A copy-paste-ready privacy notice you can put on your Facebook business page, website, or pricing sheet. Free for all operators. Not legal advice.
A copy-paste-ready privacy notice you can put on your Facebook business page, your website, your pricing sheet, or anywhere customers might ask how you handle their information.
You can use this as-is or adapt it to your specific business. We are not lawyers and this template is not legal advice. For complex situations, consult a privacy lawyer.
Copy everything inside the box and paste it where your customers can find it:
How [Your Business Name] Handles Your Information
When you contact us to book our services, you share information with us (your name, contact details, event date, location, and what you need). Here is what we do with it.
We use your information to respond to your inquiry, prepare a quote, schedule your booking, deliver our service, and follow up after the event. We do not sell your information, share it with marketers, or use it for purposes unrelated to providing you our service.
We use standard business tools to manage bookings. These include software for scheduling, invoicing, payment processing, communication, and customer relationship management. Some of these tools use AI assistance to help us respond to inquiries efficiently. If you have questions about specific tools we use, we are happy to answer.
We keep your information for the duration of our service relationship plus a reasonable period afterward (typically one to three years for tax and accounting purposes). After that, we delete it unless you ask us to keep it longer.
You have the right to:
To exercise any of these rights, contact us at [your contact email or phone number].
If you have a privacy concern we cannot resolve, you can contact the Office of the Privacy Commissioner of Canada at priv.gc.ca or 1-800-282-1376.
Last updated: [date you publish this]
Things to customize before publishing:
Pick at least one place where customers can find this:
You do not need to make customers sign or click to agree. Just have it accessible so customers who want to know can find it.
Most small operators do not have a privacy policy. Having one:
The Office of the Privacy Commissioner of Canada specifically recommends that small businesses have a privacy notice, even if their data practices are simple.
Do I need to send this to every customer?
No. You need to make it accessible. Customers who care will look. Customers who do not care will not mind that it exists.
Do I need a customer to sign or agree to it?
No. PIPEDA's implied consent model means customers consent to reasonable business use when they voluntarily contact you for service.
What if I use multiple tools?
You can list them or describe them generally ("software tools for scheduling and customer management"). Most operators describe generally.
Is this enough for GDPR if I serve EU customers?
This template is designed for PIPEDA. GDPR has stricter requirements. If you regularly serve EU customers, consult a privacy lawyer for a GDPR-specific notice.
What if a customer asks me to delete their information?
Delete the booking in Draftrow (it goes through 30-day soft delete then hard delete). Confirm with the customer that you have done so. Document the request and your response.
Need more help?
Email hello@draftrow.com with privacy questions. See also the Privacy Compliance Quick Guide for a broader overview.