Privacy policy & terms generator

Ship the legal pages you keep putting off.

Most indie and vibe-coded apps launch with no privacy policy, no terms, and a broken cookie banner — exactly the gaps that draw GDPR and CCPA complaints. Answer a few questions and get all three, tailored to what you actually collect.

Build my documents How it works

100% in your browser. Your answers never leave this tab. No upload. No signup.

Tell us about your project

Everything updates the live preview as you type. Nothing is sent anywhere.

The basics

Shown as the governing entity in the Terms. Leave blank to use the name above.

What data do you collect?

Toggle on anything your app does. Each one adds the matching clauses.

Third parties you use

These are named as data processors in your privacy policy.

Regions you serve

Pick everywhere your users are. This decides which rights sections appear.

Minimum age policy

Children's-data clauses are written to match this choice.

This is a template, not legal advice. ComplyKit produces a solid starting point — it cannot know your exact situation. Have a lawyer review anything you publish.

Privacy Policy

What you get

Three documents, built from your answers

No generic boilerplate dumped on you — every clause is included because you told us it applies.

  • Privacy Policy

    GDPR & CCPA-aware, version-stamped with today's date, with the exact data, processors, and rights you selected.

  • Terms of Service

    Acceptable use, accounts, payments, liability, and governing-law sections that adapt to what your app does.

  • Cookie Notice

    A plain-English explanation of the categories of cookies you use and how visitors control them.

  • Cookie Banner

    Copy-paste vanilla-JS consent banner — accessible, categorized, localStorage-backed, zero dependencies.

How it works

Three steps, zero uploads

  1. Answer

    Fill in your name, contact, and what your app collects. Toggles drive which clauses appear.

  2. Watch it assemble

    The live preview rebuilds in your browser as you type. Conditional clauses appear and disappear in real time.

  3. Copy or download

    Export each document as HTML, Markdown, or plain text — and grab the ready-to-paste cookie banner.

The ship-safety suite

ComplyKit is one of five checks before you ship

Free, browser-based safety tools for vibe-coded and indie apps, from Copper Bay Labs.

  • ShipSafe →

    Will you get sued? Checks your site for ADA accessibility and privacy-law exposure.

  • LeakCheck →

    Did you leak a secret in your code? Finds exposed API keys and tokens before you commit.

  • ExposureCheck →

    Is your live site leaking? Scans a running URL for exposed files and headers.

  • DepCheck →

    Are your dependencies risky? Flags vulnerable and abandoned npm packages.

FAQ

Questions, answered

Is this legal advice?

No. ComplyKit generates a well-structured template from your answers — it cannot account for your specific business, the exact data flows in your code, your industry's rules, or the law in every place you operate. Treat the output as a strong first draft, then have a qualified lawyer review it before you publish. The disclaimer appears on every document for exactly this reason.

Do you upload or store my answers?

No. Everything runs in your browser. Your inputs are used to assemble the documents locally in JavaScript and are never sent to a server, logged, or stored. There's no backend and no signup. Close the tab and your answers are gone — so copy or download anything you want to keep.

Are the documents GDPR and CCPA compliant?

They are GDPR and CCPA aware: when you select EU/UK we include a data-subject rights section modeled on the GDPR, and when you select California we include the consumer-rights and "Do Not Sell or Share" language the CCPA/CPRA expects. Whether your final, lawyer-reviewed document is fully compliant depends on your actual practices matching what it says. A policy that doesn't reflect what you really do is worse than none.

Does the cookie banner actually work?

Yes. The banner snippet is self-contained vanilla JavaScript with no dependencies. It categorizes cookies into necessary, analytics, and marketing; remembers the visitor's choice in localStorage; is keyboard-operable and screen-reader friendly; and exposes the choice so your scripts can check consent before they load. Paste it before your closing </body> tag and wire your analytics/marketing tags to the consent flags it sets.

How often should I update these?

Re-generate whenever what you collect changes — a new analytics tool, a payment processor, a new region of users. Each document is version-stamped with the day you generated it so you can track revisions. Regulators and users both expect the "last updated" date to be real.

Keep your policies up to date automatically

ComplyKit Pro will host your documents at a stable URL, version every change, and nudge you when a new processor or law means it's time to update — be first to know when it lands.

Join the Pro waitlist Or have Copper Bay set it up for you