IndustriesWorkPlaybookHow it worksAboutBook a systems auditBring us your idea

Do I need a privacy policy?

Straight answer

If your app collects any personal information, a name, an email, a payment, then yes, you need a privacy policy. It is how you tell people what you collect and why, which the Australian Privacy Principles expect. It also builds trust. Skipping it is both a compliance risk and a credibility one.

Information current as at 5 July 2026

A privacy policy can feel like legal box-ticking, a page nobody reads bolted on to look proper. But it does real work: it is the document where you tell people, honestly, what you do with their information. If your app collects anything about anyone, you need one. This article explains why, and what a genuine one contains. It is general information, not legal advice.

Plain English
Privacy policy
A page explaining what personal information you collect, why, and how you handle it.
Personal information
Anything that identifies a person, like a name, email or phone number.
Third party
An outside service you share data with, like an email tool or payment processor.
Data retention
How long you keep information before disposing of it.

Why a privacy policy is not optional

The instinct to treat a privacy policy as decorative is understandable, but wrong. Under the Australian Privacy Principles, being open about how you handle personal information is a core expectation, and a privacy policy is the standard way to meet it. It is the mechanism by which you disclose what you collect and why, before or as you collect it. Beyond the compliance angle, it matters for trust: a customer deciding whether to hand over their email or card is reassured by a clear statement of what happens next, and unsettled by its absence. A missing or obviously copied policy signals carelessness with data, which is exactly the impression you cannot afford. This is general information, not legal advice, but the direction is not ambiguous.

When you definitely need one

The trigger is collecting personal information, and almost every app does. A contact form that captures a name and email collects it. A sign-up, a login, a newsletter subscription, a checkout, a support chat, all collect it. Even analytics that record who visits can touch it. If any part of your app takes in details about a person, you have crossed the line into needing a policy. The rare exception is a purely static, information-only site that collects nothing at all, no forms, no accounts, no tracking, and even then a simple statement to that effect is reasonable. For any app with a login or a form, the answer is simply yes.

No pressure
Show us what you built.

If you have made something and it needs to become real, send it over. We will tell you honestly what it needs to be live, safe and yours, whether that is a quick fix you can do or a proper build. No obligation.

What an honest privacy policy contains

A real privacy policy, as opposed to a copied one that describes someone else's business, covers a clear set of things. What personal information you collect, in specific terms. Why you collect it, the purpose. How you use it, and crucially who else sees it, because if you use an email service, a payment processor or an analytics tool, those third parties handle the data and people deserve to know. How you keep it secure. How long you keep it, your retention approach. And how someone can reach you to access, correct or delete their information. The test of a good policy is that it accurately describes your actual practices, not a generic template's. A policy that claims things you do not do is worse than none.

How to get one in place without paying

You do not have to commission a bespoke policy to start, though for a data-heavy business proper advice is worth it. A reasonable first step is to map your own reality: list every piece of personal information your app collects, every third-party service that touches it, why you hold each thing, and how long. That inventory is most of the work, and it is something only you can produce because only you know your app. From there, reputable privacy-policy generators and templates aimed at Australian businesses can help you assemble a draft that reflects your specific answers. Whatever you produce, read every line and make sure it is true for your app. The goal is an honest description, not an impressive one, and an accurate plain policy beats a grand inaccurate one every time. This is general information, not legal advice.

Common questions

Questions, answered

Do I need a privacy policy if I only have a contact form?
Yes. A contact form collects a name and email, which is personal information, so the obligation to be open about how you handle it applies. The policy can be short and simple, but it should exist and accurately describe what you do with the details people submit. This is general information, not legal advice.
Can I just copy another business's privacy policy?
No. A copied policy describes their data practices, not yours, so it will be inaccurate, and an inaccurate policy is worse than none because it claims things you do not do. Use your own inventory of what you collect and why as the basis, whether you write it or use a template, and make every line true.
What actually needs to be in it?
What you collect, why, how you use it, who else sees it, how you secure it, how long you keep it, and how someone can access, correct or delete their information. The essential quality is accuracy: it must describe your real practices. Detail matters less than honesty. Keep it clear and true rather than long and impressive.
Do I need a lawyer to write it?
Not necessarily to start. You can build an accurate draft from an inventory of your own data practices plus a reputable template aimed at Australian businesses. For a data-heavy or higher-risk business, tailored legal advice is worth it. The most important input is your honest account of what your app actually does. This is general information, not legal advice.
No pressure
Show us what you built.

If you have made something and it needs to become real, send it over. We will tell you honestly what it needs to be live, safe and yours, whether that is a quick fix you can do or a proper build. No obligation.

Start here

Two doors. Same senior team.

Whether you can name exactly what you want built, or you just know something is leaking, the next step is the same conversation.