While privacy policies will vary depending on the business, they generally include the following:
- How the business and/or other entities like advertisers collect information about the user.
- Why said parties collect the information–what the information is used for.
- Who the information in shared with.
- When does the policy apply and when does it not (e.g. when the user clicks on a link that leads to another site or uses a third-party payment system like Paypal).
- Security: what steps the business takes to keep the information safe and private.
- Access: how the user can view and, if desired, delete the information.
- Contact: how to contact the business about the policy.
- Changes: what happens if the business wants to change the policy.
- Opting Out: for mailing lists, the CAN-SPAM Act of 2003 requires an opt-out feature.