CalOPPA Applies to Most Freelancer Websites
California's Online Privacy Protection Act (CalOPPA) applies to commercial websites that collect personal information from California residents. This includes freelancer portfolio websites with contact forms.
Since the internet is global, and most freelancers have California visitors, CalOPPA likely applies to you, even if you're based elsewhere.
CalOPPA requires a Privacy Policy if you:
- Have a website or online presence
- Collect personal information (emails, contact form submissions, etc.)
- Have any visitors from California
Enterprise Clients Require Privacy Policies
Many enterprise and corporate clients require all their vendors β including freelancers β to have a Privacy Policy. Why?
- Compliance requirement: They must manage vendor relationships carefully for regulatory reasons
- Contractual requirement: Client contracts often include a clause: "Vendor must have an accessible Privacy Policy"
- Security assessment: A Privacy Policy signals that you take data protection seriously
If you want to work with Fortune 500 companies, nonprofits, or healthcare organizations, you need a Privacy Policy.
What a Freelancer's Privacy Policy Must Cover
Good news: a freelancer's Privacy Policy is simple. You're collecting minimal data.
1. Your Contact Information
Your name/business name, email, and (optionally) physical address.
2. What Data You Collect
"When you contact us via our website contact form, we collect: name, email address, phone number (optional), and your message."
3. How You Use It
"We use contact form data to respond to your inquiry. We do not share this data with third parties or use it for marketing."
4. Your Hosting Provider
If your website is on Squarespace, WordPress.com, Wix, or similar, you may need to disclose this: "Our website is hosted on [Platform], which has its own Privacy Policy."
5. Analytics (If Applicable)
If you use Google Analytics: "We use Google Analytics to understand visitor behavior. Google collects IP addresses and device information. See Google's Privacy Policy."
6. Client Data You Handle
This is the most important section. If you handle client project files or sensitive information:
"When you hire us, you may provide us with business documents, design files, financial data, or other proprietary information. We keep this data confidential and secure. We store client data on [describe: encrypted drives, password-protected systems, secure servers] and delete it [specify: 90 days after project completion, per written agreement]. We do not share client data with third parties unless required by law or with your explicit permission."
7. Subcontractors (If Applicable)
If you sometimes hire other freelancers or subcontractors:
"When necessary, we may share project information with trusted subcontractors under confidentiality agreements. You can request information about subcontractors."
8. Data Retention & Deletion
"Contact form submissions are retained for [12 months] for record-keeping purposes, then deleted. Client project files are deleted per the project contract."
9. User Rights
"You can request access to, correction of, or deletion of your personal data by contacting us at [your privacy email]."
10. Contact for Questions
"Questions about this Privacy Policy? Email privacy@yourname.com"
Sample Freelancer Privacy Policy (One Page)
Privacy Policy β [Your Name/Business Name]
What We Collect: When you contact us, we collect your name, email, and message. We may use Google Analytics on our website, which collects IP addresses.
How We Use It: To respond to inquiries and improve our website. We don't share your data with third parties.
Client Data: We keep client project data confidential and secure. Files are deleted 90 days after project completion unless otherwise agreed.
Subcontractors: We may work with other contractors under confidentiality agreements.
Your Rights: You can request access or deletion of your data anytime. Email privacy@yourname.com
Contact: [Your Name] | [Email] | [Optional: Address]
Last Updated: [Date]
When You Absolutely MUST Have One
- Your website has a contact form: You're collecting email addresses
- You have a newsletter: You're collecting and storing email addresses
- You use Google Analytics: Google's terms require it
- A client requires it: In your contract
- You handle client's customer data: You're processing data on their behalf
- You operate in California: CalOPPA applies
Why You Should Have One Even If Not Required
- Client trust: Professionalism β shows you care about privacy
- Opens doors: Enterprise clients often require one
- Legal protection: Shows you operate transparently and follow regulations
- Zero cost: Free to generate with our tool
Official US Resources on Privacy Law & Compliance
The following government sources provide authoritative guidance on US privacy law requirements for your Privacy Policy:
- FTC Business Guidance: Privacy & Security β the Federal Trade Commission's official guidance on privacy notices, data security, and consumer protection obligations
- California AG: CCPA Official Text & Guidance β the California Attorney General's office resource on California Consumer Privacy Act requirements and enforcement
- FTC: COPPA Rule β required reading if your service may be used by children under 13