Cost of a Privacy Policy

Once you determine that you need a Privacy Policy, the next step is to create one. Like most legal components, this comes with a cost. But how much of a cost..?

A number of factors will affect the overall cost of creating your Privacy Policy. Some of these factors include the size and complexity of your business, what your business privacy practices are, and what method you choose to use to create your Policy.

Let's take a look at some things to consider, some different methods for creating a Privacy Policy, and what some average costs could be.

What can I expect to pay to have an attorney write my Privacy Policy?

While the actual cost of creating a Privacy Policy will vary wildly, $500 is about the minimum you can expect to pay if you have an attorney write this document for you.

Consider the rate of an attorney at approximately $200 to $500 per hour for this type of work. If you need only a very simple Privacy Policy and find a specialist who will do it at a low rate, your costs may be no more than $500

If, however, your Privacy Policy has any extra levels of complexity, you will likely see that price rise accordingly.

For more complex Privacy Policies, the cost could be anywhere from $1,000 to $2,500 or more.

Some examples of added complexity that may increase the cost of your Privacy Policy include:

  • Having both an app and a website
  • Services involving sensitive information such as the following:
    • Financial information
    • Medical information
    • Credit scores
  • Having users who are children

These are just a few examples, but virtually any factors that will increase the length of your Privacy Policy, the time it takes to write it, or the liability of the services your app or website provides will also increase the cost of having an attorney craft a Privacy Policy for you to address those needs.

Laws and compliance

Laws and compliance

Essentially the more laws you are required to comply with, the more expensive it will be for an attorney to draft your Privacy Policy. After all, the reason you are having an attorney write your Privacy Policy is to ensure that you have everything you need from a legal standpoint to comply with all required regulations and to protect yourself from liability.

If you run a small website for your local shop that serves only local customers, then your Privacy Policy will probably be very simple.

If, however, you run an online shop that serves customers nationwide or internationally, then your Privacy Policy will need to be more complex to comply with all relevant laws.

For example, the California Online Privacy Protection Act (CalOPPA) sets forth requirements for what must be included in the Privacy Policy of any app or website that collects personal data from residents of California. As such, your app or website will need to be compliant with all CalOPPA regulations if you have users who may reside in California, even if you are not based there.

This means that the attorney will need to write your Privacy Policy in such a way that it complies with additional regulations, meaning more time and effort on his or her part, thus increasing the cost of drafting your Privacy Policy.

As a general rule, the more laws your services are required to comply with, the more expensive it will be to have an attorney draft a Privacy Policy. Local, national, international, and special case laws will all add to the needs of your Privacy Policy. Some examples of these laws are:

  • CalOPPA (if you have users who reside in California)
  • GDPR (if you plan to have users in the EU)
  • COPPA (if you have users who are under the age of 13)
  • HIPAA (if you deal with medical information)
  • FCRA (if you offer credit reports)
  • The Gramm-Leach-Bliley Act (if you handle certain financial information)

These are some of the major laws that your Privacy Policy may need to address and that an attorney will have to ensure compliance with when drafting your documents.



Write it yourself

If your Privacy Policy is very simple, you may choose to simply write it yourself.

However, consider the risks of this as a Privacy Policy helps to protect you from liability and legal repercussions. An insufficient Privacy Policy will be much more costly than having an attorney help you create a solid Privacy Policy in the first place.

If you do decide to write your own Privacy Policy, research the relevant laws to ensure you are compliant with all regulations pertaining to your app, website, or company.

You would also benefit from reading the Privacy Policies of apps or websites similar to your own to see what information and clauses they include that you may not have thought about.

Be thorough! It may not seem important, but an inadequate Privacy Policy can cause problems for your customers, your company, and you as an individual if you are breaking the law. Fines and lawsuits are much more expensive than hiring an attorney to do it right in the first place.

Use a Legal Agreement Generator

There are services available to help you create a Privacy Policy that is compliant with the law. These services are available for much less than the cost of an attorney, but will still likely cost a few hundred dollars depending on the complexity of your needs.

If your needs are basic, you may be able to generate a sufficient Privacy Policy for around $100 using one of these services. Beyond that, the cost will climb proportionally to the needs and structure of your document.

Note that while helpful, these services are not the same as having an attorney draft a Privacy Policy specially catered to your needs.

If you run a very simple operation, a self-written or template generated Privacy Policy may suffice for little to no cost.

However, if you are selling products, collecting a variety of personal data, or dealing with a single type of sensitive information, you will most likely want an attorney to help draft your Privacy Policy. Depending on the complexity of your services, the price and length of your Privacy Policy will increase.

Simple Privacy Policy example ~$500

Here's a good example of a simple Privacy Policy without too many clauses or special conditions.


This simple example is comparable to most small ecommerce websites that process orders and collect money. These Privacy Policies tend to be shorter and less complex, but it is still a good idea to have an attorney involved so you can be sure your website is compliant with all relevant laws when handling customer's credit card and account information.

For the $500 cost it's worth having an attorney do it right rather than doing it yourself and risk costly legal issues in the future.

Average Privacy Policy example ~$1,000

Here's a good example of a mid-range Privacy Policy that has additional clauses and some special conditions.


This example would work well for websites that are a step above the basic example in complexity. For the $1,000 cost, your Privacy Policy may not be much different than the basic example, but it may address additional regulations you're required to comply with. An example of this would be an ecommerce website that has customers worldwide. In addition to complying with laws in the US, you would also have to comply with the laws in the EU and elsewhere, or draft a separate Privacy Policy for international customers. This would essentially double the cost as the workload has doubled for the attorney.

Complex Privacy Policy example ~$2,000+

Here's a good example of a more complex Privacy Policy that has multiple unique and special considerations to address.


This more complex example represents special cases where either sensitive information is being handled or unique needs are being covered. Large companies that offer a variety of services will essentially have multiple sections in their Privacy Policy to address those different services. The time it takes an attorney to address the policies regarding each service will add to the time and therefore cost of drafting the document.

For example, a website that sells products, offers training services, and has user-generated content will need to be sure it addresses the needs of each of those categories, thus increasing the price to perhaps up to three times what it would cost to address a single category.


As you can see in the examples above, Privacy Policies come in a wide variety of shapes and sizes. Depending on your needs and wants, your Privacy Policy will probably end up looking similar to one of these examples.

Simply put, the more advanced a website is, the more in-depth its Privacy Policy becomes. This doesn't necessarily reflect the quality of the services provided, but instead the variety of services provided.

Generally, a larger company will require a more in-depth Privacy Policy and, in turn, should invest in having an attorney draft the document to ensure it is adequate. Start-ups and smaller operations may be able to get away with a simple self-written or template generated Privacy Policy if cost is an issue, but serious consideration should be given to having a high-quality, legally compliant document to protect yourself and best serve your users.