8 Good Practices for Privacy Policy in your SaaS
I would say that Privacy Policy is the second most important legal document that should appear on your SaaS website. That’s why you’d better take care of it and try to prepare the best possible document.
I highly recommend having a look at my 8 Top Good Practices for SaaS Privacy Policy and implementing them in your business.
What do you collect?
You should inform your users what kind of information you collect from them. What kind of information they need to provide you with (e.g. to see your website or to use your service) and what kind of information you are going to store on their computer (cookies).
In most cases that information includes:
- user’s IP address
- name
- physical address
- email address
- credit card information
However you could also collect something more. For instance:
- physical address
- tax id number
- phone number
- gender
- demographic information
- etc
List all the personal information you collect in your Privacy Policy document.
Why do you collect that information?
Inform your users why you need to collect that information and why you need to store anything on their computers. Even if the answers are obvious (for you), they could be not so obvious for your users.
The main reasons why SaaS may collect that information are as follow:
- to use the product (e.g. to sign in)
- to promote the use of services
- to measure the use of the website and improve the content
- to bill and collect money
- to investigate, prevent, or take action regarding illegal activities or suspected fraud
- to send any email messages (e.g. system alerts or new bargains), including providing customer support
- to enforce compliance with SaaS ToS or applicable law as well as to meet legal requirements
Inform your users that you wont do anything suspicious with their personal information (list all of the possibilities of using and disclosing their personal information).
Public Information
Some of the information your users provide may be public.
You can have a blog under your domain. You can have some social media widgets (e.g. Facebook Like button or Twitter Share button). And your users may be able to comment under your blog posts or like/share them in social media. They need to be informed that all the information they include in a comment or tweet may be read or used by anyone.
Third Parties
Most of the SaaS business use features or widgets which are hosted by a third party. That could be anything, e.g. social media widgets or google analytics.
What’s important – these features may collect information about your users (e.g. their IP address or which pages they visited on your website). That’s why you have to inform your users about such a possibility.
Safeguarding users’ information
All the personal information should be protected. Of course nobody’s safe from hackers. However you should try to convince your users that you care about the safety of their data.
It’s a really good idea to inform your users about the technologies you use (e.g. SSL/TLS, password encryption, database backups encryption) to protect their data, as well as about all the certificates that you or your partners (e.g. payment service provider) have. For instance about PCI compliance or TRUSTe certification program.
Compliance
All countries have some kind of regulations that have to be met in case of storing personal information. That could be Safe Harbor Framework, that could be anything else (e.g. some kind of regulations from a local regulator). It’s extremely important to inform your users that your SaaS complies with these regulations and e.g. you have some certificate to prove that.
Deleted data
It’s a really good practice to delete users’ personal information once they cancel their account in your SaaS. Inform your users that you are going to delete their data after e.g. a month or two.
Changes to the Privacy Policy
Users don’t like to be surprised with respect to changes in the Privacy Policy. Inform them what you’re going to do if – one day – you want to change your Privacy Policy. Are you going to inform your users? Are you going to post a new document on your website and send a link to them? When? What if your users have some objections to your changes?
That’s all. Good luck with your Privacy Policy and take care.
PS. I think you should also read about Terms of Service in your SaaS business.
That’s the next post of Build a great global SaaS business series – the brand new blog post series on Across the Board. Want to know more? We will publish much much more in the near future. Subscribe to our newsletter or hashtag #GlobalSaaS on Twitter and be first to know.
Have some additional questions? Or maybe an idea for a next blog post about SaaS businesses? Don’t hesitate to tell us about that. On Twitter (remember about #GlobalSaaS in your tweet) or in comments below.
[1]
