Privacy Policies and Terms of Service: Best Practices
When survivors search for help online, they’re often accessing websites of victim service programs. In addition to getting educational information about domestic violence or sexual assault, many websites make it possible for survivors to reach out to the program through email, contact forms, or web-based chat, and to engage online with the program in other interactive ways. Because of the significant privacy and safety issues survivors of domestic and sexual violence face, it’s important that programs offer clear information about the benefits and risks of seeking information and help online.
As with all victim services, it’s important to make sure that the policies and practices related to your website and chat hotlines support informed consent. You should inform survivors about any potential risks they face when using your website. Depending on the terms of service and privacy policies, some survivors may choose to limit their use of your website or chat service, or choose not to use them at all. Providing clear information about privacy and safety risks gives survivors a chance to make choices that match their privacy and safety concerns.
Privacy Policies & Terms of Service
Privacy Policies are important (and in some places required by law) if you collect any personal information from visitors to your site, including name, email address, phone number, IP address, etc. The policy should describe what information you collect, why you collect it, how you protect it, how long you keep it, how someone can opt out, and how you use it.
Both Privacy Policies and Terms of Service should be meaningful, clear, and include specific information (see below).
Use plain language as much as possible. This means sharing content that is easy to read and understand, and that avoids jargon. Share the key points of your confidentiality and privacy policies and practices, and provide links to the more legal or specific information so that survivors have the choice to dive deeper if they want to.
Include Specific Information
As you seek to balance being clear and brief with the need to be thorough, the following information should be included in your Terms of Service:
Privacy and Safety Information
What kind of information could be personally identifying
Your organization’s obligation to protect personally identifying information, and the limits of that protection, including:
How mandatory reporting may impact that obligation
How your program responds to court orders, warrants, government requests, and subpoenas
How your organization handles breaches of personal data
Third parties that have access to the person’s information (including digital services platforms, internet service providers, IT personnel, backup data storage providers, or cloud servers)
How their information is used in grant reporting, for example explaining that personal information is not shared but aggregate data is.
Liability information (as advised by attorney)
Anything that needs to be disclosed related to the website developer or online chat vendor’s Terms of Service, with links to those policies.
What they can expect from your service
Any limitations of the service (not 24 hours? Wait times? No records kept even if someone contacts more than once?)
What can minors accessing the service expect?
What languages your services are offered in, and when you use interpreters
Who to contact with questions
How your program will respond to abuse of the services (e.g., harassment of advocates, spamming, hacking, etc.)
Here are some examples of Privacy Policies.
Read more about the differences and what should be included in Privacy Policies and Terms of Service.