How to Add a Privacy Policy to Your Website [2026]

Written by Anupam Kumar

·Last updated: April 2026·

8 min read

Reviewed for compliance

Where to Host Your Privacy Policy

Your privacy policy should live on a dedicated page on your own website -- not buried in a PDF, not hosted on a third-party site, and not hidden inside a pop-up. The standard is a standalone page at a URL like /privacy-policy or /privacy. This is the approach recommended by GDPR regulators and required by most app stores and ad networks.

Key point: Never host your privacy policy as a downloadable PDF only. Google, Apple, and GDPR regulators all require the policy to be accessible via a direct URL without requiring a download or login.

Dedicated page: Create a standalone page at /privacy-policy or /privacy. This is the universally accepted standard across all platforms and regulators.

Indexable by search engines: Do not block your privacy policy page with noindex or robots.txt. Google Ads and many ad networks verify it by crawling the URL.

No login required: Your policy must be publicly accessible. Putting it behind authentication violates GDPR transparency requirements and most platform policies.

Mobile-friendly: CalOPPA and GDPR both require the policy to be readable on the device it is accessed from. Ensure responsive formatting.

Platform-Specific Instructions

How to add a privacy policy page on the most popular website platforms.

WordPress

Go to Settings > Privacy and select or create your privacy policy page
WordPress auto-generates a starter template -- replace it with your actual policy
Add the page to your footer menu via Appearance > Menus
The designated privacy page gets a special link in the login and registration forms

Shopify

Go to Settings > Legal and paste your policy into the Privacy Policy section
Shopify automatically creates a /policies/privacy-policy page
Add the link to your footer navigation under Online Store > Navigation
The checkout page automatically shows a link to your policy when configured

Wix

Add a new page via the Pages panel and name it "Privacy Policy"
Use a text element to paste your full privacy policy content
Hide the page from the main navigation menu if you prefer footer-only placement
Add a link in the footer by editing the footer section in the Wix Editor

Squarespace

Create a new page under Pages > Not Linked section to keep it out of main nav
Add a Text Block with your privacy policy content
Link it in the footer via the Footer section editor or a Navigation Block
Set the URL slug to /privacy-policy for clean linking

Where to Link Your Privacy Policy

Having a privacy policy page is not enough -- you need to link to it from every location where you collect personal data. Most privacy laws require the link to be "conspicuous" and accessible before data collection occurs.

Website Footer (Required)

Every page on your site should have a privacy policy link in the footer. This is the single most important placement and is specifically required by CalOPPA and expected by GDPR.

Signup and Registration Forms

Any form that collects email addresses, names, or other personal data should include a link to your policy near the submit button, ideally with a consent checkbox for GDPR.

Checkout and Payment Pages

E-commerce checkouts collect names, addresses, and payment details. Link your policy before the customer completes their purchase.

Cookie Consent Banners

Your cookie banner should link to both your privacy policy and cookie policy. Under GDPR, users need to understand data collection before giving consent.

Contact and Support Forms

Even simple contact forms collect personal data. Add a privacy policy link near these forms, especially if you store submissions in a CRM or helpdesk tool.

Legal Placement Requirements

Different laws have specific requirements for how your privacy policy link must be presented. Here is what each major regulation expects.

Law	Placement Requirement	Key Detail
GDPR (EU)	Visible link before data collection	Must be accessible before consent is given -- link in cookie banners, forms, and footer
CalOPPA (California)	Conspicuous link on homepage	Must use the word 'Privacy' in the link text and be visually distinct from surrounding text
CCPA/CPRA	'Do Not Sell' link + privacy policy	Requires a separate 'Do Not Sell My Personal Information' link in addition to privacy policy
Google Ads	Accessible URL in ad account	Policy must be on a crawlable page -- no PDFs, login walls, or redirects
Apple App Store	App listing + in-app settings	Privacy policy URL required before app review -- must also be accessible within the app

Important: CalOPPA specifically requires the link text to include the word "Privacy." Using labels like "Legal" or "Terms" alone does not satisfy this requirement. Use "Privacy Policy" as your link text to be safe.

What Your Privacy Policy Should Contain

Before you add the page, make sure your privacy policy actually covers the required topics. A blank or generic policy is worse than none -- it creates a false sense of compliance.

What data you collect: List every type of personal data -- names, emails, IP addresses, cookies, payment information, device data, and any analytics you run.

How you use the data: Explain each purpose: account creation, order fulfillment, marketing emails, analytics, fraud prevention, and personalization.

Who you share data with: Name categories of third parties: payment processors, analytics providers, email services, hosting companies, and advertising networks.

How long you keep it: Specify retention periods or the criteria used to determine them. GDPR requires you to not keep data longer than necessary.

User rights: Describe how users can access, correct, delete, or export their data. Include a contact email and expected response time.

Contact information: Provide a way for users to reach you about privacy concerns -- an email address at minimum, a physical address if required by your jurisdiction.

Common Mistakes to Avoid

Mistake	Why It Matters	Fix
Copying another site's policy	It won't reflect your actual data practices	Generate a policy specific to your site's tools and data flows
Hosting as PDF only	Not crawlable, not mobile-friendly, blocks ad approvals	Create a dedicated HTML page on your domain
No footer link	Violates CalOPPA and makes the policy effectively invisible	Add a 'Privacy Policy' link to every page footer
Outdated policy	Listing tools you no longer use or missing new ones	Review and update at least every 6 months
No cookie consent mechanism	GDPR requires consent before non-essential cookies	Add a cookie banner that links to your privacy policy

Generate Your Website Privacy Policy

Create a customized privacy policy ready to add to your website. Covers your specific platforms, tools, and compliance needs.

Free previewOne-time paymentPlatform-specific disclosures

Structured around widely accepted GDPR and CCPA requirements. Not legal advice.

Related Resources

Privacy Policy for Websites

General website compliance guide

Privacy Policy for Shopify

E-commerce store compliance

Privacy Policy for WordPress

WordPress-specific guide

GDPR Privacy Policy Template

EU compliance requirements

CCPA Privacy Policy Example

California compliance requirements

Cookie Policy for Websites

Cookie compliance requirements

Privacy Policy for Mobile Apps

App store compliance guide

Policy Generator

Create your compliant privacy policy