1. Simple English. Don’t try to “impress” lawyers with your legalese. Try to impress your customers (for many of whom English is not their first language) with how easy you can explain what will you do with their private information.
2. Explain what are you going to do with their private information:
a. What exactly do you collect? (email, name, phone, payment information, etc.)
b. How will you collect that info? (when they register on your site, place an order, email you, cookies, etc.)
c. What do you need that info for? (“To provide the services you requested; to improve our website; to process transactions”).
e. How do you protect that info? (SSL, password-protected admin-only access, etc.)
3. A message about how third-party advertisers show ads on your site.
4. Protect yourself against possible security breaches. “Security. While we do our best to keep all information completely confidential, the transmission of data over the Internet is not always completely secure. Therefore, we cannot guarantee the security of any personal information transmitted to us or from us.”
5. COPPA, children’s privacy. If your site is not directed at children under 13, state so and mention that you do not collect any personal information from children under 13.
6. Give users an option to out of your newsletters and promotional communications. Mention that there will be unsubscribe link included in those types of messages.
7. Give users an opportunity to correct, erase or review their personal information that you’ve collected. Post your email address for those purposes.
9. Special Provisions for Foreign Users. “You consent to having your personal data transferred to and processed in [SITE OWNER’S COUNTRY].”
Most regular e-commerce startups shall be adequately covered if they address the above issues in their Privacy Policies.