Questions
we hear a lot.

The documents we generate cover the disclosures required by current privacy frameworks — GDPR, CCPA/CPRA, UK GDPR, PIPEDA, Australian Privacy Act — and follow the structures regulators and courts expect. They are equivalent in form to what you would receive from a template service like TermsFeed or Iubenda, and stronger than 90% of policies on the live web. That said: no automated tool can replace a lawyer reviewing your specific business model, especially if you process sensitive data, serve minors, or operate in a regulated industry (health, finance, education). Use our output as a strong starting point, then have counsel review the parts that matter for your specific risk profile.

A privacy policy is only litigated when there is an underlying dispute (a breach, a deceptive-practices complaint, a regulator action). What matters in those cases is whether your policy is accurate and complete — does it match what your business actually does? Our generator only describes things you tell it about; we do not invent practices. So as long as your inputs reflect reality, the output is enforceable in the same way any well-drafted policy is. The risk is not the document — it is divergence between the document and your actual operations.

For most small businesses, you should not — you should trust both. A lawyer reviewing a strong first draft costs a fraction of a lawyer writing from scratch. Our drafts are built on a curated legal knowledge base (the same regulations and guidance lawyers reference) and go through an automated audit loop that catches missing disclosures before delivery. The result is a baseline that is consistent, current, and structured the way regulators expect. Bring that to a lawyer for the final 10% of customization and you save 80–95% of the cost.

No automated tool can offer a legal guarantee — neither can a lawyer, technically. What we do offer: the output reflects current statutory requirements as of the date it is generated, the audit pipeline flags gaps before delivery, and you can see the audit report yourself on the /audit page if you want to verify. Read the full disclaimer at /legal/disclaimer.

Five named jurisdictions with framework-specific clauses: United States (CCPA / CPRA, plus the 19+ state privacy acts), European Union (GDPR), United Kingdom (UK GDPR + Data Protection Act 2018), Canada (PIPEDA), and Australia (Privacy Act + Australian Privacy Principles). You can select any combination; the document is composed to satisfy all selected frameworks simultaneously.

Pick the "Global" mode in the jurisdiction step. We use international best-practice language that satisfies the major frameworks (GDPR/CCPA-level disclosures) which in practice covers the disclosure obligations of LGPD (Brazil), APPI (Japan), DPDP Act 2023 (India), POPIA (South Africa), and most other emerging privacy regimes. We do not produce country-specific clauses for those jurisdictions yet — that is on the roadmap.

Yes. Multi-jurisdiction is the default for any business serving customers across borders — e.g. US + EU + UK is typical for SaaS. The generator merges the requirements of every selected framework into a single coherent document instead of producing one policy per region.

Privacy law moves. CCPA had three amendments in 2024 alone, GDPR guidance is updated quarterly, and new state acts come online every six months. Two things happen on our end: (1) our underlying knowledge base is updated continuously by us, so any document generated after a change reflects the new requirements; (2) if you are on Pro, you get an email digest when a change affects a document type you have generated, with a one-click regenerate option.

They do not auto-update — that would be dishonest, because we would be making legal changes to your live document without your review. Instead: Pro users get notified when changes apply, and can regenerate (with diff view) in one click. Free / Single users can regenerate manually any time.

Continuously. We track regulator guidance, court decisions, and new legislation across all supported jurisdictions and roll updates into the generator within days of a material change. You can see notable updates on the (forthcoming) /changelog page.

Yes — and you should. Free / Single users get Markdown, HTML, and PDF downloads; edit those in any tool you like. Pro users get a built-in editor with paragraph-level AI rewriting, version history with diffs, and hosted policy URLs that update when you save. The editor is the easiest path because the AI knows the legal context of each clause and will not let you accidentally break a required disclosure.

Yes. The generator has a free-form "additional context" field where you describe anything unusual about your business (regulated industry, specific data flows, custom retention periods). The AI weaves it in. For deeper customization use the Pro editor afterward.

Single ($2) and Pro both let you download HTML, paste it on your site, and serve from your own domain. Pro additionally gives you a hosted URL at policystamp.com/p/[your-slug] that updates whenever you edit — useful if you want a single canonical URL you can link to from your footer without redeploying.

No. We use DeepSeek for generation and pass inputs through as one-shot requests; nothing is retained for training. Generated documents are stored against your account (if you are signed in) so you can find them on your dashboard, and we hold a short cache of audit results so the "fix" upsell works after you leave the page. Both are deletable from the account settings.

Account email, generated document content (so you can retrieve it), and Stripe/Lemon Squeezy payment metadata for billing. No cookies for tracking. No analytics that profile individuals. We host on Cloudflare. Our own privacy policy is at /legal/privacy.

Yes — from /settings/account, click "Delete account". This removes your profile, all generated documents, and any cached audits within 24 hours. Stripe / Lemon Squeezy retain billing records as required by tax law.

Paste a URL or the text of an existing policy. The audit pipeline runs the same compliance review we use internally on generated documents — same legal knowledge base, same regulator-citation rules. You get a structured report of issues categorized by severity (blocker / gap / polish), with the specific framework clause each issue ties to. The audit itself is free; if you want to apply the fixes automatically, that is a $2 unlock.

You configure colors, position, and consent categories on /cookie-banner-generator, then paste a one-line script tag onto your site. The banner is hosted at policystamp.com/banner.js, persists user choices in localStorage, fires standard events your analytics / pixels can listen for, and is fully free with no usage limits. See the "How to install" section on the configurator page for the full integration guide.

Pro is $5/month and unlocks: unlimited documents (all five types), paragraph-level AI editing in a real editor with version history, multi-language output, hosted policy URLs that update when you save, auto-update email digest when laws affect your docs, unlimited free audits, and removed branding on PDFs. If you generate more than two documents or want to maintain them over time, Pro pays for itself versus paying $2 per regenerate.

The complete document. The free preview shows the first three sections in full and lists the titles of the locked sections so you can see what is included. The $2 unlock removes the lock and gives you Markdown, HTML, and PDF downloads of all sections. One purchase, one document. Buy as many as you need.

Yes. Email hello@policystamp.com after your $2 purchase and we credit the $2 against your first month of Pro.

For Single ($2): the free preview is your refund — you see three full sections before paying anything. For Pro: cancel any time from /settings/billing, no questions asked. We refund the unused portion of the current month on request.

Yes. Lemon Squeezy is our merchant of record and handles global tax compliance — VAT, GST, US sales tax in applicable states. You see the right tax for your location at checkout.