How to Write a Privacy Policy for Your Nonprofit

Nonprofit Privacy Policy

Privacy policies are often an afterthought in the nonprofit website world.  That’s probably because they’re rarely viewed by visitors and are all too often stuffed with legal jargon that’s only loosely recognizable as English.

While your privacy policy will likely be one of the least viewed pages on your nonprofit’s website, it’s still vitally important you have a good one for a few reasons.

Benefits of a Privacy Policy

I’m not a lawyer (even though I spend way more time editing legalese than I’d like to).  So don’t consider this legal advice.  But here are a few reasons your privacy policy is worth some forethought:

It shows transparency and builds trust.  If a visitor wants to know the details of your policies they’ll be able to find them easily.  And even some visitors who don’t want to read the policies in their entirety will take comfort in the fact that you’re making them available.

It helps you plan ahead.  Sure, it helps your visitors know what to expect.  But it also helps you think through what information you’ll be collecting and the policies surrounding keeping that data safe.  Planning ahead can help you avoid situations you don’t want to mess with down the road.

It provides basic legal protection.  Hopefully this will be a nonissue for your organization.  But if you ever end up in a dispute involving your website, having a privacy policy will likely be quite helpful.  Again, not a lawyer, but this just makes sense (assuming you’ve actually adhered to the policies you’ve outlined).

Write Your Privacy Policy in Plain English

Drop the legal jargon.  It doesn’t inspire much confidence.

Instead, write your privacy policy in plain, understandable language.  Your privacy policy is a whole lot less valuable if no one can understand it.

After you’ve written it, have a lawyer review it.  Tell them you don’t want to infuse it with jargon.  You just want to make sure you haven’t omitted anything major.

Information to Include in Your Privacy Policy

You’ll need to tailor your privacy policy to your organization and website, but here are some pieces of information to get you started:

  • What information are you collecting from visitors?
  • Can this information be used to identify individuals or is it aggregated and anonymous?
  • How will you use this information?
  • Who will be able to access this information?
  • Will you share this information with any other parties?
  • How will you protect their information?
  • How will you notify visitors of changes to your policies?
  • Who should someone contact with questions about your privacy policy?

Resources for Writing Privacy Policies

Here are a few helpful resources as you write up your privacy policy:

Writing a Privacy Policy – Better Business Bureau
Some guidelines and recommendations directly from the Better Business Bureau.

How to Craft a Privacy Policy for Your Website – Social Media Examiner
A clear, straightforward approach to drafting your privacy policy.

Have anything you’d like to add?  Or a resource you found particularly helpful in drafting a privacy policy?  Perhaps an example of a great or confusing privacy policy?  Let us know in the comments below.

Related Reads

Web Security: 4 Things Your Nonprofit Should Almost Never Do

Using Your Nonprofit’s Website to Build Trust with Visitors

Image courtesy of Sean MacEntee

David Hartstein spends most of his time helping nonprofits tell compelling stories that engage their community and drive action. He used to teach elementary school and often walks around barefoot. You can catch up with David on Twitter at @davharts.

4 Comments on “How to Write a Privacy Policy for Your Nonprofit

  1. 1 Dale Orwig April 17, 2017

    Am interested in this topic for my church in Maryland. I’m not a lawyer, but my understanding is nonprofits are not exempt from having a privacy policy.

    Could you point us to resources oriented to helping non profits develop privacy policies, addressing situations such as:

    BASIC USES:
    We maintain a database on members and visitors, but it is available only within the church building, and the data itself is limited to things like name, address, phone, email, for each person and child when made available to us. The completeness of information is determined by the family. Part of system keeps track of contributions, and access is severely limited to people recording incoming data, and to one person responsible for issuing receipts. It is not available to other staff, and not to members or visitors. We don’t take credit card information. We have paper copies of contributions my check, kept for some limited amount of time. We don’t share data with third parties. We might share contract information with known members or attenders with each other, eg names and addresses for social purposes, or for a particular purpose.

    BASIC QUESTIONS OF RESOURCES
    -How does the prospect of cloud storage for data backup affect what should be in the policy? What content raises the need for a privacy policy. What content does not trigger a requirement for a privacy policy

    1. 2 David Hartstein April 17, 2017

      Hi Dale. Thanks a lot for the comment. Unfortunately I’m not aware of any resources that offer legal advice specifically geared towards nonprofits when it comes to creating a Privacy Policy. We’ve done our best in this post to sum up some things to consider, but given the nuance of every individual organization’s situation we always recommend consulting an attorney if you’re concerned about protecting yourself.

      Typically if you’re going to be collecting any sort of information from visitors, you’ll want to explicitly outline what you’ll collect, how you’ll collect it, how you’ll use it and how you’ll keep it secure. Cloud storage would probably mostly fall into the “how you’ll keep it secure” bucket, but depending on the details, could factor into how you write up other portions as well.

      I’d recommend taking a crack at writing your Privacy Policy yourself in terms that you’d want to read. You can then ask an attorney to read it over and let you know if there’s anything that needs to be adjusted. I’d also suggest checking out the resources we’ve linked to above. Most of the meat in a Privacy Policy will be the same for both for-profits and nonprofit organizations. You’ll just need to adapt them to be tailored to your situation.

      I hope that helps. Thanks again for commenting!

  2. 3 Ryan Stewart October 1, 2017

    I was actually looking for the exact thing. There are only a few posts about nonprofit’s privacy policy. Writing a business plan for a nonprofit can be daunting and you might not even know how to start if you don’t have a guide.

    1. 4 David Hartstein October 3, 2017

      Glad to hear the post was helpful Ryan!

Leave a Comment

Your email address will not be published. Required fields are marked *