What is a Privacy Policy?
A privacy policy is a public-facing document — usually posted on your website — that tells your clients and website visitors how you collect, use, and share their personal information.
A privacy policy answers questions like:
- What information do we collect from you?
- How do we use that information?
- Do we share it with third parties?
- How can you request your data be deleted?
Privacy policies are required by various state laws (like CCPA in California) and are required by payment processors like Stripe.
What is a WISP?
A Written Information Security Plan is an internal operational document — not public-facing — that describes how your business actually protects the data you hold. It's your security program in writing.
A WISP answers questions like:
- Who is responsible for our security program?
- What risks have we identified and assessed?
- What technical controls do we have in place?
- How do we train employees on security?
- What do we do if there's a breach?
💡 Think of it this way: your privacy policy tells clients what you do with their data. Your WISP tells the FTC and IRS how you protect it. They serve completely different purposes and one does not replace the other.
Key Differences at a Glance
- Audience: Privacy policy = public/clients. WISP = internal/regulators.
- Purpose: Privacy policy = transparency. WISP = compliance and security.
- Required by: Privacy policy = state laws, payment processors. WISP = FTC Safeguards Rule, IRS Publication 4557.
- Where it lives: Privacy policy = your website. WISP = your files.
- Who sees it: Privacy policy = everyone. WISP = you, your staff, and regulators if audited.
Do You Need Both?
Yes. They serve different legal requirements and different audiences. Having a privacy policy doesn't satisfy your WISP requirement. Having a WISP doesn't replace a privacy policy.
⚠️ If a tax preparer tells you their privacy policy satisfies their FTC Safeguards Rule obligation, they are wrong. The FTC explicitly requires a separate written information security program — a WISP.
What About a Terms of Service?
A terms of service is a third separate document that governs the legal relationship between you and your clients — what services you provide, payment terms, liability limitations, and so on. It's separate from both the privacy policy and the WISP. Each document has its own purpose. None of them substitutes for the others.
Need Help Organizing Your WISP Documentation?
- Guided questionnaire included
- Customized WISP document
- Word & PDF versions
- Loom video walkthrough
- Delivered in 48 hours
SafeguardsReady is not a law firm and does not provide legal advice. Documents are prepared based on publicly available FTC and IRS guidance. Consult a licensed attorney for advice specific to your compliance obligations.