Policy type
Select the type of policy you need to generate.
121 policies
Privacy Policy
Legally required in 100+ countries. Discloses exactly how you collect, use, store, and protect personal data — covering GDPR, CCPA, UK GDPR, and more.
Cookie Policy
Required under EU ePrivacy Directive and UK PECR. Lists every cookie and tracker on your site, explains their purpose, and documents your consent mechanism.
GDPR Compliance Policy
Comprehensive framework documenting all GDPR obligations — lawful basis mapping, data subject rights procedures, breach response, and DPO requirements.
CCPA Privacy Notice
Required for businesses serving California residents that meet CCPA thresholds. Covers the right to know, right to delete, and opt-out of data sales — updated for CPRA 2023.
Data Processing Agreement
Mandatory under GDPR Article 28 for any B2B data relationship. A legally binding contract between data controllers and processors specifying security measures and sub-processor rules.
Data Retention Policy
Documents how long each category of data is kept and how it is securely deleted. Required under GDPR's storage limitation principle — protects against over-retention fines.
Data Breach Response Policy
A step-by-step incident response plan for data security breaches. Covers detection, containment, authority notification (72-hour GDPR window), and affected-user communication.
HIPAA Privacy Policy
Federally mandated for US healthcare providers and Business Associates handling PHI. Covers patient rights, minimum necessary standard, breach notification, and BAA requirements.
COPPA Policy
Required by US law for any service directed at children under 13. Covers verifiable parental consent, data minimisation, prohibition on behavioural advertising, and safe harbour provisions.
Data Subject Access Request Policy
Defines how individuals can exercise their data rights under GDPR, CCPA, and UK GDPR — covering request submission, identity verification, response timelines (30 days GDPR / 45 days CCPA), and appeal procedures.
Data Transfer Agreement
Required for international transfers of personal data outside the EEA/UK. Incorporates EU Standard Contractual Clauses (SCCs), UK International Data Transfer Agreement (IDTA), and supplementary security measures.
Privacy Impact Assessment
DPIA template required under GDPR Article 35 for high-risk processing — covering data flows, necessity assessment, risk evaluation, and mitigation measures.
Consent Management Policy
Framework for collecting, recording, and managing user consent — covering opt-in mechanisms, granular consent options, withdrawal procedures, and audit trails.
Mobile App Privacy Policy
Privacy policy tailored for mobile applications — covering device permissions, push notifications, location data, app analytics, and app store compliance requirements.
Biometric Data Policy
Governs the collection, storage, and processing of biometric identifiers — fingerprints, facial recognition, voice prints, and retinal scans. Required under Illinois BIPA, Texas CUBI, and GDPR for special-category data.
Location & GPS Data Policy
Discloses how your service collects, uses, and shares device location data — covering precise vs. approximate location, third-party SDKs, and opt-out rights under CCPA, GDPR, and FTC guidelines.
Marketing & Communications Consent Policy
Framework for obtaining and managing consent for marketing communications — covering opt-in standards under GDPR, CASL, and CAN-SPAM, unsubscribe mechanisms, consent records, and frequency capping.
Third-Party Data Sharing Policy
Discloses which third parties receive personal data, for what purpose, and under what legal basis — satisfying GDPR Art. 13/14 disclosure requirements and CCPA "sale or sharing" opt-out obligations.
Children's Online Safety Policy
Covers obligations under the UK Children's Code (Age Appropriate Design Code), COPPA, KOSA (US), and EU DSA child-safety provisions — including age estimation, default privacy settings, and content restrictions.
Data Minimization Policy
Operationalises the GDPR and UK GDPR data minimization principle — documenting what data is collected, why it is necessary, and how excess data is prevented from being gathered or retained.
Brazil LGPD Compliance Policy
Compliance policy for Brazil's Lei Geral de Proteção de Dados (LGPD) — covering legal bases, data subject rights (access, correction, deletion, portability), DPO appointment, and ANPD reporting obligations.
China PIPL Compliance Policy
Compliance framework for China's Personal Information Protection Law (PIPL) — covering consent requirements, cross-border data transfer rules, separate consent for sensitive data, and MIIT breach notification.
Terms of Service
The foundational contract between your business and users. Defines acceptable use, limits your liability, protects your IP, and sets rules for account suspension.
Acceptable Use Policy
Specifies what users can and cannot do on your platform. Protects against abuse, illegal content, and misuse — essential for SaaS, hosting, and community platforms.
End User Licence Agreement
Grants end users a limited licence to use your software while prohibiting reverse engineering, copying, or redistribution. Required by Apple App Store and Google Play.
SaaS Agreement
Master subscription agreement for software-as-a-service — covering access rights, uptime guarantees, data ownership, support tiers, security obligations, and termination terms.
API Terms of Service
Governs how third-party developers can access and use your API. Covers rate limits, data caching rules, prohibited uses, authentication requirements, and API key revocation.
Subscription Terms
Covers auto-renewal billing, cancellation rights, price change notice periods, and proration rules. Ensures compliance with consumer protection laws on recurring charges in EU/UK/US.
Free Trial Terms
Sets clear boundaries for free trial access — trial duration, feature limitations, what happens at trial end, and whether a payment method is required upfront. Reduces chargeback risk.
Beta Testing Agreement
Governs access to pre-release software — covering confidentiality of unreleased features, feedback ownership, disclaimer of warranties, and no-liability for beta instability.
Community Guidelines
Sets behavioural standards for community platforms — covering prohibited content, harassment, hate speech, spam, and moderation procedures. Needed for Digital Services Act compliance.
Forum Rules
Specific rules of engagement for discussion boards and forums — covering post formatting, prohibited topics, spam, self-promotion, account bans, and moderator authority.
User Generated Content Policy
Governs content created by users on your platform — covering licence grants to host and distribute UGC, content ownership, prohibited content, takedown procedures, and DMCA safe harbour compliance.
Intellectual Property Policy
Documents ownership of trademarks, patents, copyright, and trade secrets. Covers employee and contractor IP assignment, permitted use of third-party materials, and brand usage guidelines.
Sweepstakes & Contest Rules
Official rules required by US, UK, and Canadian law for any prize promotion — covering eligibility, entry method, prize description, drawing procedures, winner notification, and liability limitations.
Referral Program Terms
Governs how users earn and redeem referral rewards — covering eligibility, reward conditions, anti-fraud provisions, tax disclosure, and program modification/termination rights.
Loyalty & Rewards Program Terms
Terms governing points accumulation, tier benefits, redemption rules, expiry conditions, and program changes for loyalty and rewards schemes — covering consumer protection requirements in EU, UK, and US.
Virtual Currency & In-App Purchases Terms
Governs the purchase, use, and expiry of in-app currency, tokens, and virtual goods. Addresses non-refundability, platform currency rules, and consumer protection requirements in the EU and UK.
Prohibited Items & Services Policy
Lists categories of goods and services that cannot be listed or sold on your platform — covering illegal items, regulated goods, counterfeit products, and platform-specific restrictions.
Refund & Returns Policy
Legally required for e-commerce in the EU (14-day cooling off) and UK. Clearly defines return windows, refund timelines, conditions, and digital goods exceptions.
Non-Disclosure Agreement
Legally binding contract preventing parties from sharing your trade secrets, product plans, or sensitive business data. Essential before any partnership conversation.
Service Level Agreement
Defines guaranteed uptime (e.g. 99.9%), support response times, severity classifications, service credit formulas, and maintenance windows. Expected by enterprise buyers.
Contractor Agreement
Clearly establishes an independent contractor (not employee) relationship — covering deliverables, IP assignment, payment terms, confidentiality, and right to substitute.
Partnership Agreement
Defines profit sharing, decision-making authority, capital contributions, buy-out provisions, and dissolution procedures for business partnerships and joint ventures.
Affiliate Disclosure
FTC and ASA required disclosure that you earn commission from product recommendations. Must appear before affiliate links — required even for free products and gifted items.
Shipping Policy
Required before checkout under EU/UK consumer law. Covers carrier partners, estimated delivery timescales, international shipping zones, customs duties, and lost parcel procedures.
Ecommerce Terms & Conditions
Comprehensive legal framework for online retail — covering order acceptance, payment processing, price errors, VAT, warranty limitations, and statutory consumer rights.
Marketplace Policy
Governs the relationship between your marketplace platform and its sellers/buyers — covering seller verification, listing rules, escrow, dispute resolution, and fee structures.
White Label Agreement
Agreement for reselling or rebranding products/services under a different brand name, covering IP licensing, quality standards, and revenue sharing.
Terms of Sale
Terms governing the sale of goods or digital products, including pricing, payment terms, delivery, risk transfer, and warranty.
Influencer Agreement
Contract governing influencer partnerships — covering deliverables, content approval, usage rights, FTC/ASA disclosure requirements, exclusivity, and payment terms.
Vendor & Supplier Agreement
Governs the procurement of goods and services from third-party vendors — covering pricing, delivery schedules, quality standards, indemnification, audit rights, and termination provisions.
Consulting Services Agreement
Defines the scope, deliverables, fees, and IP ownership for professional consulting engagements — distinguishing consultants from employees and protecting confidential business information.
Non-Solicitation Agreement
Prohibits former employees or contractors from poaching clients or staff for a defined period — covering scope, duration, geographic limits, and enforceability considerations by jurisdiction.
Reseller & Distribution Agreement
Governs the relationship with authorised resellers — covering territory rights, pricing floors, marketing obligations, brand usage rules, reporting requirements, and termination procedures.
Revenue Sharing Agreement
Defines how revenue is split between business partners — covering calculation methodology, payment schedule, audit rights, minimum performance thresholds, and dispute resolution.
Warranty & Guarantee Policy
Documents warranty coverage, duration, what is and is not covered, claim procedures, and remedies — balancing commercial terms with statutory consumer rights under EU, UK, and US law.
Returns & Exchange Policy
Detailed policy for physical and digital product returns, exchanges, and store credits — covering return windows, condition requirements, restocking fees, and statutory rights that cannot be excluded.
Employee Handbook
Your primary staff reference document — covering working hours, PTO, disciplinary procedures, equal opportunities, IT use, and benefits. Reduces employment tribunal risk significantly.
Remote Work Policy
Defines expectations for home and hybrid workers — covering equipment stipends, cybersecurity requirements, working hours across time zones, and working-abroad tax implications.
Social Media Policy
Governs how employees represent your brand online — covering personal vs professional accounts, confidentiality obligations, prohibited content, and FCA promotion rules.
Equal Opportunity Policy
Documents your commitment to non-discriminatory hiring and workplace practices across all protected characteristics. Required for public sector contracts and many enterprise suppliers.
Health & Safety Policy
Legally required for businesses with 5+ employees in the UK. Covers risk assessment procedures, incident reporting, first aid arrangements, ergonomic assessments, and emergency plans.
Whistleblower Policy
Provides protected reporting channels for employees to raise concerns about wrongdoing — covering anonymity guarantees, non-retaliation protections, and investigation procedures.
Code of Conduct
Sets ethical standards for all staff — covering professional behaviour, anti-harassment, conflict of interest, gifts and entertainment, and consequences for violations.
Conflict of Interest Policy
Requires staff and directors to disclose personal interests that could influence business decisions — covering recusal procedures, disclosure registers, and enforcement.
Anti-Harassment Policy
Workplace policy prohibiting harassment, bullying, and intimidation — covering definitions, reporting procedures, investigation process, and disciplinary actions.
Employee Privacy Notice
Privacy notice specifically for employees and job applicants, covering HR data processing, monitoring, background checks, and data subject rights.
Bring Your Own Device (BYOD) Policy
Governs employee use of personal devices for work — covering permitted device types, MDM enrollment, acceptable use, data segregation, security requirements, and remote-wipe rights upon termination.
Employee Monitoring Policy
Discloses workplace monitoring activities — including email/internet monitoring, CCTV, keystroke logging, and productivity tracking. Required under UK ICO employment guidance, GDPR Art. 13/14, and US state laws.
Travel & Expense Policy
Sets rules for business travel booking, expense reimbursement, per diem rates, approval workflows, receipt requirements, and prohibited expenses — reducing fraud and ensuring tax compliance.
Parental & Family Leave Policy
Documents maternity, paternity, shared parental, and adoption leave entitlements beyond statutory minimums — covering pay, return-to-work procedures, flexible working requests, and redundancy protections.
Grievance & Complaints Policy
Provides a formal procedure for employees to raise workplace concerns — covering informal resolution, formal grievance stages, investigation timelines, appeal rights, and anti-retaliation protections.
Performance Management Policy
Defines how employee performance is assessed, documented, and managed — covering appraisal cycles, performance improvement plans (PIPs), objective-setting frameworks, and dismissal procedures.
Drug & Alcohol Policy
Sets expectations for a substance-free workplace — covering prohibited substances, testing procedures (where lawful), support resources, safety-critical role requirements, and disciplinary consequences.
Background Check Policy
Documents the pre-employment screening process — covering the types of checks conducted (criminal, credit, reference, DBS), candidate consent requirements, adverse action procedures, and data retention.
AI Usage Policy
Governs employee use of generative AI tools — covering prohibited inputs (confidential data, PII), output review requirements, approved tools list, and IP ownership of AI-generated content.
Anti-Bribery Policy
Required for compliance with UK Bribery Act 2010 and US FCPA. Covers prohibited facilitation payments, gift and hospitality registers, due diligence on agents, and training obligations.
Modern Slavery Statement
Annual statement required for UK businesses with £36M+ turnover under Modern Slavery Act 2015. Covers supply chain due diligence, risk areas, and remediation actions taken.
Cybersecurity Policy
Sets organisation-wide information security standards — covering access controls, encryption requirements, patch management, network security, and employee security training.
Password Policy
Defines minimum password complexity, rotation schedules, MFA requirements, password manager use, and prohibited practices — aligned with NIST 800-63B guidelines.
Incident Response Policy
Defines how your team detects, classifies, contains, and recovers from all security incidents — covering severity levels, escalation paths, communication templates, and post-incident reviews.
Accessibility Statement
Demonstrates your commitment to digital accessibility under ADA (US), EAA (EU 2025), and WCAG 2.2 AA standards. Documents conformance level, known limitations, feedback channels, and remediation timeline.
Impressum
Legally required in Germany, Austria, and Switzerland under TMG §5 and ECG §5. Discloses business identity, registered address, contact details, VAT number, trade register entry, and responsible editor.
EU AI Act Compliance Policy
Compliance policy for the EU AI Act (2024/1689) — risk classification, transparency obligations, prohibited practices, and human oversight requirements for AI systems.
Digital Services Act (DSA) Policy
Policy for EU Digital Services Act compliance — content moderation transparency, notice-and-action mechanisms, recommender system disclosure, and annual reporting.
UK Online Safety Act Policy
Compliance with the UK Online Safety Act 2023 — illegal content duties, child safety obligations, age verification, and Ofcom transparency reporting.
AI/ML Ethics Policy
Governs responsible AI use across the organisation — covering bias prevention, algorithmic transparency, accountability frameworks, human oversight requirements, and ethical review processes.
Records Retention Policy
Policy defining how long different categories of business records must be retained, archived, or destroyed, per regulatory requirements.
Anti-Money Laundering (AML) Policy
Compliance framework for detecting and preventing money laundering — covering customer due diligence (CDD), suspicious activity reporting (SARs), transaction monitoring, record-keeping, and staff training under FATF recommendations and 6AMLD.
Know Your Customer (KYC) Policy
Defines identity verification procedures for onboarding customers — covering document collection, biometric verification, PEP/sanctions screening, enhanced due diligence for high-risk customers, and ongoing monitoring.
PCI DSS Compliance Policy
Information security policy for organisations handling payment card data — covering cardholder data environment scope, encryption standards, access control, vulnerability management, and annual assessment obligations under PCI DSS v4.0.
ISO 27001 Information Security Policy
Master information security policy aligned with ISO/IEC 27001:2022 — covering ISMS scope, risk management framework, security objectives, asset classification, and management review requirements.
SOC 2 Compliance Policy
Security and availability policy for SOC 2 Type I/II audits — covering the five Trust Service Criteria (security, availability, processing integrity, confidentiality, and privacy), vendor management, and change management controls.
GLBA Privacy Notice
Annual privacy notice required for US financial institutions under the Gramm-Leach-Bliley Act — disclosing information-sharing practices, opt-out rights for non-affiliated third-party sharing, and security safeguards.
FERPA Compliance Policy
Policy for US educational institutions and EdTech companies handling student educational records — covering FERPA disclosure rules, directory information opt-outs, parental rights, legitimate educational interest, and third-party access controls.
Canada PIPEDA Compliance Policy
Compliance policy for Canada's Personal Information Protection and Electronic Documents Act — covering the 10 Fair Information Principles, consent requirements, breach of security safeguards reporting to the OPC, and Quebec Law 25 enhancements.
PDPA Compliance Policy
Compliance framework for data protection legislation in Singapore (PDPA 2012/2021) and Thailand (PDPA 2019) — covering consent and notification obligations, DPO appointment, breach notification timelines, and cross-border data transfer rules.
NIST Cybersecurity Framework Policy
Information security policy aligned with the NIST Cybersecurity Framework 2.0 — covering the Govern, Identify, Protect, Detect, Respond, and Recover functions, risk tolerance statements, and continuous improvement obligations.
Zero Trust Security Policy
Security architecture policy implementing Zero Trust principles — covering identity verification for every access request, least-privilege access controls, micro-segmentation, continuous monitoring, and device health attestation.
DORA (Digital Operational Resilience Act) Policy
ICT risk management policy for EU financial entities under DORA (Regulation (EU) 2022/2554) — covering ICT risk governance, incident classification and reporting, TLPT testing, third-party ICT provider management, and resilience testing.
NIS2 Directive Compliance Policy
Cybersecurity policy for entities in scope of the EU NIS2 Directive (2022/2555) — covering risk management measures, supply chain security, incident reporting to national CSIRTs within 24/72 hours, and management body accountability.
Financial Services Privacy Policy
Privacy policy tailored for regulated financial services — covering Gramm-Leach-Bliley Act (GLBA), FCA data requirements, MiFID II record-keeping, and consumer financial data rights.
Financial Services Terms & Conditions
Comprehensive terms for regulated financial services businesses — covering regulatory status disclosures, eligible counterparty restrictions, risk warnings, fees, margin requirements, and dispute resolution under FCA, SEC, MiFID II, and ASIC frameworks.
Investment Risk Disclaimer
Mandatory risk disclosure for financial content and investment platforms — stating that content does not constitute financial advice, past performance is not indicative of future results, and capital is at risk. Required by FCA, SEC, and ASIC.
Cryptocurrency & Digital Assets Policy
Governs the offering and trading of crypto assets — covering MiCA (EU) compliance, FCA PS22/10 financial promotions, SEC/CFTC registration analysis, wallet custody terms, smart contract risks, and AML/KYC obligations.
Payment Processing Terms
Terms governing payment collection, processing fees, settlement timelines, failed payment procedures, chargeback rights, and PCI DSS compliance representations — for businesses using Stripe, PayPal, or similar payment processors.
Open Banking & PSD2 Policy
Compliance policy for businesses accessing bank account data via open banking APIs — covering PSD2 (EU) and Open Banking (UK) authorisation requirements, strong customer authentication (SCA), data minimisation, and consent management.
Telehealth & Remote Care Terms
Terms of service for digital health and telemedicine platforms — covering scope of service, prescribing limitations, emergency protocol disclaimers, practitioner licensing disclosures, data sharing with insurers, and state/country telehealth licensing requirements.
Medical Device Usage Policy
Governs the supply and use of medical devices and software as a medical device (SaMD) — covering FDA 510(k) / EU MDR (2017/745) classification, intended use disclaimers, contraindications, adverse event reporting, and post-market surveillance.
Clinical & Research Data Policy
Governs collection, storage, and sharing of clinical trial and health research data — covering ICH GCP compliance, IRB/ethics committee approval, informed consent, de-identification standards, and data sharing with regulatory bodies.
Disclaimer
Limits your liability for the accuracy of content on your site. Critical for blogs, health/finance/legal sites — protects against negligence claims from readers acting on your content.
Copyright Policy
Declares ownership of your original content, defines permitted uses and attribution requirements, and details your process for handling infringement — includes DMCA contact information.
DMCA Policy
Required for "safe harbour" protection under US law. Designates a DMCA agent, sets out your takedown notice process, counter-notice procedure, and repeat infringer termination policy.
Anti-Spam Policy
Ensures all marketing emails comply with CAN-SPAM, CASL, and GDPR — covering opt-in consent standards, unsubscribe mechanisms, sender identification, and prohibited practices.
Environmental & Sustainability Policy
Documents your organisation's commitment to environmental responsibility — covering carbon reduction targets, supply chain sustainability standards, waste management, energy efficiency, and compliance with UK SECR, EU CSRD, and SEC climate disclosure rules.
Corporate Social Responsibility Policy
Sets out your organisation's commitments to social, environmental, and governance (ESG) standards — covering community investment, ethical sourcing, diversity targets, charitable giving, and sustainability reporting.
Photo & Video Release Policy
Obtains consent to photograph, record, and publish images of individuals — covering model release rights, usage scope (commercial, editorial, social media), moral rights waivers, and GDPR biometric data considerations.
Testimonial & Review Policy
Governs the collection, display, and authenticity of customer testimonials and reviews — ensuring compliance with FTC Endorsement Guides, ASA (UK) rules, and EU Omnibus Directive requirements for verified reviews.
Event & Conference Terms
Terms and conditions for ticketed events — covering registration, cancellation and refund rights, force majeure, photography consent, code of conduct, liability limitations, and venue-specific rules.
Open Source Software Usage Policy
Governs how open source software is evaluated, approved, and used within your organisation — covering licence compatibility (GPL, MIT, Apache), dependency auditing, contribution guidelines, and IP contamination risk management.