Why every website needs a privacy policy
If your site uses Google Analytics, runs ads, accepts a contact form, or sets a newsletter cookie, you are processing personal data and three laws apply: GDPR (any visitor in the EU), CCPA (California residents), and LGPD (Brazilian visitors). Each requires a published privacy policy that names the data you collect and the services you share it with. Even a static blog with a Google Font import triggers GDPR notification duties.
Trackers covered out of the box
- Google Analytics 4 and Google Tag Manager
- Google AdSense and Ad Manager
- Facebook (Meta) Pixel and Conversion API
- Hotjar, Microsoft Clarity, and Mixpanel
- Mailchimp, ConvertKit, and Beehiiv newsletter cookies
- Stripe and PayPal checkout tracking
- YouTube and Vimeo embedded player cookies
- Cloudflare Bot Management and Turnstile
How to add it to your site
After generating, link your-site.freeprivacypolicy.app/privacy-policy from your footer, your cookie banner ("Read our privacy policy"), and any signup form. If you self-host, you can also copy the markdown export and serve it under your own domain — but the hosted version is automatically updated when you edit it, so most users keep the public URL.