Privacy notice section outline
- Section prompts force drafts to mirror real product, vendors, and retention—not boilerplate.
- Validate final wording against India Code / notified rules and counsel.
- Use with notice checklist and official resources.
Each section lists prompts your team answers in draft form. The goal is a notice that matches reality, not aspirational policy.
| Section | What to cover (prompts) | Draft notes |
|---|---|---|
| Who we are | Legal entity name, contact, registered address if applicable. | |
| What personal data we process | Categories tied to actual product behavior; avoid vague “etc.” | |
| Why we process it | Purposes per category; separate optional marketing where relevant. | |
| Legal basis (as counsel advises) | Consent, legitimate uses narrative, or other framing approved internally. | |
| Sharing & processors | Categories of recipients, subprocessor philosophy, onward transfer limits. | |
| Retention | Triggers and timelines; link to cookie policy if split. | |
| Security measures (high level) | Honest description; avoid unverifiable superlatives. | |
| Your rights | Access, correction, erasure, grievance, nomination where applicable. | |
| How to exercise rights | Channels, SLAs, proof of identity if used. | |
| Grievance / escalation | Named role, timelines, appeal paths as applicable. | |
| Updates to this notice | Versioning, last updated date, how you notify users material changes. |