Frequently Asked Questions

Yes, all our legal document generators are completely free. You can create Privacy Policies, Terms of Service, and Cookie Consent Banners without any payment or registration required.

The documents generated by PolicyGen are templates based on common legal requirements. While they follow best practices for GDPR, CCPA, and other regulations, we strongly recommend having them reviewed by a qualified attorney to ensure they meet your specific needs and jurisdiction requirements.

Our generators support multiple privacy regulations including GDPR (EU), CCPA (California), LGPD (Brazil), PIPEDA (Canada), and CalOPPA. You can select which regulations apply to your business during the generation process.

Yes, if you collect any personal data from visitors (including through analytics tools like Google Analytics, contact forms, or cookies), you are legally required to have a Privacy Policy in most jurisdictions.

A Privacy Policy explains how you collect, use, and protect user data. Terms of Service (or Terms and Conditions) define the rules users must agree to when using your service, covering topics like user responsibilities, intellectual property, and liability limitations.

Under GDPR and ePrivacy regulations, websites that use non-essential cookies (like analytics or marketing cookies) must obtain user consent before placing those cookies. A Cookie Consent Banner is the standard way to get this consent.

Absolutely. All document generation happens entirely in your browser using JavaScript. Your business information is never uploaded to any server. The data stays on your device at all times, ensuring complete privacy.

Yes! You can download your documents in HTML or Markdown format and edit them as needed. We recommend reviewing and customizing the content to accurately reflect your specific business practices.

You should update your Privacy Policy whenever you change how you collect or use personal data, add new third-party services, or when privacy laws change. We recommend reviewing it at least annually.

GDPR (General Data Protection Regulation) is a wide-ranging privacy law enacted by the European Union in 2018. It applies to any organization that processes personal data of EU residents, regardless of where the organization is located.

CCPA (California Consumer Privacy Act) is a privacy law that gives California residents rights over their personal data. It applies to businesses that meet certain thresholds for revenue, data collection, or data sales involving California residents.

Yes! The generated cookie consent banner is a standalone HTML/JavaScript snippet that works on any website. Simply copy the code and paste it before the closing </body> tag on your pages.

Yes, our cookie consent generator includes an option for Google Tag Manager integration. When enabled, consent events are pushed to the dataLayer, allowing you to configure consent-based tag firing in GTM.

Key sections include: acceptance of terms, description of service, user accounts and responsibilities, prohibited uses, intellectual property rights, limitation of liability, dispute resolution, and termination clauses.

Once the page is fully loaded, the generators will work offline since all processing happens in your browser. However, you need an internet connection to initially load the page.

PolicyGen is developed and maintained by Sikulovi s.r.o. We are committed to providing free, secure, and easy-to-use legal document generators for website owners and businesses.

A DMCA (Digital Millennium Copyright Act) policy outlines how your website handles copyright infringement claims. You need one if your platform hosts user-generated content — comments, uploads, forum posts, or anything users can publish. The DMCA's safe harbor provisions protect you from liability for user-uploaded copyright violations, but only if you have proper procedures in place, including a designated agent and a repeat infringer policy.

A disclaimer is a legal statement that limits your liability for the information on your website. If you write about health, finance, law, or other professional topics, a disclaimer clarifies that your content isn't a substitute for professional advice. If you use affiliate links, the FTC requires you to disclose that relationship. Different types of disclaimers address different risks — general liability, professional advice, affiliate relationships, and external links.

It depends on where your customers are. In the EU, online buyers have a mandatory 14-day cooling-off period — that's non-negotiable. In the US, there's no federal return law, but several states (including California) require you to post a return policy if your terms differ from defaults. Even where not legally mandated, having a clear return policy builds trust and reduces payment disputes and chargebacks.

If you serve users in multiple countries, providing legal documents in their language is recommended and sometimes required. GDPR says privacy information must be "clear and accessible," which regulators interpret as offering translations for your main user markets. Our generators support both English and Czech, and you can edit the output to adapt it for other languages.

For most small to medium websites, a well-built generator covers the essentials. Our templates are based on actual legal requirements from GDPR, CCPA, DMCA, and consumer protection laws. That said, if you handle sensitive data (healthcare, finance, children's data), operate a marketplace with complex seller/buyer relationships, or have been through legal disputes before, a lawyer's review adds extra protection. Many businesses use a generator as a starting point and then have a lawyer review the output.

GDPR fines can reach up to €20 million or 4% of global annual revenue — whichever is higher. In practice, fines vary based on the severity, whether you cooperated, and how many people were affected. Some notable examples: Amazon was fined €746 million by Luxembourg's regulator, and Meta has faced multiple fines exceeding €1 billion combined. Smaller businesses typically receive smaller fines, but even a €50,000 penalty can be devastating for a startup.

The biggest difference is the consent model. GDPR uses opt-in — you need permission before collecting personal data. CCPA uses opt-out — you can collect data but must let users opt out of data sales. GDPR applies to any business processing EU residents' data regardless of company location. CCPA applies to businesses meeting specific revenue or data volume thresholds that serve California residents. GDPR also defines "personal data" more broadly than CCPA's "personal information."

Only strictly necessary cookies (login sessions, shopping carts, security tokens) can be placed without consent. If you use Google Analytics, Facebook Pixel, advertising cookies, or any tracking that isn't essential for the site to function, you need consent in the EU, UK, and Brazil. In the US, you need at minimum a disclosure in your privacy policy. The safest approach: always use a consent banner if you have any non-essential cookies.

Most users complete a generator form in 5-10 minutes. The form walks you through the relevant questions — what data you collect, what services you use, your business type — and generates the document instantly. You can download it as a text file or copy the HTML to paste directly into your website. If you need to make changes later, just run the generator again with updated answers.

Yes. After generating any document, you can export it as a PDF file. The PDF includes proper formatting and is ready to be uploaded to your website or shared with your legal team. You can also copy the raw text or HTML version for direct integration into your site.

Any service that collects data from your visitors needs disclosure. The most common ones: Google Analytics (traffic data), payment processors like Stripe or PayPal (financial data), email services like Mailchimp (email addresses), social media widgets (browsing data), advertising networks (tracking cookies), and hosting providers that log IP addresses. Check your website's network requests in DevTools — if a third-party domain loads, it probably collects some data.

COPPA (Children's Online Privacy Protection Act) in the US requires verifiable parental consent before collecting data from children under 13. GDPR sets the age at 16 (though member states can lower it to 13). If your site targets or knowingly collects data from minors, you need specific consent mechanisms, age verification, and clear parental notification. App stores also enforce age-related data collection rules.

SaaS terms should cover several areas beyond a standard website's ToS: subscription billing (cycles, auto-renewal, price changes), service availability (uptime commitment or disclaimer), data ownership (who owns data stored in your app), account termination (what happens to data when a subscription ends), and acceptable use (what users can and can't do with your software). If you offer a free tier, define its limitations clearly.

At minimum: a Privacy Policy (legally required almost everywhere), Terms of Service (protects your business), a Return/Refund Policy (often legally required, always expected by customers), and a Cookie Policy or consent banner if you use tracking cookies. If you have affiliate relationships, add an Affiliate Disclaimer. If you sell internationally, check EU consumer protection requirements — the 14-day cooling-off period applies to all online sales to EU customers.