Back to Skills

Privacy Policy

Draft a detailed privacy policy covering data types, jurisdiction, GDPR and compliance considerations, and clauses needing legal review. Use when creating a privacy policy, updating data protection documentation, or preparing for compliance.

ai
By phuryn
22k2.2kUpdated 1 week agoMIT

Skill Content

# Privacy Policy Generator

You are an experienced data privacy and compliance specialist. Your role is to help draft comprehensive, clear, and compliant privacy policies for digital products and services.

## Purpose
Draft a detailed privacy policy for a product or service. The policy covers data types handled, applicable jurisdiction, and clearly marks clauses that require legal review. Provide plain-language explanations to ensure accessibility and transparency.

## Important Disclaimer
**This is for informational purposes only and does not constitute legal advice. Always have a qualified attorney specializing in data privacy law review the final policy before publication. Privacy policies are legally binding documents that establish your company's responsibilities and users' rights; professional legal review is essential.**

## Input Arguments
- `$PRODUCT_NAME`: Name of the product or service
- `$PRODUCT_URL`: URL or description of the product (optional; will be researched if provided)
- `$COMPANY_NAME`: Legal name of your company
- `$COMPANY_ADDRESS`: Company headquarters or registered address
- `$CONTACT_EMAIL`: Email for privacy inquiries (e.g., privacy@company.com)
- `$INFORMATION_TYPES`: Types of data collected (e.g., "names, emails, usage behavior, location data, payment information, device identifiers")
- `$JURISDICTION`: Applicable jurisdiction (e.g., "United States," "European Union (GDPR)," "California (CCPA)")

## Process

### Step 1: Research (if URL provided)
If $PRODUCT_URL is provided:
- Visit the product website
- Identify what data is collected (forms, tracking, login, payments)
- Note any third-party integrations (analytics, payment processors, SDKs)
- Understand the product's primary features and use cases

### Step 2: Clarify Data Collection
Map out all data your product collects:
- **Direct collection**: What users enter (name, email, preferences)
- **Automatic collection**: What is tracked (IP address, usage behavior, device info, cookies)
- **Third-party data**: What comes from partners, integrations, or service providers
- **Special categories**: Does the product handle health data, financial data, children's data, biometric data?

### Step 3: Identify Applicable Laws
Note which laws apply:
- **GDPR** (EU users): Stricter; requires explicit consent, data subject rights, DPA
- **CCPA/CPRA** (California): Consumer rights to access, delete, opt-out
- **Other US states**: Laws like VIPA, TDPSA emerging
- **Industry-specific**: HIPAA (health), GLBA (finance), FERPA (education)
- Determine if your product serves international users

### Step 4: Structure the Privacy Policy
Organize in standard sections (detailed below).

### Step 5: Use Plain Language
Write clearly and accessibly. Avoid technical jargon. Define terms when first used. Help users understand what data you collect and why.

### Step 6: Highlight Areas Needing Legal Review
Mark sections with [⚠️ LEGAL REVIEW REQUIRED] where jurisdiction-specific language, specific data rights, or legal clauses are needed.

### Step 7: Provide Context
Include notes explaining:
- Why each section is important
- What decisions the company must make
- Compliance considerations

## Privacy Policy Template Structure

### Preamble
A brief introduction explaining:
- What the policy covers
- When it was last updated
- How users can contact you with questions

### Key Sections

#### 1. Information We Collect
Categories of data:
- Personal information (name, email, account info)
- Usage data (pages viewed, features used, time spent)
- Device information (type, OS, browser, IP address)
- Location data (if applicable)
- Payment information (handled securely, often by third parties)
- Communications (if users contact support)
- [⚠️ LEGAL REVIEW REQUIRED] Sensitive or special categories (health, biometric, etc.)

#### 2. How We Collect Information
Methods:
- Directly from users (forms, registration, preferences)
- Automatically (cookies, analytics, device sensors)
- From third parties (partners, service providers, data brokers)

#### 3. How We Use Information
Purposes (be specific, not vague):
- Providing the service and customer support
- Improving and personalizing the product
- Analytics and understanding user behavior
- Marketing and promotional communications
- Security and fraud prevention
- Legal compliance
- [⚠️ LEGAL REVIEW REQUIRED] Other purposes (must be explicitly stated if you plan to use data for new purposes later)

#### 4. Legal Basis for Processing
[⚠️ LEGAL REVIEW REQUIRED] Especially important for GDPR:
- **Consent**: User has explicitly agreed
- **Contract**: Data is needed to provide the service
- **Legal obligation**: Law requires processing
- **Vital interests**: Protection of life or health
- **Public task**: Part of your official function
- **Legitimate interests**: Company has a legitimate business need

#### 5. Data Sharing and Third Parties
Who has access to data:
- Service providers (hosting, analytics, email, payments)
- Business partners (if applicable)
- Legal authorities (if required by law)
- [⚠️ LEGAL REVIEW REQUIRED] Where third parties are located (especially if outside user's jurisdiction)

#### 6. International Data Transfer
[⚠️ LEGAL REVIEW REQUIRED] If applicable:
- How data is transferred across borders
- Mechanisms used (Standard Contractual Clauses, adequacy decisions, user consent)
- Where data is stored and processed

#### 7. Data Retention
How long you keep data:
- Account data: As long as account is active, then X months/years
- Usage logs: X months
- Deleted content: Y days before permanent deletion
- [⚠️ LEGAL REVIEW REQUIRED] Be specific, not vague; many regulations require this

#### 8. User Rights
[⚠️ LEGAL REVIEW REQUIRED] Varies by jurisdiction:
- **Right to access**: Users can request copy of their data
- **Right to deletion**: Users can request data be deleted ("right to be forgotten")
- **Right to correct**: Users can update inaccurate data
- **Right to restrict processing**: Users can limit how data is used
- **Right to data portability**: Users can download their data
- **Right to opt-out**: Users can unsubscribe from marketing
- **Right to lodge complaints**: Users can contact data protection authorities
- How users exercise these rights (contact info, process)

#### 9. Cookies and Tracking
[⚠️ LEGAL REVIEW REQUIRED] Detailed info:
- What cookies and tracking tools are used
- Why each is used (functionality, analytics, marketing)
- How to manage/disable cookies
- Whether explicit consent is required (GDPR requires it for non-essential cookies)

#### 10. Security
Measures taken to protect data:
- Encryption in transit and at rest
- Access controls and authentication
- Regular security audits
- Incident response procedures
- Limitations (no system is 100% secure)

#### 11. Children's Privacy
[⚠️ LEGAL REVIEW REQUIRED] If product serves users under 13:
- Parental consent mechanisms
- Age gates or verification
- Compliance with COPPA (US), UK Children's Code, similar laws

#### 12. Contact and Rights
How users contact you:
- Privacy contact email
- Mailing address
- Response timeframe for requests
- Data Protection Officer (if required)

#### 13. Policy Changes
How you'll communicate changes:
- Notice period (e.g., 30 days)
- How you'll notify (email, in-app, website)
- User's ability to opt-out if changes are material

#### 14. Additional Provisions
- **No sale of data**: Whether you sell/share data (if not, explicitly state)
- **Third-party links**: You're not responsible for external sites
- **Governing law**: Which jurisdiction's laws govern
- **Effective date**: When policy became active

---

## Content Guidelines

- **Be specific**: Don't say "we use your data for product improvement"; say "we analyze usage patterns to identify features that users find confusing and prioritize improvements to those features"
- **Plain language**: Write for a general audience, not lawyers. Explain what data you collect and why in simple terms
- **Transparency**: Be honest about all data collection, including analytics, third parties, and uses
- **User control**: Explain how users can access, delete, or opt-out of data processing
- **Align with practice**: The policy must match what your product actually does; if it doesn't, change the product or the policy
- **Complete information types**: Use $INFORMATION_TYPES to make the policy specific to your actual data collection

---

## Output Format

Present the privacy policy in three parts:

### Part 1: Summary
Quick reference:
- Product name and purpose
- Data types collected
- Jurisdiction(s) covered
- Key user rights
- Retention periods
- Contact information

### Part 2: Full Privacy Policy Document
A complete, ready-to-publish privacy policy.

### Part 3: Customization and Compliance Notes
Guidance on:
- Sections marked for legal review
- Jurisdiction-specific considerations (GDPR, CCPA, etc.)
- Compliance checklist
- Common modifications based on product type
- Next steps (legal review, implementation, user communication)

---

## Key Compliance Reminders

- **GDPR compliance** (if serving EU users): Requires explicit consent, clear rights, DPA with processors, DPIA for risky processing
- **CCPA/CPRA** (California users): Requires rights to access, delete, opt-out; detailed disclosures; no discrimination for exercising rights
- **Transparency**: Users must understand what data is collected, how it's used, and who can access it
- **Accuracy**: Keep your policy updated as data practices change
- **Enforcement**: Privacy violations can result in fines, user lawsuits, and reputational damage
- **Get legal review**: Before publishing, have a data privacy attorney in your jurisdiction review the policy

---

## Before You Publish

- [ ] Have a data privacy attorney review the policy
- [ ] Ensure the policy matches your actual data collection and use
- [ ] Make privacy request processes easy for users (accessible contact info, quick response)
- [ ] Implement technical measures mentioned in the policy (encryption, access controls, etc.)
- [ ] Set up systems to handle data subject rights requests (access, deletion, etc.)
- [ ] Document your legal basis for each type of processing
- [ ] Have a Data Processing Agreement (DPA) with all third-party processors
- [ ] Notify users of material changes; consider giving them a choice to opt-out

How to use

  1. Copy the skill content above
  2. Create a .claude/skills directory in your project
  3. Save as .claude/skills/pm-skills-privacy-policy.md
  4. Use /pm-skills-privacy-policy in Claude Code to invoke this skill

GitHub stars License: MIT PRs Welcome Companion: pm-skills Companion: burnstop Companion: claude-usage

PM Skills Marketplace: The AI Operating System for Better Product Decisions

68 PM skills and 42 chained workflows across 9 plugins. Claude Code, Cowork, and more. From discovery to strategy, execution, launch, growth, and shipping AI-built code.

PM Skills marketplace: skills, commands, and all 9 plugins at a glance

Designed for Claude Code and Cowork. Skills compatible with other AI assistants.

Start Here

New idea? → /discover
Need strategic clarity? → /strategy
Writing a PRD? → /write-prd
Planning a launch? → /plan-launch
Defining metrics? → /north-star

If this project helps you, ⭐ the repo.

Why PM Skills Marketplace?

Generic AI gives you text. PM Skills Marketplace gives you structure.

Each skill encodes a proven PM framework — discovery, assumption mapping, prioritization, strategy — and walks you through it step by step. You get the rigor of Teresa Torres, Marty Cagan, and Alberto Savoia built into your daily workflow, not sitting on a bookshelf.

The result: better product decisions, not just faster documents.

How It Works (Skills, Commands, Plugins)

Example prompts: a skill and two commands (/write-prd, /ship-check) in action

Skills are the building blocks of the marketplace. Each skill gives Claude domain knowledge, analytical frameworks, or a guided workflow for a specific PM task. Some skills also work as reusable foundations that multiple commands share.

Skills are loaded automatically when relevant to the conversation — no explicit invocation needed. If needed (e.g., prioritizing skills over general knowledge), you can force loading skills with /plugin-name:skill-name or /skill-name (Claude will add the prefix).

Commands are user-triggered workflows invoked with /command-name. They chain one or more skills into an end-to-end process. For example, /discover chains four skills together: brainstorm-ideas → identify-assumptions → prioritize-assumptions → brainstorm-experiments.

Plugins group related skills and commands into installable packages. Each plugin covers a PM domain — discovery, strategy, execution, and so on. Installing the marketplace gives you all 9 plugins at once.

Commands use skills. Some skills serve multiple commands. Some skills (like prioritization-frameworks or opportunity-solution-tree) are standalone references that Claude draws on whenever relevant — no command needed.

Commands are designed to flow into each other, matching the PM workflow. After any command completes, it suggests relevant next commands — just follow the prompts.

Installation

Claude Cowork (recommended for non-developers)

  1. Open Customize (bottom-left)
  2. Go to Browse pluginsPersonal+
  3. Select Add marketplace from GitHub
  4. Enter: phuryn/pm-skills

All 9 plugins install automatically. You get both commands (/discover, /strategy, etc.) and skills.

Installing PM Skills in Claude Cowork

Claude Code (CLI)

# Step 1: Add the marketplace
claude plugin marketplace add phuryn/pm-skills

# Step 2: Install individual plugins
claude plugin install pm-toolkit@pm-skills
claude plugin install pm-product-strategy@pm-skills
claude plugin install pm-product-discovery@pm-skills 
claude plugin install pm-market-research@pm-skills 
claude plugin install pm-data-analytics@pm-skills
claude plugin install pm-marketing-growth@pm-skills
claude plugin install pm-go-to-market@pm-skills
claude plugin install pm-execution@pm-skills
claude plugin install pm-ai-shipping@pm-skills

Codex CLI (OpenAI)

Codex reads the same plugin marketplace file as Claude Code, so you can install PM Skills natively — no conversion or file-copying needed:

# Step 1: Add the marketplace
codex plugin marketplace add phuryn/pm-skills

# Step 2: Install the plugins you want
codex plugin add pm-toolkit@pm-skills
codex plugin add pm-product-strategy@pm-skills
codex plugin add pm-product-discovery@pm-skills
codex plugin add pm-market-research@pm-skills
codex plugin add pm-data-analytics@pm-skills
codex plugin add pm-marketing-growth@pm-skills
codex plugin add pm-go-to-market@pm-skills
codex plugin add pm-execution@pm-skills
codex plugin add pm-ai-shipping@pm-skills

What you get: every skill (the PM frameworks), available to Codex and invocable by name. Install whole plugins rather than cherry-picking individual skills — a workflow usually relies on several skills that ship together.

What's different from Claude Code: the /slash commands (/discover, /write-prd, …) install but don't run as Codex slash commands — Codex plugins don't expose commands. To run a workflow, just describe the steps in plain language, for example:

Run product discovery on [your idea]: brainstorm options, map assumptions, prioritize the risky ones, then design experiments — pause between each step.

Optional — let Codex turn the workflows into skills. Because the command files ship inside each installed plugin, you can ask Codex to convert the ones you use most:

Read the command files in the pm-execution plugin and create equivalent Codex skills for the workflows I use most often.

This is a best-effort, model-driven conversion (some Claude-specific command syntax won't translate), but it's a quick way to get the guided workflows on Codex without leaving the CLI.

Other AI assistants (skills only)

The skills/*/SKILL.md files follow the universal skill format and work with any tool that reads it. Commands (/slash-commands) are Claude-specific.

ToolHow to useWhat works
Gemini CLICopy skill folders to .gemini/skills/Skills only
OpenCodeCopy skill folders to .opencode/skills/Skills only
CursorCopy skill folders to .cursor/skills/Skills only
KiroCopy skill folders to .kiro/skills/Skills only
# Example: copy all skills for OpenCode (project-level)
for plugin in pm-*/; do
  mkdir -p .opencode/skills/
  cp -r "$plugin/skills/"* .opencode/skills/ 2>/dev/null
done

# Example: copy all skills for Gemini CLI (global)
for plugin in pm-*/; do
  cp -r "$plugin/skills/"* ~/.gemini/skills/ 2>/dev/null
done

Available Plugins

<details> <summary><strong>1. pm-product-discovery</strong> — Ideation, experiments, assumption testing, OSTs, interviews (13 skills, 5 commands)</summary>

Skills (13):

  • brainstorm-ideas-existing — Multi-perspective ideation for existing products (PM, Designer, Engineer)
  • brainstorm-ideas-new — Ideation for new products in initial discovery
  • brainstorm-experiments-existing — Design experiments to test assumptions for existing products
  • brainstorm-experiments-new — Design lean startup pretotypes for new products (Alberto Savoia)
  • identify-assumptions-existing — Identify risky assumptions across Value, Usability, Viability, and Feasibility
  • identify-assumptions-new — Identify risky assumptions across 8 risk categories including Go-to-Market, Strategy, and Team
  • prioritize-assumptions — Prioritize assumptions using an Impact × Risk matrix with experiment suggestions
  • prioritize-features — Prioritize a feature backlog based on impact, effort, risk, and strategic alignment
  • analyze-feature-requests — Analyze and categorize customer feature requests by theme and strategic fit
  • opportunity-solution-tree — Build an Opportunity Solution Tree (Teresa Torres) — outcome → opportunities → solutions → experiments
  • interview-script — Create a structured customer interview script with JTBD probing questions
  • summarize-interview — Summarize an interview transcript into JTBD, satisfaction signals, and action items
  • metrics-dashboard — Design a product metrics dashboard with North Star, input metrics, and alert thresholds

Commands (5):

  • /discover — Full discovery cycle: ideation → assumption mapping → prioritization → experiment design
  • /brainstorm — Multi-perspective ideation (ideas|experiments × existing|new)
  • /triage-requests — Analyze and prioritize a batch of feature requests
  • /interview — Prepare an interview script or summarize a transcript (prep|summarize)
  • /setup-metrics — Design a product metrics dashboard

Examples:

Skills:

  • What are the riskiest assumptions for our AI writing assistant idea?
  • Help me build an Opportunity Solution Tree for improving user activation
  • Prioritize these 12 feature requests from our enterprise customers [attach CSV]

Commands:

  • /discover AI-powered meeting summarizer for remote teams
  • /brainstorm experiments existing — We need to reduce churn in our onboarding flow
  • /interview prep — We're interviewing enterprise buyers about their procurement workflow
</details> <details> <summary><strong>2. pm-product-strategy</strong> — Vision, business models, pricing, competitive landscape (12 skills, 5 commands)</summary>

Product strategy, vision, business models, pricing, and macro environment analysis. Covers the full strategic toolkit from vision crafting through competitive landscape scanning.

Skills (12):

  • product-strategy — Comprehensive 9-section Product Strategy Canvas (vision → defensibility)
  • startup-canvas — Startup Canvas combining Product Strategy (9 sections) + Business Model — an alternative to BMC and Lean Canvas for new products
  • product-vision — Craft an inspiring, achievable, and emotional product vision
  • value-proposition — 6-part JTBD value proposition (Who, Why, What before, How, What after, Alternatives)
  • lean-canvas — Lean Canvas business model for startups and new products
  • business-model — Business Model Canvas with all 9 building blocks
  • monetization-strategy — Brainstorm 3–5 monetization strategies with validation experiments
  • pricing-strategy — Pricing models, competitive analysis, willingness-to-pay, and price elasticity
  • swot-analysis — SWOT analysis with actionable recommendations
  • pestle-analysis — Macro environment: Political, Economic, Social, Technological, Legal, Environmental
  • porters-five-forces — Competitive forces analysis (rivalry, suppliers, buyers, substitutes, new entrants)
  • ansoff-matrix — Growth strategy mapping across markets and products

Commands (5):

  • /strategy — Create a complete 9-section Product Strategy Canvas
  • /business-model — Explore business models (lean|full|startup|value-prop|all)
  • /value-proposition — Design a value proposition using the 6-part JTBD template
  • /market-scan — Macro environment analysis combining SWOT + PESTLE + Porter's + Ansoff
  • /pricing — Design a pricing strategy with competitive analysis and experiments

Examples:

Skills:

  • Compare Lean Canvas vs Business Model Canvas vs Startup Canvas for my marketplace startup
  • Design a value proposition for our AI writing assistant targeting non-native English speakers
  • Run a Porter's Five Forces analysis for the project management SaaS market

Commands:

  • /strategy B2B project management tool for agencies
  • /business-model startup — AI writing tool for non-native English speakers
  • `/value-proposition SaaS onboarding tool for en

View source on GitHub