What is a privacy policy and why do you need one?
A privacy policy explains how you collect, use, and protect your customers' personal information. It's your promise about what you do with their data.
Why it matters:
- Required by law in most places (GDPR, CCPA, etc.)
- Builds trust with customers who share their info
- Protects you legally if data issues arise
- Needed for payment processors and advertising platforms
- Required by app stores and social media platforms
What to include:
- What info you collect (email, address, phone, etc.)
- How you use that info
- Who you share it with (payment processors, shipping companies)
- How long you keep it
- Customer rights (access, delete, update their data)
- Your contact info for privacy questions
- Third-party services you use
Questions to ask yourself when creating your policy
What customer info do you actually collect? Email addresses, shipping addresses, phone numbers, and payment info are standard, but think about surveys, reviews, or account creation.
What apps and services do you use? Google Analytics, email marketing tools, chat widgets, social media pixels, and review apps all collect data you need to mention.
Do you sell internationally? Different countries have different privacy laws you'll need to follow.
How do you use customer emails? Are they auto-added to your mailing list? Do you send order updates? Marketing emails? Be specific.
Where do you sell? Your website, social media, craft fairs? Each channel might collect different data.
Common situations and how to handle them
Email marketing: "We'll add your email to our newsletter only if you opt-in during checkout. You can unsubscribe anytime."
Google Analytics: "We use Google Analytics to understand how customers use our site. This helps us improve your shopping experience."
Social media selling: "When you message us on Instagram or Facebook, those platforms may collect your data according to their own privacy policies."
Customer support chat: "Our chat widget may collect your messages and email to help us provide better support."
Third-party apps: "We use [app name] for [specific purpose]. They handle your data according to their own privacy policy, which you can read [here]."
Order processing: "We share your shipping info with our fulfillment partners to get your order to you. We never sell your personal information."
Tips for writing your policy
Start with what customers care about. Lead with "We don't sell your info" or "Your data stays private."
Be specific about your tools. Name the actual services you use instead of saying "third parties."
Update when you add new apps. New email tool or analytics? Update your policy.
Make it scannable. Use headers and short paragraphs so people can find what they need.
Include an easy contact method. Give customers a way to ask privacy questions or request their data.
Examples
Minimal setup (artist with basic shop): "We collect your email and shipping address when you place an order. Your email is used for order updates only—we won't add you to marketing emails unless you choose to subscribe. We share your shipping info with USPS to deliver your order. We use Google Analytics to see how many people visit our site. We keep your order info for 7 years for tax purposes. Questions? Email us at [email protected]."
Growing business (maker using multiple tools): "Here's what we collect: your name, email, phone (optional), and shipping address when you order. We use your email for order confirmations and may invite you to join our newsletter (you can say no). We share shipping details with our fulfillment partner and payment info with Stripe. We use Google Analytics and Facebook Pixel to understand our customers and show relevant ads. Our customer chat is powered by Intercom. You can request your data or ask us to delete it anytime by emailing [email protected]."
International seller (comprehensive approach): "We collect personal information including name, email, phone, billing and shipping addresses, and payment details. This info is used to process orders, provide customer support, and improve our services. We may send marketing emails if you opt-in (unsubscribe anytime). We share data only with trusted partners: Stripe for payments, ShipStation for fulfillment, Mailchimp for emails, and Google Analytics for site insights. International customers: we may transfer your data across borders to process your order. You have the right to access, correct, or delete your personal information. Contact us at [email protected]. We keep order records for 7 years for legal and tax purposes."
How to add this policy to your Big Cartel shop
- Go to your admin dashboard
- Click Shop preferences in the left sidebar
- Scroll down to the Shop Policies section
- Find Privacy policy and click in the text field
- Write or paste your policy
- Click Save
Your policy will automatically appear in your shop's footer as long as you're using the most recent version of your template. If you don't see it, update your template to get the latest features.
Migrating your shop policies
Already have a privacy policy on a custom page? Move it to the new policy field instead. Here's why:
- We create the policy page automatically
- It shows up consistently in your shop footer
- Customers can find it easily
- You get an active policy indicator in your admin
To migrate:
- Copy your existing policy text from your custom page
- Paste it into the privacy policy field in Shop preferences
- Delete the old custom page
- Save your changes
Managing your policy
Edit anytime: Change the text and click Save. Updates appear immediately in your shop.
Check if it's active: Look for the policy tag in your admin that shows if you have an active privacy policy.
Preview your policy: Click the preview button to see how it looks in your storefront.
Delete if needed: Click "Delete policy" to remove it completely. This wipes the policy and removes the page from your shop.
Switch back to custom pages: You can always move your policy to a custom page if you want more control over formatting.