5 Expert Tips for Spotting a Good Privacy Policy (and a few things to watch out for)

This Valentine’s Day, we are sharing our love of good privacy policies. We all know how it goes – you download an app or install new software and up pops a privacy policy. Even if you have the time to read all that text, do you know what to look for, what defines a good privacy policy, and how to spot a red flag?

At Kuma, we help our clients build good privacy policies and today, we’re gifting you with some simple tips to quickly and easily understand any privacy policy and protect yourself from being hacked. When reviewing a policy, ask the following questions:

1. WHAT is being collected?

A good policy should be able to specify exactly what data they gather such as your name, address, SSN, IP address, etc. If you don’t believe this information is necessary for the business you’re doing with that company, consider the next tip.

2. WHY are they collecting my private information?

The purpose of why they need the data they are collecting should be spelled out clearly.

3. HOW are they protecting my personal data?

A good policy should be able to list out how they protect your information and demonstrate widely accepted standards used to do so, such as GDPR and COPPA (that requires parents to provide consent to share data for children under 13).

4. WHO else might receive my information?

Some companies may share your data with third parties as part of their service offerings, to improve products through data analytics, if legal authorities request it, to name a few reasons.

5. WHEN will they share this information?

If a company is party to a merger or acquisition or is subject to bankruptcy, your information may be considered an asset. You need to know if you’re agreeing to your information being shared under these circumstances.


Some immediate red flags to look for:

  • Is the privacy policy hard to find? If a privacy policy is not made available to you, consider looking for it. If it’s difficult to locate, be concerned, and don’t immediately agree to share your private information.
  • If the privacy policy is written using complicated language, is overly vague, too simplistic, or written with typos and poor grammar, it may be the company didn’t assign a professional to write the policy.
The Kuma Difference

Kuma brings decades of experience in helping online businesses develop data minimization and privacy policies and implementing a privacy program that meets business requirements and regulatory demands.  Kuma takes the time to understand the business objectives and works with the organization’s various teams to develop and implement policies and solutions that provide a balanced approach to privacy and user delight.

Learn more about our services or contact us directly for a consultation.

Share This Post:


Subscribe To Our Newsletter

Signup for our newsletter to get updated information, news, and promotions.
Start Here

Send us a message

Please take a moment to submit your information. A member of our consulting team will be in touch shortly.