Privacy Policies

The need for a cookie banner is determined by whether your website uses tracking technologies (like cookies or pixels) that collect personal data. The most effective way to eliminate the need for a banner is to minimise data collection and use privacy-compliant alternatives.

1. Eliminate All Non-Essential Tracking Technologies

The fundamental step is ensuring your site has no system that collects non-essential personal data or sets tracking cookies. This requires auditing and removing or avoiding:

• Marketing Pixels: Any marketing or retargeting scripts, such as pixels from Facebook, LinkedIn, or other advertising platforms.
• External Fonts and CAPTCHAs: Avoid services (like Google Fonts or non-privacy-first CAPTCHA tools) that may set cookies or transmit data like IP addresses.
• Logins and Sessions: Any non-essential function that requires storing a unique identifier on the user’s device.

2. Use Privacy-Compliant Alternatives

Swap privacy-invasive tools for those built on a “privacy-by-design” principle:

• Opt for Cookieless Analytics: Implement analytics using a privacy-compliant tool such as Fathom Analytics that is EU-based and designed not to use cookies or collect personal data.
• Self-Host Resources: Instead of loading fonts, libraries, or scripts from external Content Delivery Networks (CDNs), self-host them on your own server. This ensures that the user’s IP address is not shared with a third-party vendor.

3. Maintain Absolute Compliance and Transparency (Crucial Missing Points)

Even if you avoid a banner, the fundamental legal requirements of the various privacy laws do not disappear.

• You Still Need a Privacy Policy: You must always have a comprehensive Privacy Policy. This policy must explicitly state that you collect no personal data or only the minimal “strictly necessary” data (like server logs/IP addresses for security) and explain your use of cookieless analytics.
• Server Logs and IP Addresses: Your web server inherently collects IP addresses to deliver the site. Under GDPR and other laws, an IP address is considered personal data. Your Privacy Policy must disclose that you process this data, even if you don’t store it for long.
• No Banner Does Not Mean No Policy: A website without cookies may not need a banner, but it is never exempt from the requirement to inform users about the data being collected and processed (i.e., you still need a clear Privacy Policy).

Disclaimer: This guidance is based on technical best practices for achieving minimal data collection. You must still maintain a comprehensive Privacy Policy and consult with legal counsel to confirm that your specific setup meets all legal requirements in the jurisdictions where your visitors are located.

For many startups and small businesses, the cost and maintenance burden of continuously engaging legal counsel for privacy compliance can be prohibitive. A Privacy Policy Generator offers a comprehensive and cost-effective alternative.

1. The Traditional Lawyer Approach (High Cost & Maintenance) 💸

While a privacy lawyer provides expert, bespoke advice tailored exactly to your business, this approach comes with significant drawbacks, especially for budget-conscious organizations:

• Expensive Initial Fees: The initial cost of having a lawyer draft a policy is often large and sometimes simply too expensive for startups and small businesses.
• Recurring Update Costs: Once drafted, the policy is static. You then have to re-engage the lawyer every time the policy needs an update, incurring additional fees.
• High Monitoring Burden: You, the business owner, must still monitor the legal landscape around the globe to know when something changes (e.g., a new state law in the US or a regulatory update in the EU) and subsequently alert and re-engage your lawyer for the necessary policy revisions.

2. The Generator Approach (Affordability & Coverage) ✨

A comprehensive Privacy Policy Generator leverages legal expertise to create a dynamic tool that manages the compliance lifecycle at a fraction of the cost.

• Affordable Cost: Generators provide a scalable, subscription-based solution, making legal-grade compliance accessible to businesses of all sizes.
• Best of Both Worlds: You get the benefit of a comprehensive policy that covers multiple jurisdictions without the expense of bespoke legal work.
• Global Coverage: A robust generator can efficiently handle the requirements of numerous privacy laws (GDPR, CCPA, VCDPA, etc.) in a single document.
• Automated Monitoring: The service provider monitors global legal changes and automatically updates the policy in the back-end or prompts you to approve necessary changes, removing the burden of legal tracking from your team.

While a basic privacy policy template offers a quick way to get started, a modern Privacy Policy Generator provides a more customized, dynamic, and compliant solution for long-term risk management.

1. The Static Template Approach (Higher Risk) ⚠️

Templates are widely available, often free, and allow you to quickly insert your details and publish a policy. However, this approach carries significant hidden risks:

• Static and Generic: Templates are inherently static documents. They use generic language and are not customized to your business’s specific data processing activities.
• Non-Customized Compliance: Because the template isn’t tailored to precisely what data you collect, how you use it, or which third-party apps you use, your policy may automatically be non-compliant with specific legal obligations.
• Increased Risk: Using a generic policy exposes you to a higher risk of privacy-related fines and lawsuits, as the document may make incorrect promises or fail to disclose necessary information required by law.
• No Legal Monitoring: A template offers no mechanism to alert you when privacy laws change (e.g., when a new US state law, like the VCDPA, is enacted or updated). You are fully responsible for constantly monitoring global legal developments and manually updating your policy.

2. The Privacy Policy Generator Approach (Lower Risk) ✅

A Privacy Policy Generator typically guides you through a detailed questionnaire about your business, dynamically constructing a legally robust document based on your answers and your users’ jurisdictions.

• Dynamic and Customized: The tool generates clauses that match your specific operations, ensuring the policy accurately reflects your data processing, use of targeted advertising, or collection of sensitive data.
• Legal Intelligence: These platforms are generally maintained by legal experts who track and incorporate changes in global privacy legislation, embedding these requirements directly into the policy text.
• Jurisdictional Logic: The policy is often designed to be jurisdiction-specific, meaning it will only show users in certain regions (like California or the EU) the specific rights and disclosures required by their local law.
• Automatic Updates: The provider handles the ongoing legal compliance burden. When a law changes, your policy is often automatically updated or you are notified of the precise changes you need to approve, significantly lowering your long-term compliance risk.

The need for a dedicated cookie consent banner or tool depends heavily on where your visitors are located, as privacy laws vary significantly between regions (primarily differentiating between “opt-in” and “opt-out” models).

1. EU / UK Businesses (GDPR & ePrivacy Directive) 🇪🇺🇬🇧

Yes, a cookie consent tool is mandatory.

• Model: Opt-In (Explicit Consent).
• Requirement: Websites with visitors from the EU and UK must obtain explicit, affirmative consent before placing any non-essential cookies (such as analytics, marketing, or advertising trackers) on a user’s device.
• What this means: You must use a dedicated cookie banner or pop-up with a clear Accept and Reject option (or a similarly easy refusal mechanism) before any non-essential tracking is loaded. Simply continuing to browse the site does not count as valid consent.

2. US Businesses (CCPA/CPRA, VCDPA, etc.) 🇺🇸

A dedicated tool is strongly recommended to manage opt-out rights.

• Model: Opt-Out (Disclosure and Opt-Out) varies by state.
• Requirement: US state laws generally do not require explicit prior consent for most cookies. Instead, they require you to:
  • Disclose your use of cookies and tracking in your Privacy Policy.
  • Give visitors the ability to opt out of the “sale” or “sharing” of their personal information (which includes targeted advertising and cross-context behavioral advertising, largely powered by third-party cookies).
• What this means: While a full GDPR-style banner may not be needed for US-only visitors, you must have a mechanism, often linked in the footer, allowing users to exercise their right to opt out of data sharing/sale (e.g., a “Do Not Sell or Share My Personal Information” link).

3. Australian Businesses (Privacy Act 1988) 🇦🇺

A full banner is typically not a legal mandate, but an opt-out mechanism is required for transparency.

• Model: Opt-Out / Implied Consent (Transparency).
• Requirement: The Australian Privacy Act and the Australian Privacy Principles (APPs) focus primarily on transparency and notification. You must clearly disclose your use of cookies and tracking in your Privacy Policy.
  • Crucially, you must still give visitors the ability to opt out of the collection, use, or disclosure of their personal information for purposes other than the original collection reason.
• What this means: While a strict consent banner isn’t required for non-sensitive data, you must inform users of the collection before it happens and provide clear instructions or a mechanism for them to opt out of processing. Using a tool ensures this right is easily accessible, aligning with international best practice.

We understand that privacy compliance is complex, but it’s important to clarify the role of SixFive in your compliance journey.

1. Our Role: Best Practice and Certified Expertise

• We Are Not Lawyers: We are privacy implementation experts, not a law firm. We cannot provide legal advice, interpretations of the law, or recommendations specific to potential litigation.
• Certified and Experienced: We have installed many policies for businesses in the US, UK, and Australia and have completed comprehensive training to become certified Termageddon partners.
• Best Practice Guidance: Our advice is focused on industry best practices and technical implementation to help your business achieve and maintain compliance using the policy generator.

2. Information Resources and Support

• Knowledge Base: For common questions, we rely on and update our comprehensive FAQs, where we document commonly answered questions based on our experience and the generator’s legal team guidance.
• Access to Experts: For questions outside of standard implementation, we have direct access to the Termageddon team. While the information provided by Termageddon is not legal advice, their team of privacy professionals often provides a satisfactory and informative answer to complex compliance questions.

3. Our Strongest Recommendation

• Consult a Lawyer: If you have specific legal concerns, complex data handling needs, or require assurance regarding legal risk, consulting a qualified privacy lawyer is always the best path. We recommend you do so if possible.

Yes, we strongly recommend putting each document (Privacy Policy, Terms of Service, etc.) on its own separate page with its own link and address. This is considered best practice and is often a legal necessity to demonstrate compliance and provide a clear user experience.

1. Legal Requirement for Clear Consent and Accountability

Placing all documents on a single page can lead to compliance issues, especially regarding user consent:

• GDPR Consent Proof: Article 7 of the General Data Protection Regulation (GDPR) requires that when the processing of data is based on user consent, you must be able to demonstrate that the user explicitly agreed to that processing.
  • If you place all policies on one page, you cannot show that the user agreed to the Privacy Policy separately from the Terms of Service.
  • The user could argue, “Yes, I agreed to the Terms of Service, but not to the Privacy Policy,” undermining the legal basis for your data processing.
• Conspicuous Posting: Even if GDPR does not apply to you, laws like the California Online Privacy Protection Act (CalOPPA) state that you must “conspicuously post” the Privacy Policy, which is best fulfilled via a distinct, easily identifiable link.
• Prohibited Combinations: Note that multiple privacy laws specifically prohibit the combining of privacy information with general Terms information, which is why we always provide the Terms of Service as a separate, distinct document.

2. Improved User Experience and Clarity

We separate documents like the Privacy Policy and Cookie Policy for clarity, even though it’s not strictly prohibited to combine them:

• Targeted Information: Individuals often visit a site looking for specific information. Some want to know about cookies (e.g., if you use Google Analytics or advertising pixels), while others want to know about their privacy rights or the general collection of personal information.
• Avoiding Overload: Combining all policies can create a very long and intimidating document, particularly if your site uses a large number of cookies. This amount of information can overwhelm individuals and lead to poor transparency.
• Ease of Reference: Providing the Privacy Policy and the Cookie Policy in separate documents makes it significantly easier for individuals to understand and quickly find the specific information they are looking for.

Recommendation: As demonstrated on our site, providing separate links in your website’s footer for each document is the clearest and most legally defensible approach.

Yes, absolutely! Our Privacy Generator system is designed to be platform-agnostic, meaning it can be easily installed on a wide variety of websites and content management systems (CMS).

1. Platform Compatibility

If your site is not on WordPress, you can use this system. It is fully compatible with most major website builders and e-commerce platforms, including:

• Wix
• Squarespace
• Shopify
• Weebly
• Webflow
• GoHighLevel

2. Simple Installation

The policy is typically installed by simply embedding a short snippet of code into your site’s header or footer, ensuring the policies are dynamically updated across all pages, regardless of the underlying platform you use.

The Concierge Setup is designed to save you time, eliminate the learning curve, and ensure your policies are implemented correctly from day one by certified experts.

1. Expertise and Certified Experience ✅

We invest heavily in vetting every product we support, so you don’t have to worry about quality or effectiveness:

• Vetted and Used by SixFive: We initially faced the same privacy compliance pain points and sought a reliable solution. We found, loved, and adopted Termageddon ourselves before offering it to our clients.
• Certified Experts: We completed the necessary training and earned certification from Termageddon. This means you are working with a team that has specialised knowledge of the system, not a general consultant.
• Deep System Knowledge: Because we already did this for ourselves, we know the system inside and out. We have learned the nuances and common pitfalls, allowing us to deliver a fast and accurate setup.
• Technical implementation: Implementing a cookie banner can be technically challenging, ensuring that analytics, facebook pixels etc only fire when consent is given – we will do this all for you.

2. Focus on Your Core Business ⏰

Your time is valuable, and the Concierge Setup allows you to focus it where it matters most – on running your company:

• Time Efficiency: We know the steps, the questions, and the system, allowing us to complete the setup efficiently while you get on with business.
• Avoid the Learning Curve: Paying for the Concierge Setup is the same principle as consulting a specialist for any complex task. Much like when you ask your accountant a question, you don’t go and learn the entire tax code to answer it yourself!
• Guaranteed Accuracy: Our expertise ensures the policy is set up and integrated correctly with your website and internal systems, mitigating the risk of incorrect implementation.

The IAB Transparency & Consent Framework (TCF) is primarily designed to help parties in the digital advertising ecosystem comply with the EU’s General Data Protection Regulation (GDPR) and ePrivacy Directive when processing personal data or accessing/storing information on a user’s device (like cookies).

Websites that need to comply with the IAB TCF are generally those that:

1. Serve digital advertisements, especially personalized or targeted ads, to users in the European Economic Area (EEA) and the UK.
2. Work with third-party vendors (advertisers, ad tech providers, etc.) who are registered with the IAB TCF to deliver, personalize, or measure advertising and content.
3. Use Google publisher products such as Google AdSense, Ad Manager, or AdMob to serve ads to users in the EEA or the UK. Google explicitly requires publishers using these products to use a Google-certified Consent Management Platform (CMP) that integrates with the IAB TCF.

Key participants who use the IAB TCF include:

• Publishers: Website owners or operators who display third-party advertisements or content and use third-party technologies to collect and process user data.
• Vendors: Third-party companies (like ad networks, demand-side platforms, data providers) that partner with publishers to serve ads, measure performance, or personalize content.
• Consent Management Platforms (CMPs): The software or service used by publishers to obtain and manage user consent and communicate those choices across the advertising supply chain via the TCF.

While the TCF itself is a voluntary industry standard, it is practically required for publishers who want to maximize their ad revenue through programmatic advertising and need to work with major ad tech vendors, especially Google, while maintaining GDPR compliance.

When you take up our concierge set up service we’ll ensure your website complies with these rules and install the appropriate technical bits to make it work correctly.

Absolutely, yes, you can. Our Privacy Policy Generator is designed to be fully customizable, allowing you to tailor the policies both by answering the setup questions and by manually editing the final text.

1. Making Changes Through the Generator Portal

You have complete control to modify your policy whenever your business practices change by logging into your dedicated portal:

• Access the Portal: You will be given a unique username and password immediately after purchase to access the Privacy Generator portal.
• Update Your Setup: You can change the base content of your policy at any time by simply logging in and re-answering the initial set of questions about your business and data practices. The policy will be automatically regenerated based on your new input.

2. Customising with Legal Review (The Best of Both Worlds)

We understand that some businesses have specific requirements that may need bespoke legal wording. Our system fully supports this level of customization:

• Lawyer Review: You can have your legal counsel review the generated policies.
• Override and Edit: If there is something you need to override, add, or change – such as a highly specific term or jurisdiction-specific clause – this can be done within the policy editing tool.
• Specific Business Terms: This approach gives you the best of both worlds: you benefit from having the automatically updated, legally sound general content from the generator, while your legal team can write and maintain very specific, custom terms required for your business operations.

Our Privacy Policy Generator works for Australian businesses that operate a website or application that collects information from its visitors and customers.

Not only do we cover your Australian visitors, but also United States, Canada, United Kingdom and European Union residents.