Although it might seem boring and old, email marketing is still one of the most effective forms of marketing. In fact, it has the highest return on investment of any form of marketing. But before you jump in with email, we need to make sure you're following the law. And that means one thing... creating a privacy policy for email marketing. 

In this post, we'll cover all the things you need to know about how email marketing and privacy policies collide. You'll know why you need an email privacy policy, what you should include, and how to create one.

Let's dive in…

What is a privacy policy?

Let's start with a basic definition of the term "privacy policy." A privacy policy is an online legal document that explains what information you collect from people, how you collect that information, why you collect that information, how you use that information, who you share that information with, and what people can do to limit your use or collection of that information. 

Your privacy policy is a core part of your online legal compliance. While it is definitely relevant to your email marketing efforts, it goes well beyond email. Your privacy policy should cover all the ways you collect and use personal data online. 

If you want to take a deeper dive into privacy policies, check out our comprehensive Privacy Policy 101 post.

Do I need a privacy policy if I'm using email marketing?

The short answer is... Yes. 

There are multiple laws that mandate privacy policies, including the California Online Privacy Protection Act (CalOPPA) and the European Union's General Data Protection Regulation (GDPR). Among other things, these laws provide that if you are collecting personal information from their residents, you are required to have a privacy policy. 

Spoiler alert... if you are using email marketing in your business, you are subject to those laws.  

To start, an email address qualifies as personal information. Although there are some hazy lines when it comes to figuring out if information qualifies as personal under these laws, there's no doubt about email. 

So, if you have people from California or the European Union joining your email list (or on your list already), you are required to have a privacy policy for your email marketing.

While strange things do sometimes happen on the internet, it's a really safe bet that you have subscribers from those places if you are marketing on the internet!

What is CAN-SPAM?

Beyond the laws that are specifically about privacy policies, we need to discuss CAN-SPAM. 

The CAN-SPAM Act is the U.S. law that regulates commercial email. While the U.S. is kinda the wild, wild west when it comes to email marketing and privacy, CAN-SPAM does place some limits. 

To comply with CAN-SPAM, every message you send via email must have a valid "from" address, a mailing address for the sender, and a way for people to opt out of future emails. 

If you ever look at a marketing email, you'll notice the CAN-SPAM compliance at the end. Those emails will include (at a minimum), the mailing address and opt-out link. Here's an example from one of my emails:

Since we're talking CAN-SPAM... that law also forbids false or misleading header information and deceptive subject lines, but I'm guessing you wouldn't try that nonsense. 

If you want to learn more about CAN-SPAM, the Federal Trade Commission has this great resource page.

What should my privacy policy say about email and CAN-SPAM?

Okay... now that we've established that there are some legal requirements, let's talk about what your privacy policy should say about your email marketing. 

Although there aren't any strict rules here, you can use these sections of your privacy policy not only to meet your legal obligations but also to foster trust with your audience. You do this by telling them you'll guard their information and laying out exactly how they can unsubscribe. 

Here's the section we use in our privacy policy:

‍

‍

Don't overcomplicate this. Just be transparent and build trust. 

How should I create my privacy policy for email marketing?

While you could try to craft your website legal policies all by yourself, I do not recommend it. These are NOT fun to write, and you could easily miss something pretty stinking important. 

Luckily, with the Plainly Legal™ Agreement Generator, you can easily draft rock-solid website policies and other legal documents in minutes.