How to use
- Type your site or business name into the first field — it heads the policy and sets the download filename. Add your website URL and a contact email if you have them; leave the email blank and a bracketed placeholder is dropped in for you to fill later.
- Choose your primary jurisdiction from the dropdown — Australia, the EU, UK, US, Canada, or “not sure”. This rewrites the Your rights section to match the local law.
- Tick every box that describes what your site actually does: server logs, cookies, analytics, contact forms, user accounts, a newsletter, payments, advertising.
- If analytics is ticked, pick your provider. Cookieless options such as Plausible or Fathom produce noticeably different wording than Google Analytics or Matomo.
- Read the live preview, then copy the draft as Markdown, HTML, or plain text — or download it as a
.mdfile.
How it works
The generator is a deterministic assembler, not a language model, so nothing is invented on the fly. Each control maps to a fixed block of vetted wording, and the finished policy is the sum of the blocks whose conditions are true. Internally it builds an ordered list of typed blocks — each one a heading, a paragraph, or a bullet list — then renders that list three ways: to Markdown, to escaped HTML, and to indented plain text.
Walk through a concrete run. Enter Harbour City Yoga as the name and https://harbourcityyoga.com.au as the URL, leave the email blank, set the jurisdiction to Australia, and tick server logs, cookies, analytics, contact forms and newsletter, with Plausible as the analytics provider. The header becomes “Privacy Policy for Harbour City Yoga” above a “Last updated: 4 July 2026” line formatted in en-AU. The Information we collect list gains one bullet each for enquiry-form details, the newsletter email address, standard server logs and cookies, plus — because Plausible is cookieless — a line describing aggregated, anonymous usage data with no cookies or personal identifiers. Picking Google Analytics instead would swap that bullet for an IP-and-cookie disclosure and add an analytics-cookie line to the Cookies section. Since the jurisdiction is Australia, Your rights cites the Australian Privacy Principles and sends unresolved complaints to the OAIC; switch to the EU and that same section lists the GDPR access, erasure and portability rights. The blank email leaves a [your contact email] placeholder everywhere an address would otherwise sit, so the gaps are easy to spot before you publish.
Use cases & limitations
Reach for this when a launch checklist says “add a privacy policy” and you want honest, readable text in a couple of minutes — a tradesperson’s booking site, a side-project SaaS, a mailing-list landing page, or any site running Google Analytics or AdSense, both of which require a policy under Google’s own terms. Because it runs offline once loaded and regenerates as you toggle options, it stays quick to keep in sync when your stack changes.
The limitation is the one the disclaimer above the tool states plainly: this is a starting draft, not legal advice. It cannot know which specific processors you use, where each of your visitors lives, or the obligations peculiar to your industry, so a qualified professional should review the wording before it goes live. It also only ever claims what you tick — helpful, but it means an inaccurate checkbox yields an inaccurate policy. Once you have a draft, paste it into the word counter to gauge length, and if you want to see what a visitor’s browser actually exposes before describing it, the browser fingerprint tool shows you first-hand.
Privacy note
Every part of the assembly happens in your browser. It is plain JavaScript — the site name, URL, email and every checkbox stay on this page, no request is sent, and nothing is saved. Confirm it yourself by opening the network tab and generating a policy: no traffic leaves. And if your policy needs to describe the tracking parameters in your outbound links, the URL cleaner strips those locally too.