Privacy Policy Generator
Generate a GDPR and CCPA-aware privacy policy for your website or app — covering data collection, usage, sharing, cookies, user rights, and contact information. Structured by regulation requirement so nothing is missed.
Pro tip
Do not write a privacy policy from a template without understanding what data you actually collect. First audit your data flows (analytics, forms, payments, cookies, third-party tools), then generate the policy to match reality. A privacy policy that does not match your actual practices is worse than no policy.
How to use this prompt
- Pick your AI model. Choose the tab for Claude, ChatGPT, Gemini or Copilot — each variant is tuned for that model.
- Copy the full prompt. Click Copy Full Prompt to copy the text to your clipboard.
- Paste into your AI tool. Open your chosen model and paste the prompt into a new chat.
- Replace the
[placeholders]. Swap any bracketed fields for your company name, audience, product or tone. - Run and refine. Review the output. If anything is off, ask the AI to tighten tone, length or format.
Prompt Variants by Model
Claude
Claude 4.7
FRESH APR 2026
You are a privacy compliance specialist. Generate a privacy policy by first analyzing the business's data practices, then writing the policy to match.
<business_details>
Business: [NAME] — [WHAT YOU...You are a privacy compliance specialist. Generate a privacy policy by first analyzing the business's data practices, then writing the policy to match.
<business_details>
Business: [NAME] — [WHAT YOU DO]
Website/app: [URL]
Location: [COUNTRY/STATE — determines which laws apply]
Users located in: [WHERE YOUR USERS ARE — US only, EU, global, etc.]
</business_details>
<data_audit>
Step through each category and list what applies:
Analytics tools: [e.g., Google Analytics, Plausible, Mixpanel, Cloudflare Analytics]
Forms that collect data: [e.g., contact form, email signup, checkout, account creation]
Payment processing: [e.g., Stripe, PayPal, Square — or "none"]
Email marketing: [e.g., Mailchimp, ConvertKit, Resend — or "none"]
Cookies used: [e.g., session cookies, analytics cookies, ad cookies — or "no cookies"]
Third-party tools with data access: [e.g., Intercom, HubSpot, Zapier integrations]
User accounts: [YES/NO — if yes, what data is stored]
Data shared with third parties: [LIST ANY — or "none beyond tools listed above"]
</data_audit>
Now generate a privacy policy:
**Step 1:** Based on the location and user base, determine which regulations apply (GDPR, CCPA, PIPEDA, etc.) and note specific requirements for each.
**Step 2:** Write the policy with these sections:
1. What information we collect (map directly to data audit above)
2. How we collect it (forms, cookies, automatic collection)
3. Why we collect it (purpose for each data type)
4. How we use it (specific uses, not vague "improve our services")
5. Who we share it with (name each third party and why)
6. Cookies and tracking (specific cookies, opt-out instructions)
7. Data retention (how long each data type is kept)
8. Your rights (specific to applicable regulations — GDPR: access, deletion, portability, objection; CCPA: know, delete, opt-out of sale)
9. Children's privacy (COPPA compliance statement)
10. Security measures (how data is protected)
11. Changes to this policy (notification process)
12. Contact information
End with: effective date, last updated date, and AI disclaimer recommending legal review.
Write in plain English. Use headers that a normal person would understand, not legal section numbers.
Notes: The chain-of-thought data audit step prevents generic policies that do not match actual practices. Claude handles regulatory cross-referencing well.
ChatGPT
GPT-5
FRESH APR 2026
Act as a privacy compliance specialist. Generate a privacy policy that matches my actual data practices.
**Business:**
- Name: [NAME] — [WHAT WE DO]
- Website: [URL]
-...Act as a privacy compliance specialist. Generate a privacy policy that matches my actual data practices.
**Business:**
- Name: [NAME] — [WHAT WE DO]
- Website: [URL]
- Location: [COUNTRY/STATE]
- Users located: [WHERE]
**Data Audit (list what applies):**
- Analytics: [TOOLS]
- Forms: [WHAT DATA THEY COLLECT]
- Payments: [PROCESSOR OR "none"]
- Email marketing: [TOOL OR "none"]
- Cookies: [TYPES OR "none"]
- Third-party tools: [LIST]
- User accounts: [YES/NO, what data]
- Data sharing: [LIST OR "none"]
**Think step by step:**
1. Determine which regulations apply based on location and user base
2. Write the policy covering: what we collect, how, why, how we use it, who we share with, cookies, retention, user rights (GDPR + CCPA specific), children, security, changes, contact info
Plain English. End with effective date and AI disclaimer.
Notes: Use Code Interpreter to generate a data flow diagram from the audit. Custom GPT with your tech stack pre-loaded for consistent policy updates.
Gemini
Gemini 3 Pro
FRESH APR 2026
I need a privacy policy for my website that actually matches what I do with data.
**My business:**
- Name: [NAME] — [WHAT WE DO]
- Website: [URL]
-...I need a privacy policy for my website that actually matches what I do with data.
**My business:**
- Name: [NAME] — [WHAT WE DO]
- Website: [URL]
- Located in: [COUNTRY/STATE]
- Users are in: [WHERE]
**What I actually use:**
- Analytics: [TOOLS]
- Forms that collect data: [LIST]
- Payment processing: [TOOL OR none]
- Email marketing: [TOOL OR none]
- Cookies: [TYPES OR none]
- Third-party tools: [LIST]
- User accounts: [YES/NO]
- Data shared externally: [LIST OR none]
Think step by step: first determine which laws apply (GDPR, CCPA, etc.), then write the policy covering what I collect, how, why, who I share with, cookies, retention, user rights specific to each regulation, children, security, changes, and contact info.
Plain English. End with AI disclaimer.
Notes: Gemini can research current privacy regulation requirements in real-time to ensure the policy reflects the latest legal standards.
Copilot
Copilot (Microsoft 365)
FRESH APR 2026
Help me write a privacy policy for my website that matches what I actually do with customer data.
**My business:**
- Name: [NAME] — [WHAT WE DO]
- Website: [URL]
- I am based in: [COUNTRY/STATE]
-...Help me write a privacy policy for my website that matches what I actually do with customer data.
**My business:**
- Name: [NAME] — [WHAT WE DO]
- Website: [URL]
- I am based in: [COUNTRY/STATE]
- My customers are in: [WHERE]
**What I use that touches customer data:**
- Analytics (like Google Analytics): [LIST]
- Forms (contact, signup, checkout): [LIST]
- Payment processor: [e.g., Stripe, PayPal, or "none"]
- Email tool: [e.g., Mailchimp, or "none"]
- Cookies: [WHAT KIND, or "I do not use cookies"]
- Other tools: [LIST ANYTHING ELSE]
- User accounts: [DO PEOPLE CREATE ACCOUNTS? WHAT DO YOU STORE?]
- Do I share data with anyone: [YES — who, or NO]
**Write a privacy policy that covers:**
What I collect, how I collect it, why, what I do with it, who I share it with, cookies, how long I keep data, what rights my users have (especially if they are in Europe or California), children, security, how I will notify about changes, and how to contact me.
Use plain language. End with today's date and a note that this was AI-generated and should be reviewed by a lawyer.
Notes: Copilot in Word can format this as a professional policy document ready to publish.
Frequently Asked Questions
What does the Privacy Policy Generator prompt do?
Generate a GDPR and CCPA-aware privacy policy for your website or app — covering data collection, usage, sharing, cookies, user rights, and contact information. Structured by regulation requirement so nothing is missed.
Which AI models is this prompt tested on?
This prompt is field-tested on Claude, ChatGPT, Gemini and Copilot. Each model has its own optimized variant above.
Do I need a paid AI account to use this prompt?
No. This prompt is written to run on the free tier of Claude, ChatGPT, Gemini and Copilot. Paid tiers simply give you longer context windows and faster responses.
Can I customize this prompt for my business?
Yes. Any text inside square brackets is a placeholder you replace with your own business details, such as company name, audience, product or tone. You can also ask the AI to adjust format, length or style after the first output.
When was this prompt last verified?
Each model variant above shows its own freshness stamp. AlignAI re-verifies every prompt at least monthly and rebuilds when a major model changes.
Don’t see what you need? tailored to your use case.