Portfolio Site Guide

Privacy Policy for a Portfolio Website

Even a simple portfolio site collects visitor data through analytics, contact forms, and embedded fonts. Privacy laws apply the moment any of that touches a user. Here is what your portfolio policy must say.

Last updated · Reviewed for compliance

AK
Written by Anupam Kumar
Updated
7 min read
Reviewed for compliance

Designer and freelancer rules

Yes, portfolio websites need a privacy policy if they use any analytics, contact form, embedded fonts, comments, or cookies, which is true for almost every modern portfolio site. Under GDPR, CCPA, and CalOPPA, the legal trigger is data collection, not commercial activity. Personal portfolios, freelancer sites, and creative case study pages all qualify the moment they include Google Analytics, a contact form, or even Google Fonts loaded from Google's CDN.

What a Typical Portfolio Site Actually Collects

Most portfolio sites use Google Analytics or a similar tool. Analytics collects IP addresses, page views, referrers, browser metadata, and a unique visitor identifier. All of this is personal data under GDPR.

Most portfolios have a contact form. The form collects at least a name and an email address, often a message body. If the form is hosted by Formspree, Typeform, Tally, or similar, that vendor is a data processor and must be named in the policy.

Many portfolios use embedded Google Fonts loaded from Google's CDN. A 2022 German court ruling treated this as a data transfer and required disclosure. Self hosting fonts avoids the issue, but if you embed from the CDN, your policy must mention it.

What Must Be in Your Portfolio Privacy Policy

Identify yourself by name and provide a contact email. If you operate as a freelancer or sole trader, you can use your personal name; if you have a registered business, use the business name. Either way, the user must be able to reach you about privacy questions.

List every category of data you collect, every tool that processes it, and the purpose for each. Use plain language. Avoid legal jargon that obscures what you actually do.

Describe how a visitor can request access, correction, or deletion of their data. Give a real email address that you check. A contact form is acceptable as long as it actually reaches you.

Add a last updated date and a short statement about how you will notify visitors of material changes. For most portfolios this just means updating the date when you change the policy.

Common Portfolio Privacy Policy Mistakes

Copying a generic template that mentions services or products you do not offer. Reviewers and savvy users notice immediately and it undermines trust.

Forgetting Google Analytics. The single most common omission. If you have GA on your site, name it in the policy. Same for Plausible, Fathom, or any other analytics vendor.

Forgetting Google Fonts loaded from the CDN. Easy to overlook. Self hosting fonts is the cleanest fix; otherwise list the CDN as a third party.

Skipping the contact form processor. If you use Formspree, Tally, or Typeform, name the vendor and link to their privacy policy.

Where to Display the Policy on a Portfolio Site

Add a Privacy link to your site footer so it appears on every page. This is the standard pattern users expect and the easiest way to make the policy discoverable.

Link the contact form to the policy with a small note saying that submitted information is handled in accordance with the privacy policy. This is sometimes legally required and is always good practice.

If your site uses cookies for analytics, add a small consent banner that links to the policy. For EU visitors, this is required by the ePrivacy Directive.

Frequently Asked Questions

Do I need a privacy policy for a portfolio site that has no contact form?

If you use any analytics, embedded fonts from a CDN, or any third party widget, yes. Pure static sites with no analytics, no fonts CDN, and no third party assets are the only portfolios that can skip a policy, and almost no real portfolio is that bare.

Can I just use the privacy policy from another designer's site?

No. It will reference services that designer uses, not yours. It is also a copyright infringement and a compliance failure. Use a generator or write your own based on what your site actually does.

What if my portfolio site is not for business and is just a hobby?

Privacy laws apply to data collection regardless of commercial intent. A hobby site that uses Google Analytics is collecting personal data and needs a privacy policy under GDPR and CCPA.

How long does a portfolio privacy policy need to be?

A clear policy for a typical portfolio is one to two pages. Cover the basics: who you are, what you collect, who processes it, how to contact you, and the user's rights. Length is not the goal; accuracy and clarity are.

Generate a portfolio privacy policy in 60 seconds

Covers analytics, contact form, fonts CDN, GDPR, and CCPA. Free preview, $4.99 to download.

Related Resources

Privacy Policy for Personal Website

Sister guide for personal sites.

Privacy Policy for Websites

General website privacy policy guide.

Do I Need a Privacy Policy for a Free Website?

When the requirement applies even without commerce.

Cookie Policy for Websites

EU cookie consent requirements explained.