Build a privacy policy in Markdown for Generic / GDPR (EU) / CCPA (California) / Vietnam Decree 13 from a short form.
Jurisdiction
Tick every category that applies — the generator will tailor each section accordingly.
This generator produces a template based on common practices. It is not legal advice. Have a lawyer review before publishing for jurisdictions with strict enforcement (GDPR, CCPA, Vietnam Decree 13).
# Privacy Policy — Example
*Effective: 2026-06-15*
Example LLC ("we", "us") operates the website at https://example.com. This policy describes what information we collect, how we use it, and the rights you have over your data.
## 1. Information we collect
- Information you submit through contact forms (name, email, message).
- Cookies and similar technologies (session ID, preferences).
- Analytics data (page views, referrer, device type, approximate location from IP).
## 2. How we use your information
We process your data to:
- Provide and maintain the service.
- Respond to enquiries you send us.
- Improve our content and user experience.
- Comply with legal obligations.
We do not sell your personal data to third parties.
## 3. Cookies and similar technologies
We use strictly necessary cookies for the site to function (e.g. session, language preference).
Analytics cookies help us understand how visitors use the site. You can decline these via the consent banner.
## 4. Sharing with third parties
We use the following sub-processors:
- Analytics provider (e.g. Google Analytics, Plausible)
## 5. Data retention
We retain personal data for: 12 months after your last interaction with us. After this period, data is deleted or anonymized.
## 6. Security
We apply appropriate technical and organizational measures to protect personal data from unauthorized access, loss, or alteration (HTTPS, hashed passwords, access control).
## 7. Your rights
You may contact us at privacy@example.com to:
- Request a copy of the personal information we hold about you.
- Request correction of inaccurate information.
- Request deletion of your personal information.
- Opt out of marketing communications (where applicable).
We aim to respond to all requests within 30 days.
## 8. Children
Our service is not directed to children under 13. If you believe we have collected information from a child under 13, please contact us so we can delete it.
## 9. Changes
We may update this policy from time to time. The current version is always posted at this URL with the effective date at the top.
## 10. Contact
Example LLC
123 Privacy Lane, City
Email: privacy@example.com
---
*Generated from the ToolCraft Privacy Policy template (generic jurisdiction). Consult legal counsel before publication.*Pick from 8 popular open-source licenses (MIT, Apache 2.0, GPL-3, BSD, MPL 2.0, ISC, Unlicense). See permissions / conditions / limitations side-by-side, then download a ready-to-commit LICENSE file.
Build a self-contained HTML+CSS+JS cookie consent banner — no framework, no CDN. Exposes window.cookieConsent API.
Prepend a license header to source code in JS/TS/Python/Go/Rust/Java/C/CSS/HTML — SPDX, short, or full text.
Every website that collects any personal data — from a contact-form email to analytics IPs — needs a privacy policy. The legal text differs significantly by jurisdiction: GDPR (EU/EEA) requires you to disclose the legal basis for each processing purpose under Article 13(1)(c) and lay out 8 specific data subject rights (Articles 15–22), CCPA/CPRA in California requires the "Right to Know / Delete / Opt-Out of Sale" language plus 12-month lookback summaries, and Vietnam's Decree 13/2023/NĐ-CP enumerates 11 data subject rights in Vietnamese with 72-hour response obligations. The Privacy Policy Generator turns a short form — site name, contact info, what categories of data you actually collect — into a Markdown document tailored to whichever of those four jurisdictions you pick. It produces a working baseline you can paste into your CMS in 30 seconds, with the right section headings, the right rights enumeration, the right cookie disclosure depth, and the right child-data threshold (16 EU, 13 US, 13 VN). It does NOT replace legal review for high-risk processing, but it gets you from a blank page to a working draft an order of magnitude faster than starting from scratch.
Generic: simple data inventory, generic rights paragraph (access/correct/delete), no legal-basis disclosure. GDPR: adds Article 6 legal bases per data purpose, lists all 8 GDPR rights with article numbers, adds international-transfer SCC disclosure, 16-year child consent threshold. CCPA: replaces rights section with the California "Right to Know / Right to Delete / Right to Correct / Right to Opt-Out of Sale / Limit Sensitive Info / Non-Discrimination", 12-month lookback wording, 45-day response window, 13-year child threshold. Vietnam: switches the entire document to Vietnamese, uses Nghị định 13 article numbers, lists all 11 rights from Điều 14, 72-hour response obligation.