Generates comprehensive privacy policies by scanning websites for data collection signals including cookies, forms, payment processors, and third-party scripts. Use when launching a website or app that collects user data and needs GDPR/CCPA compliance. Trigger with "/privacy-generator" or "create a privacy policy for my website".
Scans a website or application codebase to detect data collection signals — cookies, web forms, payment processors, analytics scripts, social media embeds, and third-party trackers — then generates a tailored privacy policy with 12 sections. Includes specific GDPR rights (7 individual rights), CCPA rights (6 consumer rights), and cookie consent banner text in both minimal and full GDPR formats.
The detection phase maps every data touchpoint to its legal basis and disclosure requirement, ensuring the generated policy accurately reflects actual data practices rather than relying on generic boilerplate.
Legal Disclaimer: This skill generates template documents for informational and educational purposes only. Generated privacy policies are not a substitute for legal advice. Data protection requirements vary by jurisdiction, industry, and data type. All documents should be reviewed by a licensed attorney and/or data protection officer before publication. No attorney-client relationship is created by using this tool.
Scan for data collection signals. Use WebFetch on the target URL to detect:
| Signal Category | What to Look For |
|---|---|
| Cookies | Set-Cookie headers, cookie consent banners, tracking pixels |
| Analytics | Google Analytics, Mixpanel, Amplitude, Hotjar, Segment |
| Forms | Contact forms, registration, login, newsletter signup |
| Payments | Stripe, PayPal, Square, Braintree, payment form fields |
| Social | Facebook Pixel, Twitter tags, LinkedIn Insight, social login |
| Advertising | Google Ads, Facebook Ads, retargeting pixels |
| CDN/Third-Party | Cloudflare, AWS CloudFront, Google Fonts, embedded iframes |
| Chat/Support | Intercom, Zendesk, Drift, live chat widgets |
If scanning a codebase instead, use Glob and Grep to find:
document.cookie, setCookie, cookies middleware)gtag, analytics.track, mixpanel.init)Classify data types collected. Map detected signals to data categories:
Determine legal bases (GDPR). For each data category, assign:
Generate the 12-section privacy policy:
| # | Section | Covers |
|---|---|---|
| 1 | Introduction | Who the company is, what this policy covers |
| 2 | Information We Collect | Data types, collection methods, sources |
| 3 | How We Use Your Information | Purposes mapped to legal bases |
| 4 | Cookies & Tracking | Cookie types, duration, opt-out mechanisms |
| 5 | Information Sharing | Third parties, categories, purposes |
| 6 | Data Retention | How long each data type is kept |
| 7 | Your Rights Under GDPR | 7 specific rights with exercise instructions |
| 8 | Your Rights Under CCPA | 6 specific rights with exercise instructions |
| 9 | Data Security | Technical and organizational measures |
| 10 | International Transfers | Cross-border data flow safeguards |
| 11 | Children's Privacy | Age restrictions, COPPA compliance |
| 12 | Contact & Updates | DPO contact, policy change notification |
Detail GDPR rights (Section 7). Include all seven with exercise instructions:
Detail CCPA rights (Section 8). Include all six:
Generate cookie consent banner text. Two versions:
Tag assumptions. Insert [VERIFY] for any data practice inferred from signals
but not confirmed by the user (e.g., [VERIFY: Google Analytics detected — confirm if IP anonymization is enabled]).
Write the output file using the naming convention below.
Generate a single Markdown file named PRIVACY-POLICY-{company}-{YYYY-MM-DD}.md with:
# Privacy Policy
**{Company Name}**
**Last Updated:** {date}
**Effective Date:** {date}
---
## Data Collection Summary
| Data Type | Source | Legal Basis | Retention |
|-----------|--------|-------------|-----------|
{table of all detected data points}
---
## 1. Introduction
{formal legal text}
> **Plain English:** {simple explanation}
{... sections 2-12 ...}
---
## Cookie Consent Banner Text
### Minimal Version (US)
{banner text}
### Full GDPR Version
{banner text with granular consent options}
---
**[VERIFY] Tags Summary:**
{numbered list of assumptions}
**Detection Results:** {count} data signals detected across {count} categories
**Generated by:** Legal Assistant Plugin — Not a substitute for legal counsel.
| Error | Cause | Solution |
|---|---|---|
| Website unreachable | URL down or behind authentication | Ask for a description of data practices or codebase path |
| No data signals detected | Static site with no tracking | Generate minimal policy covering server logs and hosting |
| Sensitive data detected | Health, biometric, or financial data | Flag for enhanced protection; recommend DPO consultation |
| Multiple jurisdictions | Global audience detected | Include both GDPR and CCPA sections, add [VERIFY] for others |
| Server-side processing invisible | Cannot detect backend data flows | Ask user to describe server-side data collection |
| Third-party script unrecognized | Unknown tracking pixel or SDK | List as "unidentified third-party service" with [VERIFY] |
Example 1: SaaS with Analytics and Payments
Request: "Generate a privacy policy for https://example-app.com"
Result: PRIVACY-POLICY-ExampleApp-2026-04-02.md detecting:
Example 2: Content Blog with Newsletter
Request: "Create privacy policy for my WordPress blog with Mailchimp newsletter"
Result: PRIVACY-POLICY-MyBlog-2026-04-02.md detecting: