Privacy Policy

Name: Privacy Policy
Author: phuryn

phuryn/pm-skills

Draft a structured privacy policy with jurisdiction, data-type coverage, and GDPR-oriented clauses flagged for attorney review before you publish or launch.

Overview

privacy-policy is an agent skill most often used in Validate (also Launch, Ship) that drafts a detailed, plain-language privacy policy with GDPR-oriented sections flagged for legal review.

Install

npx skills add https://github.com/phuryn/pm-skills --skill privacy-policy

What is this skill?

Structured inputs: product name, company, address, contact email, and information types handled
Plain-language drafting with clauses explicitly marked for legal review
Covers jurisdiction and GDPR-style compliance considerations in the template flow
Built-in disclaimer that output is informational, not legal advice
Optional product URL research hook when details are not supplied upfront

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Adoption & trust: 1.3k installs on skills.sh; 12.3k GitHub stars; 2/3 security scanners passed (skills.sh audits).

What problem does it solve?

You are launching a product that collects user data but you only have vague notes—not a policy that matches your jurisdictions and data types.

Who is it for?

Solo builders preparing App Store, web, or SaaS launches who need a compliant-style first draft fast.

Skip if: Enterprises needing counsel-certified policies without human legal review, or products with no personal data collection.

When should I use this skill?

Creating a privacy policy, updating data protection documentation, or preparing for compliance.

What do I get? / Deliverables

You receive a structured privacy policy draft with clear legal-review flags and contact blocks ready for counsel before publication.

Draft privacy policy document with legal-review markers
Jurisdiction and data-type sections tailored to supplied inputs

Recommended Skills

Lark Doclarksuite/cli

lark-doc is an agent skill for Feishu cloud documents, knowledge-base wiki pages, and Docx v2 workflows through the `lar…211k installs·13.7k stars

Lark Wikilarksuite/cli

Operates Lark wiki spaces and nodes via lark-cli, emphasizing URL resolution, bot limitations on departments, and safe s…209k installs·13.7k stars

Opensource Guide Coachxixu-me/skills

Open Source Guide Coach distills GitHub's official Open Source Guides into actionable coaching for starting projects, at…200k installs·61 stars

Readme I18nxixu-me/skills

README i18n skill standardizes multilingual README language selectors—placing a canonical README-I18N block after the ti…200k installs·61 stars

Doc Coauthoringanthropics/skills

Doc Co-Authoring is an agent skill that walks solo builders through collaborative creation of substantial documentation—…54.6k installs·148k stars

Obsidian Markdownkepano/obsidian-skills

obsidian-markdown is an agent skill for solo builders who keep specs, research, and runbooks in Obsidian vaults. It teac…41k installs·34.9k stars

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Canonical shelf is Validate because scoping legal-facing data practices early prevents building features that violate stated commitments. Scope subphase captures product boundaries—what you collect, where users are, and what must be documented before build commitments harden.

Also useful

LaunchDistribution & launch channels

Also useful

ShipSecurity

Where it fits

Example use

ValidateScope & plan

Define information types and jurisdictions before committing to analytics SDKs.

Example use

ShipSecurity

Align policy language with actual retention and subprocessors before release checklist sign-off.

Example use

LaunchDistribution & launch channels

Publish storefront and marketing site legal links consistent with shipped features.

How it compares

Generator skill for policy prose, not an automated GDPR certification or live consent management platform.

Common Questions / FAQ

Who is privacy-policy for?

Indie founders and PMs documenting data practices for web apps, mobile apps, and ecommerce before users sign up.

When should I use privacy-policy?

Use it in Validate when scoping data collection, in Ship when preparing security/compliance docs for release, and in Launch when publishing store or site legal pages—always followed by attorney review.

Is privacy-policy safe to install?

See the Security Audits panel on this page; avoid sending real user PII into prompts—use product metadata and data-category labels instead.

SKILL.md

READMESKILL.md - Privacy Policy

# Privacy Policy Generator

You are an experienced data privacy and compliance specialist. Your role is to help draft comprehensive, clear, and compliant privacy policies for digital products and services.

## Purpose
Draft a detailed privacy policy for a product or service. The policy covers data types handled, applicable jurisdiction, and clearly marks clauses that require legal review. Provide plain-language explanations to ensure accessibility and transparency.

## Important Disclaimer
**This is for informational purposes only and does not constitute legal advice. Always have a qualified attorney specializing in data privacy law review the final policy before publication. Privacy policies are legally binding documents that establish your company's responsibilities and users' rights; professional legal review is essential.**

## Input Arguments
- `$PRODUCT_NAME`: Name of the product or service
- `$PRODUCT_URL`: URL or description of the product (optional; will be researched if provided)
- `$COMPANY_NAME`: Legal name of your company
- `$COMPANY_ADDRESS`: Company headquarters or registered address
- `$CONTACT_EMAIL`: Email for privacy inquiries (e.g., privacy@company.com)
- `$INFORMATION_TYPES`: Types of data collected (e.g., "names, emails, usage behavior, location data, payment information, device identifiers")
- `$JURISDICTION`: Applicable jurisdiction (e.g., "United States," "European Union (GDPR)," "California (CCPA)")

## Process

### Step 1: Research (if URL provided)
If $PRODUCT_URL is provided:
- Visit the product website
- Identify what data is collected (forms, tracking, login, payments)
- Note any third-party integrations (analytics, payment processors, SDKs)
- Understand the product's primary features and use cases

### Step 2: Clarify Data Collection
Map out all data your product collects:
- **Direct collection**: What users enter (name, email, preferences)
- **Automatic collection**: What is tracked (IP address, usage behavior, device info, cookies)
- **Third-party data**: What comes from partners, integrations, or service providers
- **Special categories**: Does the product handle health data, financial data, children's data, biometric data?

### Step 3: Identify Applicable Laws
Note which laws apply:
- **GDPR** (EU users): Stricter; requires explicit consent, data subject rights, DPA
- **CCPA/CPRA** (California): Consumer rights to access, delete, opt-out
- **Other US states**: Laws like VIPA, TDPSA emerging
- **Industry-specific**: HIPAA (health), GLBA (finance), FERPA (education)
- Determine if your product serves international users

### Step 4: Structure the Privacy Policy
Organize in standard sections (detailed below).

### Step 5: Use Plain Language
Write clearly and accessibly. Avoid technical jargon. Define terms when first used. Help users understand what data you collect and why.

### Step 6: Highlight Areas Needing Legal Review
Mark sections with [⚠️ LEGAL REVIEW REQUIRED] where jurisdiction-specific language, specific data rights, or legal clauses are needed.

### Step 7: Provide Context
Include notes explaining:
- Why each section is important
- What decisions the company must make
- Compliance considerations

## Privacy Policy Template Structure

### Preamble
A brief introduction explaining:
- What the policy covers
- When it was last updated
- How users can contact you with questions

### Key Sections

#### 1. Information We Collect
Categories of data:
- Personal information (name, email, account info)
- Usage data (pages viewed, features used, time spent)
- Device information (type, OS, browser, IP address)
- Location data (if applicable)
- Payment information (handled securely, often by third parties)
- Communic

What is this skill?

Structured inputs: product name, company, address, contact email, and information types handled

Plain-language drafting with clauses explicitly marked for legal review

Covers jurisdiction and GDPR-style compliance considerations in the template flow

Built-in disclaimer that output is informational, not legal advice

Optional product URL research hook when details are not supplied upfront

Compatible agents: Claude Code, Cursor, Codex, Windsurf

Adoption & trust: 1.3k installs on skills.sh; 12.3k GitHub stars; 2/3 security scanners passed (skills.sh audits).

Journey fit

Spans multiple journey phases - primary shelf plus alternate fits below.

Primary fit

Also useful

LaunchDistribution & launch channels

Also useful

ShipSecurity

Where it fits

Example use

ValidateScope & plan

Define information types and jurisdictions before committing to analytics SDKs.

Example use

ShipSecurity

Align policy language with actual retention and subprocessors before release checklist sign-off.

Example use

LaunchDistribution & launch channels

Publish storefront and marketing site legal links consistent with shipped features.

SKILL.md

READMESKILL.md - Privacy Policy

# Privacy Policy Generator

You are an experienced data privacy and compliance specialist. Your role is to help draft comprehensive, clear, and compliant privacy policies for digital products and services.

## Purpose
Draft a detailed privacy policy for a product or service. The policy covers data types handled, applicable jurisdiction, and clearly marks clauses that require legal review. Provide plain-language explanations to ensure accessibility and transparency.

## Important Disclaimer
**This is for informational purposes only and does not constitute legal advice. Always have a qualified attorney specializing in data privacy law review the final policy before publication. Privacy policies are legally binding documents that establish your company's responsibilities and users' rights; professional legal review is essential.**

## Input Arguments
- `$PRODUCT_NAME`: Name of the product or service
- `$PRODUCT_URL`: URL or description of the product (optional; will be researched if provided)
- `$COMPANY_NAME`: Legal name of your company
- `$COMPANY_ADDRESS`: Company headquarters or registered address
- `$CONTACT_EMAIL`: Email for privacy inquiries (e.g., privacy@company.com)
- `$INFORMATION_TYPES`: Types of data collected (e.g., "names, emails, usage behavior, location data, payment information, device identifiers")
- `$JURISDICTION`: Applicable jurisdiction (e.g., "United States," "European Union (GDPR)," "California (CCPA)")

## Process

### Step 1: Research (if URL provided)
If $PRODUCT_URL is provided:
- Visit the product website
- Identify what data is collected (forms, tracking, login, payments)
- Note any third-party integrations (analytics, payment processors, SDKs)
- Understand the product's primary features and use cases

### Step 2: Clarify Data Collection
Map out all data your product collects:
- **Direct collection**: What users enter (name, email, preferences)
- **Automatic collection**: What is tracked (IP address, usage behavior, device info, cookies)
- **Third-party data**: What comes from partners, integrations, or service providers
- **Special categories**: Does the product handle health data, financial data, children's data, biometric data?

### Step 3: Identify Applicable Laws
Note which laws apply:
- **GDPR** (EU users): Stricter; requires explicit consent, data subject rights, DPA
- **CCPA/CPRA** (California): Consumer rights to access, delete, opt-out
- **Other US states**: Laws like VIPA, TDPSA emerging
- **Industry-specific**: HIPAA (health), GLBA (finance), FERPA (education)
- Determine if your product serves international users

### Step 4: Structure the Privacy Policy
Organize in standard sections (detailed below).

### Step 5: Use Plain Language
Write clearly and accessibly. Avoid technical jargon. Define terms when first used. Help users understand what data you collect and why.

### Step 6: Highlight Areas Needing Legal Review
Mark sections with [⚠️ LEGAL REVIEW REQUIRED] where jurisdiction-specific language, specific data rights, or legal clauses are needed.

### Step 7: Provide Context
Include notes explaining:
- Why each section is important
- What decisions the company must make
- Compliance considerations

## Privacy Policy Template Structure

### Preamble
A brief introduction explaining:
- What the policy covers
- When it was last updated
- How users can contact you with questions

### Key Sections

#### 1. Information We Collect
Categories of data:
- Personal information (name, email, account info)
- Usage data (pages viewed, features used, time spent)
- Device information (type, OS, browser, IP address)
- Location data (if applicable)
- Payment information (handled securely, often by third parties)
- Communic

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is privacy-policy for?

When should I use privacy-policy?

Is privacy-policy safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Where it fits

Who is privacy-policy for?

When should I use privacy-policy?

Is privacy-policy safe to install?

SKILL.md