of operating without one
Cookie Policy for Websites
Everything you need to know about cookie disclosures
Can I Copy Someone Else's Privacy Policy?
Why copying is both illegal and non-compliant
Launch Compliant. Convert More.
Do not let a missing privacy policy delay your campaign or get your ads disapproved. Generate a policy tailored to your landing page's specific tools, forms, and integrations in under 60 seconds.
Covers GDPR, CCPA & CalOPPA · Works with any landing page builder · Ready in 60 seconds