Privacy Policy (United States)

Effective date: [Month DD, YYYY]
Applies to: [Company legal name], its websites, apps, and services (collectively, “Services”).
Contact: [privacy@yourdomain.com] | [Postal address]

1) Scope

This Privacy Policy explains how we collect, use, disclose, and safeguard personal information about U.S. residents who use our Services. Certain states (e.g., California, Colorado, Connecticut, Delaware, New Jersey, New Hampshire, Texas, Utah, Virginia) grant additional rights; see State-Specific Notices below. IAPP+1

2) Information We Collect

• Identifiers: name, email, phone, address, device IDs, IP.

• Commercial data: purchases, subscriptions, cart/lead activity.

• Internet/technical: log data, cookies, analytics, advertising IDs.

• Geolocation: approximate location from IP or with permission.

• User-generated content: messages, forms, reviews, uploads.

• Inferences: preferences or segments derived from other data.

• Sensitive data (limited): only if you provide it and we need it (e.g., precise location, payment token from a PCI-compliant processor). We do not collect government IDs unless legally required.
  Categories align with major state laws. California Attorney General+1

3) Sources

Directly from you, automatically via cookies/SDKs, and from partners (ad networks, analytics, lead providers) consistent with this Policy. California Attorney General

4) How We Use Information

• Provide and improve the Services;

• Process transactions and support;

• Personalize content/ads; measure performance;

• Detect, prevent, and investigate fraud, security, or legal issues;

• Comply with law and enforce terms.
  These purposes reflect state-law “purpose specification/data minimization” duties. leg.colorado.gov

5) Cookies, Analytics & Targeted Advertising

We use cookies/SDKs for analytics, personalization, and interest-based advertising. Residents of certain states can opt out of targeted advertising and the “sale”/“sharing” of personal information (as defined by law). We honor recognized opt-out preference signals where required (e.g., Global Privacy Control). Manage preferences via Your Privacy Choices links and browser signals. California Attorney General+1

6) Disclosures to Third Parties

We disclose personal information to:

• Service providers/processors (hosting, analytics, support);

• Advertising/measurement partners (for targeted ads/measurement);

• Business transfers (merger, acquisition);

• Legal/security (to comply with laws or protect rights).
  Some state laws treat certain ad tech uses as a “sale” or “share.” We provide opt-outs accordingly. California Attorney General

7) Your Rights (U.S. States)

Depending on your state, you may have the right to:

• Access/Know the categories and specific pieces we hold;

• Correct inaccuracies;

• Delete your data;

• Data portability;

• Opt out of targeted ads, “sale,” or “sharing” of personal information;

• Limit use of sensitive data (where applicable);

• Appeal our decision on your request (required in VA/CO/CT and others).
  Submit a request at: [webform URL] or email [privacy@]. We’ll verify your identity and respond within the statutory period (generally 45 days; we may extend once if reasonably necessary). California also permits use of an authorized agent. Non-discrimination applies. oag.state.va.us+1

8) Children’s Privacy

Our Services are not directed to children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent, per COPPA. If you believe a child provided personal information, contact us to delete it. Federal Trade Commission+1

9) Sensitive & Biometric Notices (Texas)

If we ever sell sensitive or biometric data, the Privacy Notice will include the exact disclosures required by Texas law:
“NOTICE: We may sell your sensitive personal data.” / “NOTICE: We may sell your biometric data.” (We do not do so today.) Texas Attorney General

10) Security & Retention

We use reasonable administrative, technical, and physical safeguards. We retain data only as long as needed for the purposes above or as required by law, then delete or de-identify it. leg.colorado.gov

11) Do-Not-Sell/Share and Targeted-Ads Opt-Out

Use Your Privacy Choices (footer) to opt out of targeted advertising and the sale/share of data. California, Colorado, and Connecticut residents may also use a global opt-out signal (e.g., GPC) which we honor. California Privacy Protection Agency+1

12) Appeals Process

If we deny your privacy request, you can appeal by replying to our response or emailing [appeals@yourdomain.com] with “Privacy Appeal” in the subject. We’ll explain the outcome and your rights to contact your state AG, where applicable. (Required in VA/CO/CT and similar laws.) oag.state.va.us+1

13) State-Specific Notices

California (CCPA/CPRA): Additional rights to know, delete, correct, opt out of “sale/share,” and limit use of sensitive information; posting a “Privacy” link; honoring opt-out signals. California residents may use an authorized agent. California Attorney General+2California Privacy Protection Agency+2
Colorado (CPA): Opt-out of targeted ads/sale/profiling; honor universal opt-out; 45-day response; appeals required. Husch Blackwell
Connecticut (CTDPA): Consent for sensitive data; honor opt-out preference signals; appeals; AG enforcement. CT.gov
Virginia (VCDPA): Clear, accessible privacy notice; 45-day response; consent for sensitive data. oag.state.va.us+1
Utah (UCPA): Provide a clear privacy notice with categories, purposes, and how to exercise rights. dcp.utah.gov+1
Texas (TDPSA): Include specific “NOTICE” statements if selling sensitive/biometric data; describe request/appeal methods. Texas Attorney General+1
Other states (e.g., DE, NJ, NH, etc.) have similar rights frameworks now in effect; we align our processes accordingly. Check our webform for your state options. Termly

14) Changes to This Policy

We’ll update this Policy as our practices or laws change and post the new effective date here.

15) How to Contact Us

[Company privacy contact], [privacy@yourdomain.com], [postal address]. For unresolved concerns, you may contact your state Attorney General.

---

Deployment Checklist (do these on your site/app)

1. Footer links: Privacy Policy, Your Privacy Choices (Do Not Sell/Share), Cookie Settings. CA requires the privacy link to literally include the word “Privacy.” California Privacy Protection Agency

2. Set up a rights request webform + verification flow; add an appeals inbox. oag.state.va.us

3. Honor Global Privacy Control (GPC) and other recognized universal opt-out signals for CA/CO/CT. CT.gov

4. Update your cookie/SDK inventory; configure opt-out toggles to actually stop targeted ads and sale/share flows. Husch Blackwell

5. Keep a data-retention schedule and be ready to show purpose/necessity if regulators ask. leg.colorado.gov

6. If your product may be used by kids under 13, implement COPPA parental-consent flows or block collection