Skip to main content
CodeRocket
Privacyhighdata-rights

Link to your privacy policy in the footer

rule · privacy-policy

A privacy policy tells users what personal data your site collects, why you collect it, how it is used, who it is shared with, and what rights users have. It is both a legal requirement and a signal of trustworthiness.

Code Examples

HTML
<!-- Standard footer with privacy link -->
<footer>
  <nav aria-label="Legal">
    <ul>
      <li><a href="/privacy">Privacy Policy</a></li>
      <li><a href="/terms">Terms of Service</a></li>
      <li><a href="/cookies">Cookie Policy</a></li>
    </ul>
  </nav>
</footer>

React/Next.js

TSX
// components/footer.tsx
export function Footer() {
  return (
    <footer>
      <nav aria-label="Legal links">
        <a href="/privacy">Privacy Policy</a>
        <a href="/terms">Terms of Service</a>
        <a href="/cookies">Cookie Settings</a>
      </nav>
    </footer>
  )
}

Why It Matters

Collecting user data without a publicly accessible privacy policy violates GDPR (EU), CCPA (California), PIPEDA (Canada), and other regulations — even if the policy is technically published but not linked from the site.

When Is a Privacy Policy Required

A privacy policy is required if you collect any of the following:

  • Email addresses (contact forms, newsletter signup)
  • Names or other identifying information
  • IP addresses (even just for server logs)
  • Cookies (especially analytics or advertising cookies)
  • Payment information
  • Usage data via analytics tools

If your site serves users in the EU, California, Canada, or the UK, a privacy policy is almost certainly required.

Required Elements (GDPR Article 13)

A GDPR-compliant privacy policy must include:

RequirementDescription
Data controller identityYour company name and contact information
DPO contactData Protection Officer, if required
Data collectedWhat personal data is processed
Purpose of processingWhy you collect each type of data
Legal basisConsent, contract, legitimate interest, legal obligation
Retention periodHow long data is kept
Third-party sharingWho receives the data
Data transfersIf data is transferred outside the EU/EEA
User rightsAccess, rectification, erasure, portability, objection
Right to withdraw consentHow to do so
Right to complainContact information for supervisory authority

If you use analytics, session replay, frontend monitoring, or CDN logs, state whether those systems receive personal data or pseudonymous identifiers and how long each class of data is retained.

Privacy Policy Placement

The privacy policy link must be:

  • Visible on every page — typically in the footer
  • Clearly labeled — "Privacy Policy" or "Privacy Notice" (not buried in "Legal" dropdown)
  • Machine-readable — accessible to crawlers and assistive technology
  • Up to date — reflects current data practices

Additional Required Placements

TouchpointWhy it's required
Registration/signup formBefore collecting personal data
Contact formBefore collecting name/email
Cookie consent bannerLink to full privacy policy from banner
Email marketingUnsubscribe link + privacy policy link
Login pageFor new users unfamiliar with your practices

Privacy Policy URL Conventions

Search engines and privacy-scanning tools look for these paths:

Text
https://example.com/privacy
https://example.com/privacy-policy
https://example.com/legal/privacy

Avoid # anchors on a different page or modal dialogs — privacy policies should have their own stable, crawlable URL.

Standards

  • Use these references as the standard for the legal or product-facing privacy behavior that users actually experience.
  • Check the implementation against GDPR Article 13 - Information to be provided before treating the rule as satisfied.
  • Check the implementation against CCPA: California Consumer Privacy Act before treating the rule as satisfied.

Support Notes

  • Privacy features can differ by browser storage, cookie, and embed behavior, so verify the user-facing outcome in the supported environments rather than relying only on server logic.
  • Document any fallback or platform-specific limitation when a privacy control is interpreted differently across browsers.

Verification

Automated Checks

Manual Checks

  • Confirm the published policy includes a concrete retention statement for forms, analytics, logs, and account data.
  • Confirm the policy matches the actual behavior of the cookie banner, analytics setup, and monitoring tools used in production.