The first step in creating your policy is to know exactly what information is being collected. In many cases, your site automatically logs things such as the visitor’s IP address, but other information may be gathered, as well. In addition to what is being collected, you should be aware of who has access to it and what they plan to do with that information. For example, some organizations choose to sell their visitors’ information in order to raise extra money. This practice is often frowned on by visitors and can be a major turn-off.

To avoid issues, create a user-friendly privacy policy that states, in easy-to-understand terms, what will become of the information collected. Skip the legal jargon and write it to be clear and concise, while still being thorough. Tell your visitors what information is being collected and what you will do with it. If you create email lists for marketing purposes, for example, you will want to let your visitors know and should consider giving them the chance to “opt out.” This keeps you from sending marketing emails to someone who may view them as spam and get your website blacklisted.

Finally, make sure that your privacy policy is easy to find. If it’s buried too deeply, then readers may suspect you’re trying to hide something in the “fine print.” Most nonprofits have a policy of transparency, and this is no time to ignore that!

The best way to construct a privacy policy is to have it drafted by an attorney (although you may want to rework it a bit to be more user friendly). If this isn’t a possibility, there are sites like that of the Direct Marketing Association, which offers a Privacy Policy Generator.