120 policy types, jurisdiction-aware, 120 languages. Click any card to see details and generate.
120 policies
Privacy Policy
A legally required document disclosing exactly how your business collects, uses, stores, and protects personal data. It explains user rights and your obligations under applicable privacy law.
Cookie Policy
A transparent breakdown of every tracking technology on your website — including cookies, pixels, local storage, and third-party scripts — along with user consent mechanisms.
GDPR Compliance Policy
A comprehensive internal and external framework documenting how your organisation meets all GDPR obligations — from lawful basis for processing to subject access request procedures and data breach response.
CCPA Privacy Notice
Specific privacy disclosures required for California residents under the California Consumer Privacy Act. Covers the right to know, right to delete, and right to opt-out of data sales.
Data Processing Agreement
A legally binding contract between a data controller and a data processor defining how personal data is handled, protected, and used — a GDPR/UK GDPR requirement for any B2B data relationship.
Data Retention Policy
Defines exactly how long different categories of personal and business data are stored, and the secure deletion or anonymisation procedures applied when data is no longer needed.
Data Breach Response Policy
A critical internal action plan for identifying, containing, and reporting IT security incidents involving personal or sensitive data.
HIPAA Privacy Policy
A federally mandated policy governing the use and disclosure of Protected Health Information (PHI). Covers patients' rights, minimum necessary standards, and Business Associate requirements.
COPPA Policy
Specific privacy protections and disclosure requirements for services that collect personal information from children under the age of 13.
Data Subject Access Request (DSAR) Policy
A policy documenting how your organisation receives, verifies, and responds to data subject access requests within statutory timeframes under GDPR and equivalent laws.
Data Transfer Agreement
A contractual agreement incorporating Standard Contractual Clauses (SCCs) or equivalent safeguards to legitimise international transfers of personal data to third countries.
Privacy Impact Assessment (PIA)
A systematic process for evaluating privacy risks of new projects, systems, or processes involving personal data, required when processing is likely to result in high risk.
Consent Management Policy
A policy governing how your organisation collects, records, manages, and withdraws user consent for data processing and marketing communications.
Mobile App Privacy Policy
A privacy policy specifically tailored for mobile applications, covering device permissions, SDK data collection, push notifications, and app store compliance requirements.
Biometric Data Policy
A policy governing the collection, storage, use, and deletion of biometric identifiers including fingerprints, facial recognition data, voice prints, and iris scans.
Location Data Policy
A policy outlining how your organisation collects, processes, shares, and retains precise and approximate location data from users' devices.
Marketing Consent Policy
A policy governing how marketing consent is obtained, recorded, and managed for email, SMS, push notifications, and direct mail campaigns.
Third-Party Data Sharing Policy
A policy disclosing and governing the sharing of personal data with third-party vendors, partners, and service providers.
Children's Online Safety Policy
A policy setting out protections for users under 18, covering age verification, parental consent, content restrictions, and data handling for minors.
Data Minimisation Policy
A policy ensuring your organisation only collects personal data that is adequate, relevant, and limited to what is necessary for specified purposes.
LGPD Compliance Policy (Brazil)
A compliance policy addressing Brazil's Lei Geral de Proteção de Dados (LGPD), covering lawful bases, data subject rights, DPO requirements, and ANPD reporting.
PIPL Compliance Policy (China)
A compliance policy for China's Personal Information Protection Law (PIPL), addressing consent, cross-border transfer assessments, and local storage requirements.
Terms of Service
The foundational legal contract governing the relationship between your business and users. Defines acceptable use, your liability limits, dispute resolution, and what happens when accounts are suspended or terminated.
Acceptable Use Policy
A formal policy defining what users may and may not do on your platform, network, or service — protecting you from abuse, illegal content, and misuse.
End User License Agreement (EULA)
A legally binding licence agreement between a software developer and an end user, defining exactly what the user can and cannot do with the software — critical for desktop apps, mobile apps, and SaaS products with downloadable components.
SaaS Subscription Agreement
A comprehensive agreement governing access to software-as-a-service products, covering subscription terms, data ownership, SLAs, and acceptable use.
API Terms of Use
Rules and technical constraints for 3rd party developers building on your platform to protect infrastructure and user data.
Subscription Terms
Automatic renewal and billing cycle rules for recurring billing models, ensuring transparency around renewals and price changes.
Free Trial Terms
Transitions from free to paid tiers, focusing on pre-authorization and notification requirements.
Beta Testing Agreement
Liability waivers and confidentiality terms for users accessing early pre-release software.
Community Guidelines
The behavioral standards for users in social or collaborative spaces, focusing on maintaining a safe and productive environment.
Forum Rules
Highly specific technical and behavioral rules for message boards and bulletin boards to prevent clutter and maintain site performance.
User-Generated Content Policy
A policy governing what users may post on your platform, including content moderation standards, intellectual property licences, and takedown procedures.
Intellectual Property Policy
Defines how intellectual property is created, owned, protected, and commercialised within the organisation. Covers patents, copyrights, trademarks, trade secrets, and employee invention assignment to ensure the company retains rights to work product.
Sweepstakes & Contest Rules
Official rules for sweepstakes, contests, and prize promotions, covering eligibility, entry methods, prize descriptions, and drawing procedures.
Referral Program Terms & Conditions
Terms governing your customer referral programme, including reward eligibility, payout conditions, fraud prevention, and termination rights.
Loyalty Programme Terms
Terms governing your points-based or tiered loyalty programme, covering point accrual, redemption, expiry, and member rights.
Virtual Currency & In-Game Items Terms
Terms governing virtual currencies, tokens, and in-game items, including purchase conditions, non-refundability, and account termination effects.
Prohibited Items Policy
A policy listing items and services that cannot be listed, sold, or promoted on your platform, protecting against legal liability and marketplace integrity.
Refund & Returns Policy
Clearly defines your customers' rights to return goods or request refunds, including timelines, conditions, exclusions, and the returns process — satisfying statutory consumer rights laws.
Non-Disclosure Agreement (NDA)
A legally binding contract that prevents parties from sharing confidential information with third parties. Essential before sharing trade secrets, product roadmaps, or sensitive business details.
Service Level Agreement (SLA)
A formal commitment defining the minimum service quality, uptime guarantees, support response times, and remedies (service credits) when targets are not met.
Contractor Agreement Template
Work-for-hire and IP assignment terms ensuring the company owns creative works produced by external talent.
Partnership Agreement Template
Joint venture and collaboration terms between co-founders or partners defining ownership and management.
Affiliate Disclosure
A legally required statement disclosing that you may earn a commission when readers click links or purchase products you recommend — maintaining trust and complying with FTC and ASA regulations.
Shipping Policy
A clear, customer-facing document outlining how orders are processed, shipped, and delivered — including carriers used, estimated timelines, tracking, and what happens when deliveries go wrong.
E-Commerce Terms
The comprehensive legal contract governing online sales, covering orders, payments, warranties, and the limitation of liability for digital storefronts.
Marketplace Policy
Terms governing multi-vendor platforms where third-party sellers interact with buyers, defining the platform's role as an intermediary.
White-Label Agreement
An agreement permitting a reseller to rebrand and sell your product or service under their own name, with terms covering branding rights, support, and quality standards.
Terms of Sale
Standard terms and conditions governing the sale of goods or services, covering pricing, delivery, payment terms, warranties, and dispute resolution.
Influencer & Creator Agreement
A contract governing paid partnerships between brands and social media influencers or content creators, covering deliverables, content rights, and disclosure obligations.
Vendor Agreement
A master agreement governing the supply of goods or services from a vendor, covering pricing, delivery standards, quality requirements, and liability.
Consulting Agreement
A professional services agreement for independent consultants, covering scope of work, deliverables, fees, IP ownership, and confidentiality.
Non-Solicitation Agreement
An agreement preventing parties from soliciting employees, contractors, or customers of the other party for a specified period after the relationship ends.
Reseller Agreement
An agreement governing the resale of your products or services by authorised channel partners, covering pricing, territory, and brand standards.
Revenue Sharing Agreement
An agreement establishing how revenues are divided between parties to a joint venture, partnership, or platform relationship.
Warranty Policy
A policy defining the scope of warranties offered on products or services, including coverage periods, claim procedures, and exclusions.
Returns & Exchange Policy
A customer-facing policy outlining the conditions under which products may be returned or exchanged, including timeframes, condition requirements, and refund methods.
Employee Handbook
A comprehensive handbook documenting workplace policies, employee rights, company culture, benefits, and code of conduct for all employees.
Remote Work Policy
Framework for establishing guidelines for working from home or abroad, ensuring productivity, data security, and employee well-being in a distributed environment.
Social Media Policy
A formal policy governing how employees represent themselves and the company on personal and professional social media accounts — protecting brand reputation, confidential information, and legal compliance.
Equal Opportunity Policy
A commitment to a workplace free from discrimination and harassment, ensuring fair treatment for all employees regardless of protected characteristics.
Health & Safety Policy
A formal document outlining the organization's commitment to providing a safe physical working environment, preventing accidents, and complying with occupational health laws.
Whistleblower Policy
Provides safe, confidential channels for employees or stakeholders to report corporate wrongdoing, fraud, or unethical behavior without fear of retaliation.
Code of Conduct
The ethical compass of the organisation, defining standards of professional behaviour, harassment prevention, and core company values.
Conflict of Interest Policy
Ensures that individuals in positions of power or influence do not use their authority for personal gain or in ways that contradict the organization's interests.
Anti-Harassment & Discrimination Policy
A policy prohibiting workplace harassment, discrimination, and bullying, establishing reporting procedures, investigation protocols, and disciplinary consequences.
Employee Privacy Notice
A GDPR-compliant privacy notice for employees and job applicants explaining what personal data is collected, how it is used, and employees' data subject rights.
Bring Your Own Device (BYOD) Policy
Establishes clear rules for employees using personal smartphones, laptops, or tablets for work purposes, focusing on security, privacy, and data ownership.
Employee Monitoring Policy
A policy governing workplace monitoring activities including email monitoring, internet use tracking, CCTV, keystroke logging, and productivity software.
Travel & Expense Policy
A policy governing business travel and expense reimbursement, covering booking procedures, allowable expenses, approval workflows, and submission deadlines.
Parental Leave Policy
A policy documenting maternity, paternity, and shared parental leave entitlements, pay during leave, return-to-work procedures, and enhanced benefits.
Grievance Procedure Policy
A formal procedure for employees to raise workplace complaints, covering how grievances are submitted, investigated, and resolved.
Performance Management Policy
A policy governing how employee performance is assessed, managed, and improved, including appraisal processes, performance improvement plans, and criteria for promotion.
Drug & Alcohol Policy
A workplace policy governing the possession, use, and testing for drugs and alcohol, covering testing procedures, support resources, and disciplinary consequences.
Background Check Policy
A policy governing pre-employment and ongoing background checks, including criminal records, credit checks, reference checks, and right-to-work verification.
AI Usage Policy
Guidelines for the safe and ethical use of generative AI and machine learning tools within the workplace to prevent IP leaks and ensure output accuracy.
Anti-Bribery Policy
Internal rules preventing corruption and unethical gifts, ensuring international compliance with anti-corruption laws.
Modern Slavery Statement
Supply chain transparency disclosure detailing steps taken to prevent human trafficking in operations.
Cybersecurity Policy
Technical and administrative standards for protecting digital assets, networks, and hardware from unauthorized access and cyber threats.
Password Policy
Technical and administrative standards for credential security, ensuring all users follow best practices for password strength and management.
Incident Response Policy
A broad framework for handling all types of operational outages, hardware failures, and service disruptions beyond just data-specific breaches.
Accessibility Statement
A public statement declaring your website's or app's current level of accessibility conformance, known issues, and contact information for accessibility-related feedback.
Impressum (Legal Notice)
A mandatory legal disclosure page (Impressum) for websites operating in Germany, Austria, and Switzerland, listing company registration details and responsible persons.
EU AI Act Compliance Policy
A policy demonstrating compliance with the EU Artificial Intelligence Act (2024/1689), covering risk classification, transparency obligations, and human oversight requirements for AI systems.
Digital Services Act (DSA) Policy
A policy for online platforms and intermediary services complying with the EU Digital Services Act, covering content moderation, transparency reporting, and user rights.
UK Online Safety Act Policy
A compliance policy for the UK Online Safety Act 2023, addressing duties of care for user-generated content, illegal content removal, and age verification requirements.
AI Ethics Policy
A policy establishing ethical principles for the development and deployment of AI systems, covering fairness, transparency, accountability, and human oversight.
Records Retention Policy
A policy establishing how long different categories of business records must be retained and when they must be securely destroyed.
Anti-Money Laundering (AML) Policy
A policy establishing procedures to detect, prevent, and report money laundering activities, including customer due diligence and suspicious activity reporting.
Know Your Customer (KYC) Policy
A policy governing identity verification procedures for customers, including document checks, biometric verification, and ongoing monitoring requirements.
PCI DSS Compliance Policy
A policy establishing controls to achieve and maintain Payment Card Industry Data Security Standard (PCI DSS) compliance for organisations handling cardholder data.
ISO 27001 Information Security Policy
An information security policy aligned with ISO/IEC 27001:2022, establishing the scope, objectives, and management commitment required for an ISMS.
SOC 2 Security & Privacy Policy
A policy package establishing the controls required to achieve SOC 2 Type II compliance, covering security, availability, processing integrity, confidentiality, and privacy.
GLBA Privacy Notice
A privacy notice required by the Gramm-Leach-Bliley Act (GLBA) for financial institutions, disclosing data sharing practices and consumer opt-out rights.
FERPA Compliance Policy
A policy ensuring compliance with the Family Educational Rights and Privacy Act (FERPA), governing student education records and parental/student access rights.
PIPEDA Privacy Policy (Canada)
A privacy policy compliant with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), addressing consent, purpose limitation, and individual access rights.
PDPA Compliance Policy (Singapore/Thailand)
A policy ensuring compliance with the Personal Data Protection Acts of Singapore and/or Thailand, covering how personal data is collected, used, disclosed, and stored. Both laws share OECD-influenced principles but have jurisdiction-specific enforcement bodies and obligations.
NIST Cybersecurity Framework Policy
An information security policy structured around the NIST Cybersecurity Framework (CSF 2.0), covering Govern, Identify, Protect, Detect, Respond, and Recover functions.
Zero Trust Security Policy
A security policy implementing zero trust architecture principles, covering identity verification, micro-segmentation, least-privilege access, and continuous validation.
DORA Compliance Policy (EU Digital Operational Resilience Act)
A policy ensuring compliance with the EU Digital Operational Resilience Act (DORA), which mandates ICT risk management, incident reporting, digital operational resilience testing, and third-party ICT provider oversight for financial sector entities.
NIS2 Directive Cybersecurity Policy
A policy implementing the requirements of the EU NIS2 Directive, which significantly expands the scope of the original NIS Directive to cover more sectors and impose stricter cybersecurity risk management, incident reporting, and supply chain security obligations.
Financial Services Terms & Conditions
Terms and conditions for financial services platforms, covering account opening, service conditions, fee structures, risk disclosures, and regulatory compliance.
Investment Risk Disclaimer
A disclaimer for investment-related content, platforms, and advice, disclosing risks, regulatory status, and that past performance is not indicative of future results.
Cryptocurrency & Digital Assets Policy
A policy governing the use, trading, and custody of cryptocurrency and digital assets, covering compliance with registration requirements and consumer risk warnings.
Payment Processing Terms
Terms governing payment processing services, covering accepted payment methods, processing fees, chargeback procedures, and fraud liability.
Open Banking Policy
A policy governing participation in open banking ecosystems, covering API data sharing, consent management, TPP access controls, and FCA regulatory requirements.
Telehealth & Telemedicine Terms
Terms of service for telehealth platforms, covering service limitations, clinical disclaimers, prescription policies, data handling, and liability provisions.
Medical Device Compliance Policy
A compliance policy for medical device manufacturers, covering post-market surveillance, adverse event reporting, quality management, and regulatory approval procedures.
Clinical Data Management Policy
A policy governing the collection, storage, processing, and sharing of clinical trial data and patient health data, ensuring GCP compliance and research integrity.
Disclaimer
A legal notice that limits your liability for the accuracy of information on your website — essential for blogs, news sites, financial advisors, health platforms, and anyone publishing professional-adjacent content.
Copyright Policy
A comprehensive policy explaining who owns your content, what licences (if any) users have to use it, and how you handle copyright infringement — both on your site and by third parties.
DMCA Policy
The Digital Millennium Copyright Act (DMCA) "Safe Harbour" policy protects US platforms from liability for user-uploaded infringing content, provided they follow a specific notice-and-takedown process.
Anti-Spam Policy
A formal policy ensuring all email marketing and communications comply with CAN-SPAM (USA), CASL (Canada), and GDPR (EU) requirements — covering consent, unsubscribe mechanisms, and sender identification.
Environmental & Sustainability Policy
A formal statement of an organization's commitment to minimizing its environmental impact and achieving specific sustainability or ESG (Environmental, Social, and Governance) goals.
Corporate Social Responsibility (CSR) Policy
A policy documenting your organisation's commitments to environmental, social, and governance (ESG) responsibilities, covering sustainability, community impact, and ethical business practices.
Photo & Video Release Form
A consent form authorising use of an individual's image, likeness, or video appearance in marketing materials, press coverage, or online content.
Testimonial & Review Policy
A policy governing how customer testimonials and reviews are solicited, displayed, and managed, ensuring FTC compliance and authentic representation.
Event Terms & Conditions
Terms and conditions for conferences, workshops, and events covering registration, cancellation, liability, photography consent, and attendee conduct.
Open Source Software Policy
A policy governing the use, contribution to, and release of open source software, covering licence compliance, security scanning, and contribution authorisation.