Stop me if you’ve heard this before.
Your website project is almost done for a client. The forms work. The SEO settings are configured. Launch day is almost here, and you’re just one or two more “make it pop” requests away from crossing the finish line.
Then, all of a sudden, you finally notice “Website Policies” sitting unbothered on the launch checklist. You know it’s important. You know your client needs a good solution for their own protection. But then your client says:
“Can’t we just use a template?”
Deep down, you know templates don’t work. Maybe you’ve even read Termageddon’s ‘Five Reasons to Avoid Free Privacy Policy Templates’ blog.
But launch day is looming. Everyone is tired. Your client doesn’t want to spend more money. And Privacy Policies aren’t exactly the most exciting topic on earth – even on the best of days. So now you’re sitting there like:
After all, your client is the one who suggested it. And they are the ones responsible for putting the proper policies in place. And you do deserve a break. And youcan quit whenever you want. And you probably won’t get caught.
Then… BOOM!
Next thing you know you’re getting a call from an angry client asking why they’re getting sued over a website you built. You get bad reviews. Your business fails. Your family leaves you. You lose the house. And now you’re fistfighting Hubcap Willy over who gets the stolen Walmart shopping cart.
Ok, you probably haven’t made it to Hubcap Willy yet, but templates are a slippery slope. Ask me how I know.
Why templates are so appealing at first glance
Hello, I’m Trevor, and I’m a recovering templatic. I used to work for a full-service advertising agency that built websites. Our websites sometimes used ‘free’ templates. Even my boss – Hans, co-founder of Termageddon – was once a templatic. He ran a good-sized agency for several years that dabbled in copying and pasting templates. That means in an alternative universe, you may have to fight Hubcap Hans for that shopping cart… which does roll off the tongue better.
The point is, agencies and designers aren’t necessarily bums or bad people for wanting a simpler solution. It’s a pretty reasonable desire when you factor in the fact that agencies are always juggling deadlines, revisions, client expectations, scope creep, broken forms, and at least one client email marked “URGENT” that absolutely was not urgent.
Templates can feel like the best option to take the edge off because at first they seem:
- Fast
- Free
- Easy
- “Official enough”
A quick search for “Free Privacy Policy Template” results in thousands of options to choose from. How bad can they be if so many people are using and abusing them?
The reality is that templates are not your friend. They’re essentially placebo policies that may make you think they’re working, but as far as privacy laws are concerned, they might as well be Lorem Ipsum text. Before I explain why, let’s first define what a template is.
What exactly is a Privacy Policy template?
Privacy Policy templates are pre-written documents designed to be as generic and broad as possible. They allow users (typically business owners with a website) to fill in blank areas with details about their business, information they collect and share, privacy practices, and possibly more.
Think Mad Libs but without the joy.
There are a few different ‘types’ of templates, including:
- Generic templates – extremely broad and generic
- Sample templates – pull from a ‘real’ Privacy Policy
- Law-based template – focuses on disclosures for one law (like GDPR or CPRA)
- App-specific templates – focus on apps instead of websites
No matter which template you go with, they all share the same pros and cons.
Pro (singular) & Cons of a Privacy Policy template
Pro #1: Easy to use
Privacy Policy templates are relatively easy to use and… that’s it. We’ve made it through the Pros.
Con #1: Far too generic
The biggest issue with templates is that they all assume websites are basically the same.
They are not.
A landscaping company in Texas will have a very different website than an eCommerce vegan candle shop in California. Templates aren’t capable of addressing the specific needs of unique businesses and their privacy practices.
Also, because templates are so generic, they often include information that is completely false for your business. For example, a template may say thatt you are selling personal information or that you’re sharing that information with dozens of third parties, which may not be accurate for your business. This could even put website visitors off from ever giving you their personal information.
Con #2: Far too narrow
Some templates label themselves as “GDPR Compliant” or “CPRA Compliant.” A template may be GDPR compliant. However, just because you are compliant with GDPR, that does not mean that you are automatically covered for other laws, as other laws require disclosures that GDPR does not.
For example:
- CalOPPA requires you to disclose how your website responds to Do Not Track signals, GDPR does not; or
- Nevada Revised Statutes Chapter 603A requires you to disclose whether you sell personal information, whereas GDPR does not require this disclosure.
Con #3: Not based on privacy laws that apply to you
Templates don’t help you identify what privacy laws apply to your website, thus defeating the primary purpose of a Privacy Policy to begin with. The reason Privacy Policy generators work is because they can ask you specific questions about your business and privacy practices, find out which privacy laws apply, and only then generate the disclosures needed to satisfy those privacy laws.
Any “solution” that doesn’t ask specific questions (and follow-up questions based on those answers) is likely making assumptions or taking a generic route that leads to improper policies.
Con #4: Temporary
Even if the stars align and a generic template just so happens to produce all the disclosures your particular website needs, it still won’t be able to update your policies as laws change. A Privacy Policy is not a static document. It should regularly change if:
- Existing laws change
- New laws go into effect
- Business practices change
- Privacy practices change
Don’t believe me? This Global Privacy Bill Tracker keeps track of all the bills currently in the works.
Con #5: The dreaded *insert ___ here
We’ve all seen it. A Privacy Policy that starts with “Privacy Policy last updated enter today’s date.”
Since templates are pre-written and require manual edits, it’s very common for website owners to miss a section or placeholder. Nothing says “trustworthy document” quite like “insert company name here.”
Con #6: Mysterious author
Templates are usually very vague about who actually wrote them. And when you’re placing a document on your website, you probably want to know whether it was written by a qualified privacy professional, a random marketer, or a sleep-deprived intern armed with Ctrl+C and Ctrl+V (that’s green chat bubble for Cmd+C / Cmd+V).
Why templates can come back to bite web agencies
At the end of the day, it’s easier to find an unused needle in a heroin house than a template that complies with modern privacy laws. Plus, privacy-savvy website users are here to stay.
Using templates is like a Russian Roulette game with a comically oversized 600,000-shot revolver. It may take a while for that bullet to come around, but the threat is always looming for agencies choosing convenience over proper compliance solutions.
Two things can be true at once:
1) Clients are responsible for getting proper policies on their website; and
2) Clients expect agencies to let them know this and point them in the right direction.
Therefore, the primary repercussion for an agency owner using a template is the loss of trust. Your client will either get fined over a website they trusted you to build for them, or they’ll easily spot a lazy plug-and-play policy and wonder what else you may be cutting corners on.
While the bullet in our hypothetical game of Russian Roulette may not be a lawsuit directed at your agency (unless you guarantee compliance in a client contract… don’t do that), it could very well be an uncomfortable conversation, refund request, bad review, ruined relationship, or irreversible damage to your agency’s reputation.
So, next time a launch date is looming, and you forgot about the policies, and you start to crave the quick fix of a template, just remember D.A.R.E.: Drop – Assess – Recommend – Educate.
Drop – Drop what you’re doing and send your client an email (or Termageddon’s free website policies waiver) that lets them know the importance of policies, that it’s their responsibility, and gives them a chance to acknowledge they received this information. Having a paper trail will save your bacon if they ignore your advice and get sued.
Assess – Do they seem interested? Completely checked out? Could they benefit from hiring an actual attorney to monitor their site? Figuring out where they stand will help in the next stage.
Recommend – The majority of small business owners will benefit from an affordable Privacy Policy Generator like Termageddon. If a client could benefit from legal advice (which this blog is not, btw), then having an attorney draft and update their policies is the best option.
Educate – You may not have passed the Bar exam, but your clients don’t care. They’re paying you to be a website expert. Website policies are part of a website. So, Bingo Bango, your clients now expect you to be an expert in website policies. Having a basic knowledge of topics such as:
- Common Privacy Misconceptions
- Does a website need a Privacy Policy?
- What laws require websites to have a Privacy Policy?
Can go a long way toward establishing your agency as trustworthy and may even help turn privacy into a competitive advantage for your business.
Final Thoughts
Look, nobody uses templates because they want to harm clients. Agencies use them because they’re busy, clients want affordable options, and website policies often become an afterthought during projects.
That’s understandable. But understandable does not always mean safe.
Privacy Policies exist for a reason. They are supposed to disclose how a business handles personal information and help satisfy the requirements of applicable privacy laws. When those policies are incomplete, outdated, generic, or flat-out inaccurate, they can create unnecessary risk for businesses and damage a crucial part of an agency’s wellbeing and growth: trust.
So if you’re still relying on copy-and-paste templates, consider this your gentle intervention from one recovering templatic to another. 🛒
Trevor Willingham
Trevor is the marketing coordinator at Termageddon. Ever since he was a wee lad, Trevor dreamed of promoting Privacy Policies and now he's doing just that. In other words, he started from the bottom and now he's in website footers.
