The “we collect” statement describes what you collect from your users. This can include email addresses from sign-up forms, contact information, physical addresses, credit card or bank information, IP addresses, browser and operating system information, as well as other information that you may require your customers to enter.
You should state if you save, share, or sell your customers’ email addresses. Keep in mind that if you use a third-party ad service, merchant account, or service, the customer’s email address may be used in this transaction. You should state that you or a third party will use their information in order to place their order. Find out if the third party will retain the user’s information and, if so, what will be done with it. Be sure your policy covers this information as well.
On an e-commerce site, credit card information and physical addresses are used to process orders. You should also state what you will do with this information once an order has been processed. Do you retain their credit card numbers and addresses once an order has shipped? Will you sell or share this information with third parties?
Future use of any data collected should be covered as well. For example, if you process an order and save the customer’s address to send out a postcard on a new product, disclose this information too. This can include customer promotional emails or any reason that you might use their data in the future.
Your policy should also cover your site’s security. If you use SSL to transmit sensitive data, mention it here. Also, mention any steps that you’ve taken to protect customer data from hackers.