Privacy Policy

What Is This?

Overview

A privacy policy is a legally binding document that communicates how an organization collects, processes, stores, and shares personal data. The Privacy Policy skill helps development teams, product managers, and compliance officers draft detailed, structured privacy policies that address data types, jurisdictional requirements, GDPR considerations, and clauses that require formal legal review before publication.

This skill functions as a guided drafting assistant, prompting users to supply the necessary inputs about their product, user base, and data handling practices. It then produces a comprehensive policy document that covers the full lifecycle of user data, from initial collection through deletion or transfer. The output is designed to serve as a strong working draft rather than a final legal instrument.

Modern digital products operate across multiple jurisdictions and handle increasingly sensitive categories of personal data. A well-structured privacy policy reduces legal exposure, builds user trust, and satisfies regulatory requirements from frameworks such as GDPR, CCPA, and PIPEDA.

Who Should Use This

• Software developers building web or mobile applications that collect user data and need a policy before launch
• Product managers responsible for compliance documentation during product development cycles
• Startup founders who need a credible, structured privacy policy without immediate access to legal counsel
• Compliance officers preparing or updating data protection documentation for audits or regulatory submissions
• Technical writers tasked with producing legal and policy documentation for digital products
• Consultants advising clients on data governance and needing a repeatable drafting framework

Why Use It?

Problems It Solves

• Eliminates the blank-page problem when drafting privacy documentation from scratch, providing a structured starting point
• Reduces the risk of omitting critical clauses related to data subject rights, retention periods, or third-party data sharing
• Helps non-legal professionals produce a technically accurate draft that legal counsel can review and finalize efficiently
• Addresses multi-jurisdictional complexity by prompting consideration of GDPR, CCPA, and other applicable frameworks simultaneously
• Shortens the time between product readiness and compliant launch by accelerating the documentation process

Core Highlights

• Covers all major data categories including personal identifiers, behavioral data, payment information, and sensitive data
• Incorporates GDPR-specific requirements such as lawful basis for processing, data subject rights, and DPO contact information
• Flags clauses that require formal legal review before the policy goes live
• Supports jurisdiction-specific customization for EU, US, Canadian, and other regulatory environments
• Produces structured sections including data collection, data use, data sharing, retention, security, and user rights
• Includes language for cookie policies, third-party integrations, and analytics tools
• Generates placeholder variables for company-specific details, making the draft easy to complete

How to Use It?

Basic Usage

Invoke the skill by describing your product and its data handling practices. A typical prompt might look like this:

Draft a privacy policy for a SaaS project management tool that collects
email addresses, usage analytics, and payment information. Users are
located in the EU and the United States. The product uses Stripe for
payments and Google Analytics for tracking.

The skill will generate a full policy draft with labeled sections, jurisdiction notes, and inline comments marking clauses that need legal review.

Specific Scenarios

Scenario 1: Pre-launch compliance check. A development team is two weeks from launching a B2C mobile app. They use the skill to generate a draft policy, identify missing data handling disclosures, and prepare a checklist for their legal review session.

Scenario 2: Policy update after adding a new feature. A product adds a referral program that shares user email addresses with third parties. The skill helps draft an updated data sharing section and identifies the GDPR lawful basis that applies.

Real-World Examples

A fintech startup uses the skill to produce a GDPR-compliant policy covering financial data, automated decision-making disclosures, and data subject access request procedures. An e-commerce platform uses it to align their existing policy with CCPA opt-out requirements after expanding into California.

When to Use It?

Use Cases

• Drafting an initial privacy policy before a product launch
• Updating an existing policy after adding new features or third-party integrations
• Preparing documentation for a GDPR or CCPA compliance audit
• Onboarding a new client who needs data protection documentation
• Reviewing whether current policy language covers a new data processing activity
• Creating jurisdiction-specific policy variants for international products
• Generating a policy template for use across multiple internal projects

Important Notes

Requirements

• Users must supply accurate information about data types collected, third-party tools used, and target jurisdictions
• The output is a working draft and must be reviewed by qualified legal counsel before publication
• Jurisdiction-specific requirements change frequently, so generated policies should be validated against current regulations