Skills

privacy-policy-drafting

Installation
SKILL.md

Privacy Policy Drafting

Generate comprehensive, legally-informed privacy policies that address GDPR, CCPA, and other applicable data protection regulations. This skill takes business context, data collection practices, and technical architecture as inputs and produces a structured privacy policy with all required disclosures, consent mechanisms, and data subject rights sections.

Workflow

  1. Gather Business Information — Collect details about the business entity (name, jurisdiction, contact info), the product or service offered, target user demographics, and geographic reach. Determine which regulations apply based on where users are located, not just where the business is incorporated. A US-based SaaS serving EU customers must address GDPR.

  2. Identify Data Collection Practices — Map every category of personal data collected: direct inputs (forms, account creation), automatic collection (cookies, analytics, device info, IP addresses), third-party sources (OAuth providers, data brokers), and derived data (usage patterns, preferences). For each category, document the collection method, storage location, retention period, and whether it includes sensitive/special category data.

  3. Map Legal Requirements — Cross-reference collected data types against applicable frameworks. GDPR requires lawful basis for each processing activity, CCPA requires disclosure of sale/sharing practices and opt-out mechanisms, COPPA applies if users under 13 may access the service, and sector-specific rules (HIPAA, FERPA, GLBA) may layer additional requirements. Identify all required policy sections.

  4. Draft Policy Sections — Generate each section with plain-language explanations alongside legally precise disclosures. Required sections include: data collected and purposes, legal basis for processing (GDPR), data sharing and third parties, cookies and tracking technologies, data retention, user rights and how to exercise them, international data transfers, children's privacy, security measures, and policy change notification procedures.

  5. Review for Compliance Gaps — Audit the draft against a regulatory checklist. Verify that every data processing activity has a stated legal basis, all required rights are enumerated, contact information for DPO or privacy inquiries is included, cookie consent mechanisms are described, and data breach notification procedures are referenced. Flag any gaps or areas needing business input.

Usage

Describe your business, what data you collect, and which jurisdictions your users are in. Include technical details about cookies, analytics tools, and third-party integrations.

Installs
14
Repository
seb1n/awesome-a…t-skills
GitHub Stars
97
First Seen
Mar 19, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
privacy-policy-drafting — seb1n/awesome-ai-agent-skills