Getting Started – Compliance Solutions for Websites, Apps and Organizations | iubenda

Compliance for Individual Services

Andrea Orivati — Wed, 20 Nov 2019 23:20:29 +0000

Compliance can often be a multi-faceted task – not only do you need to comply with applicable law, but you’ll often need to meet basic third-party requirements as well. Various third-party services process user data in different ways and for different purposes, and it is, therefore, important to ensure that your privacy and cookie policies mention and contain the correct disclosures for each – this is no simple task. Luckily, our Privacy and Cookie Policy Generator contains over 1700 clauses, which covers everything from the most popular third-party services to more niche services, and we’re continually expanding the list.

Below you’ll find, in alphabetical order, a list of individual posts dedicated to each one of the third-party services included in the Generator and specific compliance instructions related to each. The list is not yet complete (as creating posts for each of the 1700+ posts takes quite some time), but we will continue to update as we go along. If the post for the particular service you’re interested in is not yet linked, please check back in a few days or feel free to reach out to us directly for assistance.

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

A

Android: Compliance for Android Apps
Amazon Store: How to Add a Privacy Policy to the Amazon Store
A-CUBE API
Abacus
Access the address book
Accounting managed internally
ActiveCampaign: Compliance for ActiveCampaign
ActiveCampaign site messages
ActiveCampaign Text Message and SMS Marketing
ActiveCampaign widget
Activity data tracked by your device
Ad4Game
Adabra
Adblade
AdBuddiz
AdButler
Adcash
AdColony
AddThis: Compliance for AddThis
AddToAny
AdEspresso conversion tracking
Adform
Adgoon conversion tracking
AdKaora
AdMob: Compliance for AdMob
Adobe Analytics: Compliance for Adobe Analytics
Adobe Audience Manager
Adobe Edge Web Fonts
Adobe Fonts: Compliance for Adobe Fonts
Adobe Test&Target
AdRally
AdRoll: Compliance for AdRoll
Adyen
Affilinet
Airbrake
Akamai Content Delivery Network
Akismet
Alexa Metrics: Compliance for Alexa Metrics
Algolia
AliExpress Affiliate
Allopass
Altervista Advertising
Altervista Platform
Amazon Affiliation
Amazon Appstore
Amazon Glacier
Amazon Mobile Ads
Amazon Omakase
Amazon Payments
Amazon Simple Email Service
Amazon Web Services (AWS): Compliance for Amazon Web Services
Amplitude
Analysis and predictions based on the User’s Data (“profiling”)
Analytics collected directly
Anastore affiliation program
Android Pay
AngelList follow button and social widgets
App Center
App Samurai
AppFireworks
Apple App Store
Apple HealthKit
Apple iAd
Apple Pay: Compliance for Apple Pay
Applifier
AppLovin
Appnext
AppNexus
Appsee
Appsflyer
Apptentive Widget
AppTV
Apsalar
Apteligent
ArubaCloud
Asana
AskingPoint
Atlassian Confluence
Attendance and leave management processed internally
AudienceRate Analytics
Audiens
Audio conferencing managed internally
Audiweb
Auth0
Authorize.Net
Automated decision-making
Autosend
AWeber
Awin
AWStats

B

Backup on Google Drive
Balanced Payments
Banggood Affiliates Program
Banzai Advertising
Basecamp
Belboon
Beta by Crashlytics
BigMarker
Bing Maps
Bitbucket
Bitly OAuth: Compliance for Bitly OAuth
Bitpay
Blogger: Compliance for Blogger
BlogVault Backup
Booking.com Affiliate Partner Program
Boomerang
Braintree
Branch Attribution
Bravofly Affiliate Program
Braze
Breezy HR
Broadstreet Ads
Buffer button and social widgets
Buglife
Bugsnag
Built for Teams
BulkSMS
Business card processing
Business Contact
BuySellAds: Compliance for BuySellAds
By POS

C

CakeHR
Calendar processed internally
Calq
Campaign Monitor: Compliance for Campaign Monitor
Captify: Compliance for Captify
Carbon Ads
ChargeBee
Chargify
CharlieHR
Chartbeat
Chartboost
Chino.io
CJ Affiliate by Conversant
CleverReach
ClickBank
ClickDesk Widget
Clickpoint: Compliance for Clickpoint
ClickTale
ClickWall
Clicky
Cloud 66
Cloudflare: Compliance for Cloudflare
Cloudinary
Cloud Technologies: Compliance for Cloud Technologies
CodePen widget
Coinbase
Coinbase button and widgets
CoinPayments
Comm100 Widget
Commanders Act: Compliance for Commanders Act
Comment system managed directly
ComScore Analytics
ConCardis
Constant Contact
Contact form
ContactLab Outbound
Contractor workforce processed internally
ConvertKit
ConvertKit widget
Countly
CPMStar
Crashlytics
Crazy Egg
Crisp Widget
Criteo & Criteo Dynamic Retargeting: Compliance for Criteo
Crowdsignal
Crowdsignal Widget
Cuebiq AudienceQ
Customer.io
Customerly (Chat Widget, E-mail Marketing, Survey, Survey Widget): Compliance for Customerly
Cxense

D

Dailymotion: Compliance for Dailymotion
Data transfer abroad based on consent
Data transfer abroad based on standard contractual clauses
Data transfer to countries that guarantee European standards
Databases managed internally
Datacenter Luxembourg
Datadog
Decibel Insight
Delivery processed internally
Desigual Affiliate Program
Desk.com
Device permissions for Personal Data access
DigitalOcean: Compliance for DigitalOcean
Direct Email Marketing (DEM)
Direct marketing via SMS
Direct registration
Disqus: Compliance for Disqus
DMP extension for Webtrekk
Document collaboration and processing managed internally
Doodle
Dot&Ads
Dot&Media
dotmailer
DoubleClick for Publishers – Mondadori
Drift Widget
Drip: Compliance for Drip
Dropbox: Compliance for Dropbox account access
Dwolla

E

eADV
eBay Partner Network
Effiliation
Elevio
Elevio Widget
Email archive managed internally
Email managed internally
Email parsing processed internally
Email scheduling managed internally
Employee benefits processed internally
Employee computer
Employee onboarding processed internally
Employee phone
Employee wellness
Engine Yard
Envoy
ePages
Epom Ad Server
eWAY
Expense management processed internally
Expensify

F

Fabric Answers
Fabric Answers: Twitter Enhanced Features extension
Facebook (account)
Facebook account access: Compliance for Facebook account access
Facebook Ads conversion tracking (Facebook pixel)
Facebook Analytics for Apps
Facebook Audience Network
Facebook Authentication: Compliance for Facebook Authentication
Facebook Comments
Facebook Custom Audience: Compliance for Facebook Custom Audience
Facebook Like button and social widgets
Facebook Lookalike Audience
Facebook Messenger Customer Chat
Facebook Remarketing
FeedBlitz
Feedburner
FeedPress
File sharing and storage managed internally
Filestack
Firebase Cloud Functions, Messaging & Storage:Compliance for Firebase Cloud
Firebase Crash Reporting
Firebase Dynamic Links
Firebase Hosting
Firebase Invites
Firebase Legacy
Firebase Notifications
Firebase Performance Monitoring
Firebase Realtime Database
Firebase Remote Config
Float
Flox
Flurry Analytics
Flurry RTB
Fond
Font Awesome
Fonts.com Web Fonts
Fortumo
Fotolia Affiliate Program
Found by Elastic
Foursquare OAuth
FreeWheel
Freshbooks
Freshchat Widget
Freshdesk:Compliance for Freshdesk
Freshsales
FullContact
Funding Choices for messaging ad block Users
Funding Choices for User consent
Fyber

G

GameAnalytics
GamePix widget
Gauges
General payment processing
Geolocation
Gestpay Banca Sella
GetKudos Widget
GetResponse
GetResponse widget
GetSatisfaction Widget
GetSiteControl Chat Widget
GetSiteControl contact form
GetSiteControl Promo widget
GetSiteControl social widget
GetSiteControl Subscribe widget
GetSiteControl Survey Widget
Getty Images widget
Gigya
GitHub
GitHub button and social widgets: Compliance for GitHub button and social widgets
GitHub OAuth
GitHub Pages
GitLab.com
Gmail
Go Squared
GoCardless
Google Ad Manager
Google Ad Manager Audience Extension
Google Ads conversion tracking
Google Ads Remarketing
Google Ads Similar audiences: Compliance for Google Ads Similar audiences
Google AdSense
Google Analytics
Google Analytics Advertising Reporting Features
Google Analytics Demographics and Interests reports
Google Analytics for Firebase
Google Analytics with anonymized IP
Google App Engine
Google Calendar
Google Calendar widget
Google Cloud Storage
Google Drive (Spreadsheets, Docs, Slides)
Google Drive account access
Google Fonts
Google Friend Connect
Google Hire
Google Maps widget
Google OAuth
Google Optimize
Google Pay
Google Play Beta Testing
Google Play Store
Google reCAPTCHA: Compliance for Google reCAPTCHA
Google Signals: Compliance for Google Signals
Google Site Search
Google Site Search with AdSense
Google Tag Manager: Compliance for Google Tag Manager
Google+ (account)
Google+ +1 button and social widgets
Grapeshot
Gravatar: Compliance for Gravatar
Gusto

H

Harvest
Headway widget
Heap Analytics: Compliance for Heap Analytics
Help Scout
Helpshift
HERE Maps widget
Heroku
Heyzap
Hipay
Hired
Histats
HockeyApp
Hotjar Form Analysis & Conversion Funnels
Hotjar Heat Maps & Recordings: Compliance for Hotjar Heat Maps & Recordings
Hotjar Poll & Survey widgets
Hotjar Recruit User Testers
Hotjar surveys
HubSpot Analytics: Compliance for HubSpot Analytics
HubSpot CRM
HubSpot Email
HubSpot Lead Management

I

iOS: Compliance for iOS and macOS Apps
iContact
iDevAffiliate
IDG TechNetwork
ilMeteo widget
IlSole24Ore Advertising
Imperva Application Security
Improvely
Influencer marketing managed internally
Infomail
Infusionsoft
Inspectlet
Instabug
Instagram Authentication
Instagram widget
Instapage
Integration of Freshsales with Freshchat and/or Freshdesk
IntelliTXT
IntenseDebate
Intercom
Internal collaborative workspace and note taking
Internal compliance processing
Internal corporate learning and training
Internal employee directory
Internal facility/warehouse management
Internal field service management
Internal inventory management
Internal knowledgebase
Internal office management
Internal project and task management
Interoute
Interstate Analytics
Inviting and suggesting friends
Invoicing processed internally
IO Technologies
IOL Advertising
ironSource
Issuu widget
Iterable
Iterable email marketing
Iterable SMS marketing
iTunes affiliation
iubenda Consent Database

J

Janrain Engage
Jetscale
Jimdo
JotForm: Compliance for JotForm
JotForm widget
JuiceADV
Jumptap
JVZoo
JWPlayer widget

K

Kariboo
Keen IO
Ketchup ADV
Kiip
KISSmetrics
Klarna

L

LinkedIn: Compliance for LinkedIn social button and social widgets
Lander
Launchrock
Layer
Lead Dyno
LeadBolt
LeadLander
LeadOutcome
Leadpages
LevelUp
Lever
LifeStreet Media
Ligatus
Light Reaction
LinkedIn (account)
LinkedIn button and social widgets
LinkedIn conversion tracking
Linkedin OAuth
LinkedIn Recruiter
LinkedIn Website Retargeting
Linkpulse
links2revenue
LinkShare
Linode
LiveChat Widget
Livefyre
LiveIntent
Livestats Aruba
Livestorm
Lloogg
Localytics
Lockerz Share
Log In with PayPal: Compliance for Log In with PayPal
Logentries
Login with Amazon
Logitravel Affiliate Program

M

Mailchimp: Compliance for Mailchimp
Mad Mimi: Compliance for Mad Mimi
MagNews
Mailchimp
Mailchimp Landing Page
Mailchimp OAuth
Mailchimp widget
MailerLite
MailerLite Landing Pages
MailerLite widget
Mailgun
Mailing list or newsletter
Mailjet
MailUp
MainAd
Mandrill
MANGOPAY
Mapbox widget
Mapp Aquire (DMP)
Marketo Email Marketing
Marketo Lead Generation
Matomo
Mediafed
Medialets
Mediamond
Meeting/event management processed internally
Meetup.com OAuth
Meride video
Microsoft Advertising
Microsoft Advertising Universal Event Tracking
Microsoft Azure
Microsoft Teams
Millennial Media
Mint Analytics
Mix button and social widgets
MixCommander
MixPanel
mLab
Mobclix
MobFox
Mobile beacons
Mobysign
Modulus
Mollom
Monitis
MoPub
Mouseflow
Mozeo
Muut
My LiveChat Widget
MyBank UniCredit
MyFonts
Myspace button and social widgets
myThings

N

Nagios
Nativery
Neodata Ad Server
NetAffiliation
Neteller
Netlify
New Relic
Nexmo
Nielsen Audience Measurement
Non-continuous geolocation

O

Office operations and management processed internally
Offline form processing
Olark Widget
Olivemedia
Omnisport video widget
Onebip
OneDrive OAuth
OneSignal
Openshift
OpenStreetMap widget
OpenX Ad Exchange
OpenX Ad Server
Optimizely
Oracle BlueKai (DMP)
Other legal basis for Data transfer abroad
Other location data processing
Outbrain

P

Pardot
Parse Analytics
Parse Core & Push
Passendo ApS
PAY.
Payment by bank transfer
Payments processed via the Apple App Store
Payments processed via the Google Play Store
Paymill
Payone
PayPal
PayPal button and widgets
PayPal Carrier Payments
PayPal Payments Hub
Payroll processed internally
Paysafecard
People analytics processed internally
Perfect Audience
Personal Data collected through sources other than the User
Phone contact
Photon Engine Cloud
Pin Payments
Pingdom
Pinterest OAuth: Compliance for Pinterest OAuth
Pinterest “Pin it” button and social widgets: Compliance for Pinterest “Pin it” button and social widgets
Pipedrive
Plaid Auth
Playhaven
Po.st
Po.st Advertising
Podio
PopUp Domination
Postmark
Powerlinks
Presscommtech
PrestaShop
Printed out archives
Project Wonderful
Propeller Ads
Pseudonymous use
Public profile
PubMatic
Pure Chat Widget
Push notifications
Push notifications based on the User’s geographic location
Push notifications for direct marketing

Q

Qualaroo
Qualaroo Widget
Quantcast Measure
Quantum
QuickBooks Online
Quip
QuiPago
Quora Conversion Pixel
Quora List Match Audience
Quora Lookalike Audience
Quora Website Traffic Audience

R

RackOne Hosting
Rai Pubblicità
RainbowTgx
Rakuten Marketing
Rakuten Marketing Affiliate
Rakuten Remarketing
Rapidmail
Raygun
RCS MediaGroup Advertising
Reach
Rebrandly
Reception management processed internally
Recruitment processed internally
Recurly
Reddit button and widgets
Redvertisement Ads
ReferralCandy
Reinvigorate
Remarketing with Google Analytics
Resource scheduling processed internally
ResponseTap
RevMob
RhythmOne
Robly
Robly Widget
Rocket Fuel conversion tracking
Rockyou
Rollbar
Rubicon Project

S

SafeCharge
Sage Pay
Salesforce Analytics Cloud
Salesforce Audience Studio
Salesforce Marketing Cloud
Salesforce Sales Cloud
Salesforce Service Cloud
Savings United
ScorecardResearch
Scoreoid
Secure Trading
Security camera processing
Seedtag
Segment
Selling goods and services online
Sendgrid
SendinBlue Email
SendinBlue Marketing Automation
SendinBlue SMS
Sendwithus
Sentry
SessionCam
Shareaholic
ShareAsale
ShareThis
SharpSpring
SharpSpring Landing Page
ShinySense or DMP extension for ShinyStat
ShinyStat
ShinyStat Free
Ship by Product Hunt
Shopify
Simpli.fi
Simplify
Simply Advertiser
SiteGround Hosting: Compliance for SiteGround Hosting
Skebby
Skimlinks
Skrill
Skylight
Skype
Slack
Smart AdServer
Smart4ads
Smarter Click Email Engagement
Smartlook
Smartsupp
SMS Aruba
SMSFactor
sMsmode
Snapchat (account)
Snapengage Widget
Social networks managed internally
Socialize
Sociomantic
SOFORT
SoundCloud widget
SparkPost
SpeeD
Splunk MINT Express
Spotify widget
Spreedly
Square
Squarespace
Stack Exchange OAuth
StartApp
StatCounter
Stathat
StatusCake
Storeden
Storify widget
Streamera
Stripe: Compliance for Stripe payment processing, OAuth and account access
Sucuri CloudProxy
Suite Mail Pro
SumoMe Contact form
SumoMe Content Analytics
SumoMe Heat Maps
SumoMe Mailing List or Newsletter
SuperAwesome
Survey/poll processed internally
SurveyGizmo
SurveyMonkey
SurveyMonkey Widget
Swiftype
Swrve Core & Push

T

Twitter: Compliance for Twitter Tweet Button and Social Widgets

The post Compliance for Individual Services appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Laws and regulations for simple websites – and how to comply

Andrea Orivati — Wed, 22 May 2019 15:57:06 +0000

Run a simple website or blog? Here’s everything you need to understand and get started with GDPR and ePrivacy compliance.

Understanding the Legal Requirements and how to Comply

How to Determine Your Law of Reference? › | How to Make Your Blog or Simple Website Compliant › | GDPR Guide ›

What you’ll need (and when you’ll need it)

Why? Under most countries’ laws it’s mandatory that you disclose details related to privacy and your data processing activities. Failure to do so can result in massive fines, legally invalidate your newsletter list, leave you open to litigation and negatively affect your the credibility of your website.

When do you need it? Whenever processing personal user data in any way (e.g. Via social connect buttons, contact forms, analytics services — note that even ip addresses can be considered personal data).

Practical

CMS-specific integration

Informative

Common services that explicitly require privacy policies

Why? Many websites use cookies for everything from analytics statistics to text and banner ads.

When do you need it? If you use cookies and you have EU-based users, you’re required by both law and by law-abiding third-parties such as Google, Amazon, Apple, Facebook etc. to comply with legal requirements; this generally means having valid cookie policy and cookie management solution in place.

Practical

How to Further Configure Your Privacy Controls and Cookie Solution (Advanced Guide) ›

CMS Plugins
These plugins allow you to set up quickly on the most popular platforms and automate much of the prior blocking process

WordPress Plugin Guide | Magento Guide | Joomla! Guide | PrestaShop Guide | PHP class Guide.
Drupal users, you can access the class via direct download or Packagist, and find full instructions in the PHP class guide linked above.

Informative

Important

If you monetize content on your site via ads (including Google’s ad services), we heavily suggest that you meet industry requirements by enabling the IAB Transparency & Consent Framework feature in the Privacy Controls and Cookie Solution. Failure to do so can potentially result in reduced ad reach and revenue.

How to enable the IAB TCF in the Privacy Controls and Cookie Solution › | How to collect consent for Google Ad personalization ›

Why? The GDPR requires that you keep and maintain valid records of consent if processing user data based on consent. Without these records, the consent you collect is considered invalid.

When do you need it? When processing the personal data of EU-based users on the legal basis of Consent. Common Scenarios of this include collecting personal data via forms for newsletters, email lists, subscriptions etc. This does not typically apply to consent for cookies as cookies are still largely governed by the ePrivacy Regulation (Cookie Law).

Important

Note: GDPR requirements also apply to you even if you’re not based in the EU but have EU-based users or you only have non-EU users but are based in the EU. Read more here.

Practical

Informative

GDPR’s consent requirements ›

Why? The GDPR requires that you keep and maintain valid records of processing if processing the personal data of EU-based persons. Without these records, your processing activities would be in violation of the law.

When do you need it? If you fall under the scope of the GDPR and your processing activities are not occasional, could result in a risk to the rights or freedoms of others, involves sensitive data or if you have more than 250 employees — in short, it’s almost always required.

Practical

Informative

Why? Terms and Conditions (also called ToS – Terms of Service, Terms of Use or EULA – End User License Agreement) set the way in which your product, service or content may be used, in a legally binding way. They are crucial for protecting your content from a copyright perspective as well as for protecting you from potential liabilities.They typically contain copyright clauses, disclaimers and terms of sale, allow you to set governing law, list mandatory consumer protection clauses, and more.

When do you need it? You’ll likely need to set Terms & Conditions if you:

have different user levels (eg. registered vs non-registered);
want to set the rules for user behavior (including comments) and state grounds for termination of accounts;
allow your users to upload content;
participate in affiliate programs;
provide advice which can potentially cause harm if misused;
would like to have some legally enforceable control over, and set rules about, how your product, service or content may be used.

Particular emphasis should be given to copyright and the limitation of liability clauses (and disclaimers), for example when giving advice or promoting affiliate products.

Practical

Informative

Special Considerations

Planning to send emails or newsletters? Read this:

Running ads on your site or making endorsements? Read this:

Additional Resources

Make your site compliant in minutes

The post Laws and regulations for simple websites – and how to comply appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Laws and regulations every app developer should know – and how to comply

Andrea Orivati — Mon, 21 Jan 2019 11:10:06 +0000

App developer? Here’s everything you need to understand and get started with GDPR and ePrivacy compliance.

But first, do privacy laws actually apply to you? And which one?

See which privacy laws actually apply to you. Take this free 1-min quiz →

What you’ll need (and when you’ll need it)

Why? Under most countries’ laws it’s mandatory that you disclose details related to privacy and your data processing activities. Failure to do so can result in massive fines, app store/marketplace rejection, leave you open to litigation and negatively affect the credibility of your website or app.

When do you need it? Whenever processing personal data in any way (even ip addresses can be considered personal data).

Practical

Platform-specific guides

Informative

Why? Many app developers use cookies either in-app or via the app website for everything from usage statistics to remarketing ads.

When do you need it? If you use cookies and you have EU-based users, you’re required by both by law and by law-abiding third-parties such as Google, Amazon, Apple, Facebook etc. to comply with legal requirements – in this case Cookie Law. This generally means having valid cookie policy and cookie management solution in place.

Practical

Did you know that we have a mobile SDK available for Cookie Solution? It’s fully customizable and available as a native component for both IOS and Android. You can contact us directly at info@iubenda.com to access all files and instructions needed for implementation.

CMS Plugins
These plugins allow you to set up quickly on the most popular platforms and automate much of the prior blocking process

Informative

Why? Terms and Conditions (also called ToS – Terms of Service, Terms of Use or EULA – End User License Agreement) set the way in which your product, service or content may be used, in a legally binding way. Not only are crucial for protecting you from potential liabilities, but (especially in cases where something is being sold to consumers) they often contain legally mandated information such as users’ rights, withdrawal or cancellation disclosures.

When do you need it? In general, you’ll likely need to set Terms & Conditions if you have app which participates in some form of commerce (whether selling to users directly or facilitating trading). Additionally, some specific instances where they might needed are where you:

need to make legally required disclosures related to consumer rights (especially withdrawal and cancellation rights);
have different user levels (eg. registered vs non-registered);
your platform allows users to sell or trade with other users;
facilitate or otherwise process payments and/ or other sensitive user data;
want to set the rules for user behavior and state grounds for termination of accounts;
participate in affiliate programs;
provide a software or service which can potentially cause harm if misused;
would like to have some legally enforceable control over, and set rules about, how your app may be used.

Particular emphasis should be given to account termination clauses, payment conditions and the limitation of liability clauses (and disclaimers).

Practical

Informative

Why? The GDPR requires that you keep and maintain valid records of consent if processing user data based on consent. Without these records, the consent you collect is considered invalid.

When do you need it? When processing the personal data of EU-based users on the legal basis of Consent. Typical examples of this include collecting personal data via forms for newsletters, email lists, subscriptions etc. This does not typically apply to consent for cookies as cookies are still largely governed by the ePrivacy Regulation (Cookie Law).

Important

Note: GDPR requirements also apply if your base of operations is in the EU or if you simply offer goods or services to EU-based persons, even if that offer is free. Read more here.

Practical

Informative

GDPR’s consent requirements ›

Practical

Informative

Special Considerations

Planning to send emails or newsletters? Read this:

Emails & Newsletter Guide ›

Target children or minors? Read this:

Additional Resources

Make your app compliant in minutes

The post Laws and regulations every app developer should know – and how to comply appeared first on Compliance Solutions for Websites, Apps and Organizations | iubenda.

Getting Started Guide

Andrea Orivati — Wed, 11 Apr 2018 08:07:36 +0000

Take your first steps toward compliance with our guide

If you are on this page, then you are most likely asking yourself: “What do I need to do to comply with privacy laws like the GDPR and CPRA / CCPA?”. In any case, you’re probably aware that you need to meet legal requirements for your app/site.

Based on nearly 10 years of experience, we know that meeting these legal requirements (i.e., compliance) is a considerable challenge.

Taking time to understand complex laws and regulations and implement them does require time and money that you could otherwise use towards your business.

We can help you solve this challenge. With iubenda, you can easily check off ✓ all the right legal requirements – without sacrificing important business processes like speed and user experience.

Our software tools are currently trusted by more than 90,000 clients worldwide and are designed to help you achieve full compliance and keep focusing on what matters most: your business.

Or take this 1-minute quiz to get an immediate personalized answer on how iubenda can apply its instant magic for your legal requirements.

Find out what you need to get compliant

In general terms, compliance with data privacy laws means taking precise actions to responsibly handle the personal data processed during your business activities and to make the related mandatory disclosures. These actions may often seem challenging to implement and restrictive towards your business activities.

However, meeting online privacy law requirements is a valuable opportunity for growth for your site/app: you can protect and further enhance your reputation as a reliable/legitimate business, expand your user base and boost your revenue.

What do I need to meet my online legal requirements?

As each situation is unique, we invite you to complete the 1-minute quiz below to immediately identify which legal requirements most likely apply to you, what you need to do, and how iubenda can help.

Otherwise, please read on for an overview of the laws that might apply to you and how iubenda can help.

You need to enable cookies to see the quiz

Update your preferences

Meet the protagonists – Laws from every part of the world

Even though the internet is global, there is no online privacy law that is applicable globally. Instead, you will encounter different laws in various parts of the world. And, each law has its own specific characteristics and requirements.

We have prepared for you a quick overview of several online privacy laws grouped by geographical region, so you can easily choose the laws that you’d like to learn more about.

Take this 1-min quiz to find out which laws are actually relevant for you

US laws like the CPRA, and VCDPA are the laws most likely to be relevant to you, if you’re based in the US or have US-based users – regardless of where you’re based.

Meeting US privacy requirements is easy with our US toolbox.

Main laws currently in force:

California’s CPRA (CCPA amendment)
California’s CalOPPA
Virginia’s VCDPA

What do you need to do to get compliant?
Because US privacy laws are typically implemented on the State level, US compliance often means that you need to comply with more than one law simultaneously. This usually means having privacy documents and opt-out mechanisms that meet each State’s requirements.

More about US compliance here.

The GDPR and ePrivacy (Cookie Law) are likely relevant to you if you are based in Europe or if you have/are likely to have in the future Europe-based users, regardless of where you’re based.

These laws also apply to you even if you are not based in Europe but you monitor (e.g., using analytics) the behavior of Europe-based persons.

Meeting the requirements of the GDPR and ePrivacy is easy with our EU/UK/CH toolbox.

GDPR (General Data Protection Regulation)

Specifies how and when personal data should be lawfully processed (including how it’s collected, used, protected or interacted with in general). An EU regulation in force since May 2018, it is arguably the most well-known privacy law globally.

What do you need to do to get compliant?
You should meet disclosure and transparency requirements by making sure you inform your users in detail about how you process their personal data. You should also ensure that you collect your users’ consent (for cookies and other purposes) in the correct manner: consent should be freely given, informed, specific and unambiguous.

ePrivacy Directive (“Cookie law”)

It complements the GDPR regarding the protection of personal data of individuals within Europe. It addresses crucial aspects about the confidentiality of electronic communications and the tracking of Internet users more broadly. In force since 2002.

What do you need to do to get compliant?
You must display a cookie banner on your website that is designed to obtain users’ informed consent before storing non-technical cookies on their device and/or tracking them. The cookie banner should allow for explicit and unambiguous consent from your users and should include a link to a comprehensive cookie policy. You should also implement a technical cookie management solution blocking codes that may install non-technical cookies, unless consent is provided by the user.

LGPD (Brazilian General Data Protection Law)

It grants enhanced rights to users and protects both data processed in Brazil and the personal data of Brazil-based users. It can be considered as the Brazilian counterpart of the GDPR, although it differs from the GDPR in several ways. It is one of the newest addition to the online privacy laws family, in force from September 2020 onwards.

What do you need to do to get compliant?
You should meet disclosure and transparency requirements by making sure you inform your users in detail about how you process their personal data. You should also ensure that you collect your users’ consent for different purposes (e.g., a newsletter) in the correct manner: consent should be freely given, informed, specific and unambiguous.

How can iubenda help you?

We believe in the importance of a comprehensive approach to online legal compliance. Our complete set of solutions makes it super simple to check off all the right legal requirements.

And while we take care of all the complex legal details for you, you can decide, based on your compliance needs, business aims and design preferences, the language, content and specific appearance of your legal documents.

Our clients have rated us with 5 stars on Capterra, praising our easy-to-use, customizable, comprehensive and continuously updating solutions that ensure constant compliance with online privacy laws.

Our solutions

GDPR

CalOPPA

CPRA / CCPA

General Global Privacy laws

Privacy and Cookie Policy Generator

Generate a beautiful, precise Privacy and Cookie Policy in minutes that describes in detail all the private data processing activities carried out by your website/app.

Watch video

More information

GDPR

ePrivacy/Cookie Law

CPRA / CCPA

LGDP

Privacy Controls and Cookie Solution

Create, in just a few clicks, a beautiful, fully customizable cookie banner, seamlessly collect users’ consent for non-technical cookies installation and implement prior blocking of non-technical cookies prior to consent.

Watch video

More information

For websites/apps

Terms and Conditions Generator

Terms & Conditions are essential for protecting you from potential liabilities. Our powerful Terms and Conditions Generator lets you create professional, lawyer-drafted Terms documents in minutes. The Generator is fully optimized for e-commerce, blogs, apps, marketplace, SaaS and more.

Watch video

More information

GDPR

LGPD

General Global Privacy Laws

Consent Database

Easily store proof of consent and manage consent and privacy preferences for each of your users. Build detailed consent records, including the exact time when consent was provided, and the identity of the user that provided the consent.

Watch video

More information

GDPR

LGPD

Register of Data Processing Activities

Overcome, in just a few clicks, the technical challenge of recording and managing all the data processing activity within your organization.

Watch video

More information

Choose a tool from our toolbox

Still not sure what tools you need? Take this 1-minute quiz to find out now which laws actually apply to you.

Getting Started – Compliance Solutions for Websites, Apps and Organizations | iubenda

Compliance for Individual Services

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

Laws and regulations for simple websites – and how to comply

Understanding the Legal Requirements and how to Comply

What you’ll need (and when you’ll need it)

Privacy Policy

Cookie Management

Important

Valid Records of the Consents You Collect

Important

Records of Your Processing Activities

Protecting your content and interests with Terms and Conditions

Special Considerations

Additional Resources

Make your site compliant in minutes

Laws and regulations every app developer should know – and how to comply

But first, do privacy laws actually apply to you? And which one?

What you’ll need (and when you’ll need it)

Privacy Policy

Cookie Management

Setting rules & Protecting your interests with Terms and Conditions

Valid Records of the Consents You Collect

Important

Records of Your Processing Activities

Special Considerations

Additional Resources

Make your app compliant in minutes

Getting Started Guide

Take your first steps toward compliance with our guide

Find out what you need to get compliant

What do I need to meet my online legal requirements?

Meet the protagonists – Laws from every part of the world

United States

Main laws currently in force:

European Union & the UK

GDPR (General Data Protection Regulation)

ePrivacy Directive (“Cookie law”)

Brazil

LGPD (Brazilian General Data Protection Law)

Other countries / Multiple regions

Languages

How can iubenda help you?

Our solutions

Privacy and Cookie Policy Generator

Privacy Controls and Cookie Solution

Terms and Conditions Generator

Consent Database

Register of Data Processing Activities

Choose a tool from our toolbox

The Basic toolbox

The Basic toolbox

The US toolbox

The US toolbox

The EU/UK/CH toolbox

The EU/UK/CH toolbox

The Brazil toolbox

The Brazil toolbox

The EU/UK/CH & US toolbox

The EU/UK/CH & US toolbox

The EU/UK/CH & BR toolbox