1. Info Centre
  2. Product Information
  3. Cybersecurity, Privacy, & Data Protection

Privacy Policy

Everything you need to know about getting a Privacy Policy on Goodlawyer: pricing, scope of work, benefits, and frequently asked questions.

  1. What is a Privacy Policy?
  2. Who is it for?
  3. Pricing and Scope
  4. What is the Process?
  5. How will my business use a Privacy Policy?
  6. What risks will this protect my business from?
  7. Frequently Asked Questions
  8. Book a Privacy Policy


What is a Privacy Policy

If you have a website or app, you’re probably collecting personal information from your visitors and users, whether you know it or not. Under Canadian and International privacy law,  organizations that collect or use “personal information” must have a privacy policy in place that informs users about their privacy practices. A professionally-drafted Privacy Policy will keep your organization compliant with all relevant privacy laws by explaining why personal information is being collected, what the organization will do with it, how it will be protected, and who it might get shared with.

Who is this service for?

This service is for business owners, organizations, or individuals that have a website or mobile app. It is also required for companies or organizations that collect or use personal information from customers or clients. Organizations that do not have a website, mobile application or online presence can purchase this privacy policy for offline use.

Pricing and Scope

Privacy Policies can vary drastically, which means the complexity of the Privacy Policies and therefore the price varies as well. At Goodlawyer, part of our mission is to always provide upfront fixed prices for legal services, so we've created a basic and custom Privacy Policy to give business owners more choice and more control.


Privacy Policy

Starting at $560 + tax

Where customization efforts exceed the scope outlined below, your service will require a custom quote. Some clear indications that you will require a custom quote are outlined in the next section.

Suitable for:

  • Organizations operating in Canada collecting information from Canadian users and customers.
  • Organizations with simple and non-extensive personal information use and collection practices. 


  1. Client intake meeting
    1. ~30 minutes;
    2. Includes a personal information collection and use audit to understand the client's current personal information uses, practices and future needs
  2. Single omnibus privacy policy 
    1. Omnibus policy governing all aspects of Company's personal information collection, storage, use, and disclosure;
    2. Applicable for Companies selling goods or services to its website users, or for contacting users for direct marketing purposes.
  3. Basic personal information
    1. Only basic personal information is collected (e.g. name, contact info, credit card info, IP address etc.).
  4. Low to medium customization to address client-specific data practices (simple).
    1. Practices may include:
      1. Simple opt-out provisions; and
      2. User access to their own personal information.
  1. Business/website operates only in Canada and only collects personal information from Canadian residents
  2. One round of minor revisions

Where customization efforts exceed the above scope, the service moves to the custom tier outlined below.

Custom Privacy Policy

Suitable for:

  • Organizations with more extensive personal information use and collection practices, either on a website or offline.
  • Organizations that operate a website or store/process/transfer personal information outside of Canada.

Inclusion of any of the below criteria will make a matter 'complex':

  1. Layered Policies: Just-in-time Policies; Differentiated Use Policies
    1. Applicable if business practices create numerous exceptions to an omnibus policy, or many alternative policy sections addressing different audiences/cases and personal information uses.
    2. Consider whether client:
      1. Has different products/services, geographic locations, companies/subsidiaries/divisions, audiences (i.e. Customers vs website visitors), or business areas; or 
      2. Is collecting personal information for a new purpose.
  2. Data practices include sensitive personal information, such as:
    1. Racial/ethnic origin; political opinions; religious beliefs; health information; personal information of employees;
    2. Personal information of minors.
  3. Medium to high customization to address client-specific data practices.
    1. Practices may include:
      1. User contributions are collected and displayed (user comments and forums)
      2. Complex/lengthy opt-out provisions, use of opt-in provisions (i.e. sensitive information, etc.).
  4. Business/website operates Internationally or Personal information is transferred, processed, or stored outside of Canada

Other Considerations

If you are just starting to develop your website, consider our Website Bundle. This bundle includes our Privacy Policy and Terms of Service services. 
  • See what's included in our Terms of Service here

What is the process?

  1. Book a call: Pick a time to discuss your Privacy Policy with a Good Lawyer. They'll help you determine if you need a Basic or Complex agreement.
  2. Design your Document. You’ll have a call with your Good Lawyer to help them understand your business so they can draft a Privacy Policy that accurately reflects your business practices and makes you compliant with relevant privacy laws.
  3. Receive your Document: You will receive a copy of the Privacy Policy, ready for use.

How will my business use a Privacy Policy?

Comply with privacy laws.

In Canada, businesses are required to publicly display their privacy policy, which must clearly outline how all personal information is collected and used. The Privacy Policy must be specific to your current practices and a generic policy will not cut it. Operating without a tailored and compliant privacy policy can result in government fines.

Identify your privacy practices.

Before drafting your Privacy Policy, your Good Lawyer will work with you to identify how you collect, store, and use personal information to ensure that your business practices are in accordance with applicable privacy laws and regulations. 

Increase your credibility.

Having a proper Privacy Policy in place demonstrates that you take your customers’ and website visitors’ privacy seriously, and handle their personal information with care.


What risks will this protect my business from?

Avoid government fines.

Failing to create a Privacy Policy that meets privacy law requirements may lead to hefty government fines. A professionally-drafted Privacy Policy will ensure that all relevant privacy laws have been considered and incorporated into the policy, ensuring your personal information practices are operating within the law.


Frequently Asked Questions

How does the Goodlawyer Service Fee work?

Because we believe in transparent pricing, we make our best effort to be upfront about additional fees and how they are calculated.

Visit the Goodlawyer Service Fees page for a detailed explanation.

Do I need a Privacy Policy?

If you collect or use personal information, you need a Privacy Policy. This is a legal requirement in Canada and numerous other countries. Websites and mobile applications (apps) always require a Privacy Policy because personal information is always collected from website visitors, even if those visitors never become customers. If you collect personal information offline (e.g. in a retail setting), you are still required to have a Privacy Policy in place. 

What is “personal information”?

Personal information” constitutes any information that can identify an individual. That can include anything as simple as contact information collected on a sales form, to something as complex as the information collected and saved through cookies as part of online tracking and targeting for personalized advertising.

As a Canadian business, do I need to comply with international privacy laws such as GDPR or CCPA?

Although your business may operate exclusively in Canada, if you have users from other countries, you may be subject to international privacy laws. Your Good Lawyer will be able to identify if your Privacy Policy needs to comply with any international Privacy Laws based on your current business practices. 

How does a Privacy Policy relate to a website’s Terms of Service?

A Privacy Policy and Terms of Service Document are closely related as they both govern the relationship between your business’ online presence and your customers’ online visits. It is extremely common to get both documents drafted at the same time for increased efficiency and minimized costs. You can book both these services and save with Goodlawyer’s website bundle. 

Do I need a lawyer in my province for a Privacy Policy?

In most cases, you can get a Privacy Policy drafted by a lawyer in any province as most privacy laws are federal. However, some provinces such as Alberta and British Columbia have additional privacy laws that may require local expertise depending on the nature of your business. No matter where you’re located, Goodlawyer can connect you with the right lawyer for your Privacy Policy.


"Excellent services, 10000x better than traditional legal firms. Helpful, quick and impressive online interface. I recommend Goodlawyer to anyone who needs legal help!"

Fatima, July 2021 — 5-Star Google Review


Are you ready to start developing your website?

Book a Privacy Policy


Your lawyer will assess your situation and make recommendations on which complexity tier you should consider accordingly.

Still have some questions?

Book a free Legal Concierge™ service