How to make your privacy policy sound friendly

May 9, 2018

If you’re anything like me, the past couple of weeks will have seen your inbox battered and bruised by a slew of emails from providers telling you they’ve updated their privacy policies as part of their prep for GDPR.

The upside is that, if you’re a copy geek like me, this provides the perfect opportunity to look at how different brands are making these documents easy to read (or not). Specifically, who’s rising to the challenge of applying their tone of voice to the legalese, and how.

Applying a consistent tone, even within official documents, is essential when it comes to your customer journey. Smoothing the transition between the rest of your communications and the small print helps to maintain the authenticity of your brand and the relationship you’ve built with your client.

And while the public may or may not be aware of what the GDPR is, they’ll have heard about recent high-profile data scandals, and so may actually end up reading these formal docs rather than ignoring them.

So, if everywhere else in your communications you make a point if being a Big Friendly Giant of a company, on the side of your customer etc, but then you go all Frosty the Snowman as soon as things get a bit LA Law, people are going to notice.

Exhibit A: Elsewhere you refer to your employees as ‘people’ or ‘teams’. Now that we’re in the legal section you’re referring to them as ‘staff’.

Objection, your Honour: It’s like that is it? By day we’re equals, but when things get a little more serious, you get all hierarchical on my ass. Why not just make it consistent?

Exhibit B: Overstating things. You’re “committed to preserving the privacy of all visitors”.

Objection, your Honour: Firstly, ‘committed’ feels a bit OTT to me, but I understand you want to sound serious. But what’s with ‘preserve’ – are you a jam? Why not freshen it up a bit with ‘looking after’ or ‘protecting’?

Let’s see who’s taking the opportunities to insert a more conversational tone to their legal docs. I’ve stitched together a Frankenstein’s Monster of the perfect privacy policy from these personal observations.

(Of course, always get the copy checked by your legal department to make sure it’s correct. And always wear sunscreen.)



Age UK grab the opportunity to be easy breezy when they can: “We may change this Policy from time to time.”

EE privacy policyAs do EE: “Your personal information is a big deal to us, so we protect it as if it was our own.” You can imagine Kevin Bacon saying this (although I prefer not to!) and it provides a nice alternative to the official sounding ‘committed’.



There’s nothing to say you can’t also promote yourself a little in these docs while you’re there. This has the added benefit of making your privacy policy seem less like it was bought off-the-shelf or written by a legal team (sorry, legal people).

“ cares about your privacy. For this reason, we collect and use personal data only as it might be needed for us to deliver to you our world-class products, services…”



Such a simple idea, but only a few are doing it. Mailchimp starts their privacy policy with: “Thanks for using MailChimp or visiting one of our websites.”

AirBnB is both friendly and subtly promotional in one: “Thank you for being a member of our global community.” Boom.



My second favourite privacy policy email is the BBC’s, which signs off with “All the best”. They might as well have added “old chum”.



Evernote took the opportunity to be upfront about a recent mistake they made by emailing with “Evernote recently announced a change to its privacy policy and received a lot of customer feedback expressing concerns. We’ve heard that feedback and we apologise for the poor communication.”

They didn’t have to say this, and I’ve no idea what they’re referring to, but it makes me think fondly of them for being sincere and for acting on customer feedback.


Clear, not patronising

This is a tricky line to walk, but I like the way Pinterest does this: “Because we’re an Internet company, some of the concepts below are a little technical, but we’ve tried our best to explain things in a simple and clear way.”



Providing examples is a great way to make the collecting of data seem less creepy – especially when it comes to cookies. Dropbox explain theirs in this way: “Cookies help us with things like remembering your username for your next visit, understanding how you are interacting with our Services, and improving them based on that information.”

They also do a nice range of short headers eg: ‘How’ “Where’ ‘Changes’ ‘Contact’.


Humble yet colourful

Trello manages to combine flair – ‘wild web’ – and earnestness, and is my favourite email intro.



Sorry to name and shame, but Pizza Express got me all excited with this:

Then cut to a really heavy going privacy policy: Points docked.

This made me wonder what Virgin were doing – and they too seem to have given up their distinctive tone of voice at this point.



On the other hand, Innocent – the Patron Saint of tone of voice (the people that gave us “Stop looking at my bottom” on the underside of juice bottles) – are doing exactly what you’d expect. Points docked for an early ‘committed’ but things recover pretty quickly:

            “Collection and Use of Personal Information 

Personal information means any information that may be used to identify you, such as, your name, title, phone number, shoe size…

            Children and Privacy 

If you’re aged 1 3 or under, you need to get permission to register on our site from your parents or guardian. Sorry but them’s the rules.


If you are using a shared computer and you have cookies turned on, be sure to log off when you finish. Else you’ll get crumbs.”

I mean. Just. MARRY ME.



And finally, EE gets a little carried away when introducing their cookie policy: “We think they’re a good idea, but it’s up to you whether you allow them or not.”

Fair enough, but now I’m distracted by the copy and their ‘tude, and the objective should really be to get the message across. It’s ok to dial the tone down a little sometimes.


So there we have it.

We’re told that privacy policies have to be concise, transparent, intelligible, easily accessible and written in plain English. Making them sound more friendly and consistent with your tone might only need a few tweaks.

Of course if you’re already pretty formal in your communications there’s no need to suddenly change things, but I would argue you should write in a conversational tone across all your comms if you want your customers to engage with you. And there are different ways to be conversational, depending on who you are.

Chat to me if you’d like discuss further, or if you’d like me to take a look at your own privacy policy for you.


Photo: Dayne Topkin

May 9, 2018

Grab your freebie

    Join my email list and get monthly tips to keep your marketing on track.

    I agree to Faith's privacy policy