Get legal & compliant

What do I need to put in my privacy policy, and how do I actually draft one?

The short answer

Skip the generic Shopify/WooCommerce boilerplate privacy policy, it won't map to DPDP's requirement that you itemise each data category (name, phone, payment info, browsing behaviour) against a specific purpose you're using it for. Start from a DPDP-specific generator or template rather than adapting an old GDPR policy, since the two laws' required disclosures don't fully overlap. At minimum your policy needs: what data you collect, why, how long you keep it, who you share it with (payment gateways, courier partners, ad platforms), and a working process, with a real email address, for a customer to request access, correction, or deletion.

A quick summary to orient you. The real value is below: the resources worth your time, from people who've actually done it, not us.

Here are the resources

Hand-picked from around the web, each with a note on why it earns your time. India-specific ones carry a badge.

4 resources 2 India-specific 4 link-checked Read Use

Read

📄 Article
✓ Link checked Free Intermediate

Why we picked it A global law firm's action-step framing is useful precisely because it's written for businesses operating across multiple jurisdictions, a good structure if you're already juggling GDPR or US state laws alongside DPDP.

India's New Data Privacy Rules Are Here: 8 Steps for Businesses as Key Compliance Deadlines Approach

From Fisher Phillips by Fisher Phillips LLP

  • Lists 8 concrete compliance steps with a deadline-driven structure
  • Covers the 90-day data-subject-request response window
  • Useful checklist format for founders managing multi-jurisdiction compliance
Open fisherphillips.com

Use

🛠️ Tool
✓ Link checked India Free Beginner

Why we picked it A free, DPDP-specific privacy notice generator (available in English and Indian languages), start here instead of retrofitting an old GDPR template that won't match India's disclosure requirements.

DPDPA Privacy Notice Generator

From DPDPA.com

  • Generates a legally-structured privacy notice under the DPDP Act specifically
  • Available in multiple Indian languages, not just English
  • Free starting point before a lawyer reviews the final draft
Open dpdpa.com
📋 Template
✓ Link checked India Free Beginner

Why we picked it A single page of downloadable DPDP-aligned templates, data protection policy, privacy notice, consent forms, that saves you from drafting each document from a blank page.

Templates and Policies, DPDP Rules

From DPDPA.com

  • Free downloadable templates covering multiple required documents
  • Includes a website privacy policy template specifically
  • Good baseline to edit rather than a final compliance solution
Open dpdpa.com
🛠️ Tool
✓ Link checked Freemium Beginner

Why we picked it Useful if you need one policy that references DPDP, GDPR, and CCPA together, a realistic need for a D2C brand selling on its own store to customers in multiple countries.

Free Privacy Policy Generator for Websites & Apps | GDPR, CCPA & India DPDP

From PolicyOwn

  • Covers DPDP, GDPR, and CCPA in a single generated policy
  • Free tier available before upgrading for more customisation
  • Faster than drafting three separate region-specific policies
Open policyown.com

People also ask

eChai Partner Brands