Updating this discussion with some resources I've found. Most provide examples of existing privacy policies and statements. While there are many examples out there I lean more towards those that I think we can adapt in terms of layout, content, and tone.

Examples

• https://help.github.com/articles/github-privacy-statement/ (like the layout, content, and simplicity of writing style)
• https://www.cisco.com/c/en/us/about/legal/privacy.html
• https://www.docker.com/legal/docker-privacy-policy (More so for some of headers/items it address)
• https://opensource.com/privacy-policy (short and sweet)
• https://www.iipccanada.com/privacy-policy/
• https://foundation.wikimedia.org/wiki/Privacy_policy (short and like tone)
• https://uwaterloo.ca/privacy/privacy-statement/ (university-based web privacy statement)

An article that lists some popular policy generators, should we opt for this route:

• https://digital.com/blog/best-privacy-policy-generators/

These are great, @SamFritz! We chatted a bit about it this afternoon, but I agree that I like the style of the GitHub policy and then perhaps the length of some of the shorter policies.

I think going forward it makes sense to maybe cherry pick from the ones you like best, and perhaps double-check with a privacy policy generator or two that we're not leaving anything else suggested for Canadian jurisdictions?

Sounds good! I can start to draft outline/headers/content and then send around to the team for input.

FYI example policy generated from:
https://www.shopify.com/tools/policy-generator/show/UmMzeFJvSXRWOHI1Q0tGOTlUUUtYZz09LS1rd1RPcFdwRHRlV2xWc0ZHekV5em13PT0=--e5d18fddeaf67619241ef48a90cf044ac58b3289?utm_campaign=growth_tools&utm_content=policy&utm_medium=email&utm_source=sendgrid

Throwing down some ideas for privacy policy draft:

https://docs.google.com/document/d/10-ePMP_-7cAZRYThAXAy-6TVdDQlg0r9b_sab3kGRPo/edit#

We'll need to decide where this lives on the AUK website: does it belong as a link in a footer? Link from the about page?

We should also have a copy on the about page, probably beneath "code of conduct." (we could move funding up to below the advisory board members)

We'll need to decide where this lives on the AUK website: does it belong as a link in a footer? Link from the about page?

How about a standalone page, and it's included in the sign-up agreement on the user page?

We should also have a copy on the about page, probably beneath "code of conduct." (we could move funding up to below the advisory board members)

Should we? Is it a privacy policy for the entire project, or just the cloud service? I'm under the impression it is just for the cloud service.

We are getting close!

Just a quick update to move discussions on the google doc to this ticket:

• the privacy policy will live on AUK as a standalone page that can be located within the menu bar
• link to the privacy policy will also be found in the sign-up agreement for reference
• the policy will also live on the AUT webpage as this policy speaks to all services/products of the AU project.

@SamFritz to stage content and request PR. Final review of layout from @ianmilligan1 + @ruebot