The Website privacy policy is a legal document which discloses some or all the ways the website collects/uses/discloses/and manages a customer or client’s data. In India, the Information Technology Rules make it mandatory for a company/organization to provide a privacy policy for handling and dealing of personal information of all its users. The website privacy policy is compulsory for all websites in India.


This Website privacy policy should be used by any website/blog/e-commerce website that gathers limited customer or user information. The website privacy policy must be displayed on the website in a prominent place, at the footer of the website along with the last date when the privacy policy was updated. This gives all users the confidence that the information they have disclosed to the owners of the website, will never be disclosed to others. These particulars will be stated website privacy policy.


The rules of Information Technology Act apply to the following data which is considered sensitive and personal:

  • Passwords
  • The financial information of a user such as bank account/credit card/debit card/any other payment instrument details
  • The physical, physiological and mental health condition of a user
  • The sexual orientation of a user
  • The medical records and history of a user
  • The biometric information of a user

However, any information which is freely available or accessible in the public domain/ or given under the Right to Information Act, 2005/or through any other law in force at the time, will not be considered sensitive personal data.


According to the Information Technology Rules, any company or individual who gathers/receives/possesses/stores/deals/or handles information has to provide a website privacy policy. The website privacy policy must be published on the website of the company or individual with the following details:

  1. The website privacy policy must be clear and state statements of its practices and policies
  2. It should clearly mention what type of personal/sensitive data or information is being collected
  3. The purpose of collection and usage of such information has to be clearly mentioned
  4. The disclosure of information including sensitive personal data or information has to be mentioned
  5. It has to mention how reasonable security practices and procedures have been adopted


The Information Technology Rules states that all companies have to address any discrepancies and grievances of the provider of information, in regard to processing that information in a time bound manner. The company has to designate a Grievance Officer and publish his or her name and contact details on their website. The Grievance Officer would be responsible for addressing the grievances of information providers within one month from the date of receipt of grievance.

Once you get in touch with us at ACE ALLIANCE with your request to create your Website Privacy Policy, we will start the process. After our team receives all the details, our expert team of lawyers and attorney will create your Website Privacy Policy and send it across for your reference within 2- 3 business days. The price you pay for these services will include three rounds of iterations. Therefore, if you need any changes done to your Website Privacy Policy our team of lawyers at ACE ALLIANCE will do the needful and complete your final Website Privacy Policy document.