You'll make this document available on your website and within your mobile app so your users can find out things like what information you're collecting from them and how, as well as what you plan to do with that information and how they can control any of this.
Usually, this is based on factors like what kind of information your users are required to enter, their demographics, what you plan on doing with that information, etc.
That said, what you can do is identify the factors that are important to you and then find a solution that's specific to your business needs.
For instance, if you have a retail business with an online presence then your business industry is less likely to fall under restrictive laws making it simpler than a web application that is targeted at children and requires them to enter their personal information through a web page.
Basically, when you're writing a policy agreement for the multiple platforms that you're running your business through, you want to make sure you're covering all the bases by referring to all of them.
Policies written for websites that host user-generated content (think social media accounts or blogs that allow users to leave comments) tend to be more expensive because they require specific clauses concerning intellectual property, liability, privacy, and acceptable use.
In most cases, websites and mobile apps that encourage their consumers to publish content or upload media files will have to address their end user's rights and their own rights for that content.
For example, Reddit protects its content through intellectual property laws and explains which rights their users retain and which rights they grant to the content that users submit to the platform.
Some websites include a communications clause in their Policy that explains how the company collects and uses information for communications purposes.
Forever 21's policy agreement, for example, has two separate clauses for California Residents and EU Residents that informs them of their rights and the international transfers of EU customers' personal information respectively.
Some of the most common third-party entities that access consumer information include marketers/advertisers and social networking and analytics applications.
You don't have to name third parties specifically, but just make it known that this is happening.
A data retention clause typically covers what data you're retaining and for how long.
HubSpot writes in their policy agreement that it retains its customers' personal information if there's an ongoing legitimate business need to do so.
In addition to this, it includes information about how customers can request to have their information deleted earlier.
The low end of the price range will tend to cover simple business models that are more likely to have standard legal rules. These are typically tried-and-tested businesses such as:
If your business has legal requirements that are very complicated or is likely to be full of hidden dangers or liabilities then the cost for your policy agreement will probably be on the higher-end of the spectrum. These businesses have legal requirements that constantly undergo changes due to external factors like social, technological, economic, and political influences. Some examples include businesses operating in the:
However, the final cost will be unique to your business as no two businesses are exactly alike, nor will any two Privacy Policies be.