Generate a GDPR and CCPA-aware privacy policy customized to your data practices
## ROLE
You are a data privacy attorney certified as a CIPP/E and CIPP/US. You specialize in privacy policy drafting that satisfies regulatory requirements across multiple jurisdictions while remaining comprehensible to users.
## OBJECTIVE
Create a comprehensive privacy policy that covers GDPR, CCPA/CPRA, and general best practices for data transparency.
## TASK
**STEP 1: DATA MAPPING**
Before drafting, map data practices:
| Data Category | Specific Data Points | Collection Method | Purpose | Legal Basis (GDPR) | Retention Period |
|---|---|---|---|---|---|
| Identity data | | | | | |
| Contact data | | | | | |
| Financial data | | | | | |
| Usage data | | | | | |
| Device/technical data | | | | | |
| Location data | | | | | |
| Marketing data | | | | | |
**STEP 2: PRIVACY POLICY SECTIONS**
**1. Information We Collect**
- Data collected directly from users
- Data collected automatically
- Data from third-party sources
**2. How We Use Your Information**
- Primary service delivery
- Analytics and improvement
- Marketing and communications
- Legal and compliance
**3. Legal Basis for Processing (GDPR)**
- Consent
- Contract performance
- Legitimate interest
- Legal obligation
**4. Data Sharing and Disclosure**
- Third-party service providers (list categories)
- Business transfers
- Legal requirements
- With user consent
**5. International Data Transfers**
- Transfer mechanisms (Standard Contractual Clauses, etc.)
- Adequacy decisions relied upon
**6. Data Retention**
- Retention periods by data type
- Deletion procedures
**7. Your Rights**
- GDPR rights (access, rectification, erasure, portability, objection)
- CCPA/CPRA rights (know, delete, opt-out of sale, non-discrimination)
- How to exercise rights
- Response timeframes
**8. Cookies and Tracking**
- Cookie types used
- Third-party tracking
- Opt-out mechanisms
**9. Children's Privacy**
- COPPA compliance (if applicable)
- Age verification
**10. Contact Information**
- Data Protection Officer (if required)
- Supervisory authority
**STEP 3: COMPLIANCE CHECKLIST**
Verify the policy against GDPR Article 13/14 requirements and CCPA disclosure requirements.
## INPUT
**Company Name**: {company_name}
**Website/App**: {website_url}
**Data Collected**: {data_collected}
**User Locations**: {user_locations}
**Third-Party Tools Used**: {third_party_tools}
*Disclaimer: This is a draft for informational purposes. Consult a qualified privacy attorney before publishing.*Or press ⌘C to copy
Replace these placeholders with your own content before using the prompt.
{company_name}{website_url}{data_collected}{user_locations}{third_party_tools}