Using Privacy Policies Effectively on a WooCommerce Shop

Do the Woo - A Podcast for WooCommerce Builders
Do the Woo - A Podcast for WooCommerce Builders
Using Privacy Policies Effectively on a WooCommerce Shop

There are many policies that you will need to get in place for your WooCommerce site. But overall, with all websites, one of the critical pieces is your privacy policy. We take a deep dive into that with Donata and Hans from Termageddon.

A Chat with Hans Skillrud & Donata Kalnenaite from Termageddon

In episode 56, Jonathan Wold and I chat with Hans and Donata about:

  • Their own experiences in the world of WooCommerce
  • How Donata moved from licensed attorney to agency work
  • The transition to privacy
  • Why should you have a privacy policy and is anyone really reading it?
  • How a privacy policy goes beyond just covering yourself as a store owner
  • The dangers of cut-and-paste and what to look out for with generated policies
  • How to make a privacy policy readable
  • What value a privacy policy brings to your customers and your business
  • Why a privacy policy builds trust and SEO
  • Whether you should get creative and build your brand into your policies
  • Should you combine policies?
  • Their insights into the world of policies and eCommerce stores.

This conversation ended up going in several directions, as is natural when you are talking to two privacy experts.

We start out with hearing from both Hans and Donata about how they first started working with and around WooCommerce. I also pin Donata down to hear the story behind moving from a licensed attorney to working for an agency, which ultimately led to the creation of

Jonathan lays it out as we dive into privacy policies and asks the simple question, Why have one and will anybody really read it? The answer may surprise you as both sides, store owners and, especially, customers, are taking their online privacy much more seriously.

We chat about how it goes beyond just covering your tail as a store owner and what it really means in today’s world.

After that, it’s on to the actually privacy policy. Through their company, they have found a sweet spot when it comes to generating a privacy policy, as compared to others out there. They share some of the reasons it works for them. We also touch on cut-and-paste policies. If you have done this, considered it, or recommended it, think again. There are a lot of issues around it and it’s something you don’t want to have come back and bite you.

Donata also talks about how important it is to make these policies readable. Imagine that your goal is to have a 5th grader understand your privacy policy.

There is also some interesting conversation that comes out of how this brings value to both your customers and your business. And yes, not only will it help build trust, but it could also help your SEO.

We also explore just how smart it is to combine your policies and how creative you should get with them.

Lastly, we ask them to give us their insights into policies and eCommerce. There some good gems in here, including thoughts on your refund policy and what you should do if you don’t have one yet.

I would encourage anyone who runs an online site, even if its not eCommerce, to listen to this episode. I guarantee you will learn a lot.


Donata shares what you should know about the California Consumer Privacy act and Jonathan shares quick updates on WooCommerce Payments, Woo community and WordCamp Europe.

Where to Find Donata and Hans Online

Thanks to our sponsors

WP Activity Log

The Conversation

Jonathan: Welcome to episode 56 of Do the Woo. I'm your co-host Jonathan Wold. And with me is the fantastic Bob Dunn, Bob, how are you?

Bob: I'm fantastic. That was lame. Calling myself fantastic.

Jonathan: No, it's perfect.

Bob: I'm feeling fantastic.

Jonathan: I always look forward to this. 56 episodes, too,. Making some good progress. How are you feeling, Bob, with the weekly format?

Bob: I am feeling good. In fact, I've actually thrown in a couple extra episodes and sometimes I get tempted and think, "Oh, maybe this week I should do another extra one and find something interesting to do on the side." So I like the weekly because the continuity's a lot better.

Jonathan: Excellent. Well, I'm excited about today's guests, before we get to that though, Bob, we have a couple of sponsors.

Bob: Yeah, we do. Of course, we have WooCommerce, our community sponsor. You should check out their new WooCommerce Payment. That's one thing I'll throw in that has recently come out in the latest version through the Wizard. So if you're looking for a payment gateway, it's slick, it's in your dashboard, you can see what's going on. So there are lots of reasons to check it out.

And then we have a new sponsor,, an email marketing and cart abandonment service for WooCommerce. And, formerly WP Security Audit Log. They're really focused on the activity log of your WooCommerce site, what shop managers and customers are doing, so you'll want to check them out. You'll hear more about the sponsors later in the show, but why don't I swing it on back to you, Jonathan?

Jonathan: Awesome. Well, I'm excited about our guests today. We have with us Hans Skillrud and Donata. Welcome, both of you. It's good to have you with us.

Donata: Thank you so much, we're very happy to be here and very excited to talk about privacy.

Hans: Because who isn’t?

Jonathan: As I was saying before the show, I'm excited about the opportunity for it to become an exciting topic, because I think there's a lot of potential there, especially with a name like Termageddon.

Hans: Thank you very much, we'll try to keep it as interesting as possible. We have a name like Termageddon because we like to keep it light, break the ice a little bit and then jump into the details. It turns out there are people in this world that do monitor privacy laws and help other companies get protected.

How Do Hans and Donata Do the Woo?

Jonathan: That's awesome. Now, before we get into that specifically, one of the things that I was really curious about Hans, is your own background in WooCommerce. This is a show about WooCommerce. The work that you guys are doing is applicable broadly in the world of the web and WordPress, but I'd love to hear about how did you first got involved in the world of WooCommerce? What's your experience been like? How do you, as Bob would say it, "Do the Woo."

Hans: So before Termageddon, I was running a 12-person web agency in downtown Chicago. It wasn't 12 people to start, that was what I built it up to over the course of seven years. It started with just me, and a computer and a little bit more time on my hands than I'd like to admit. Project after project, I found myself building confidence in my WordPress skills and many clients who came along asked for an eCommerce website. I charged too little and did way too much, but I accomplished the goal at hand and learned an amazing tool. WooCommerce was around obviously before then, but for me it was brand new and I felt like I struck gold with the WooCommerce solution.

At that point, probably seven years ago, I had built up a 12-person agency. About 25% of our projects were eCommerce. In fact, we built a lot of what are called Standard Operating Procedures internally. Whenever taking on an eCommerce project, we would have our client agree to our Standard Operating Procedures to help them know that building WooCommerce makes it very easy to get an eCommerce store online. You, the small business owner who may be in more of a brick-and-mortar mindset, also need to invest time and energy into learning. This is a whole new avenue of revenue for your business and you need to treat it as such.

This isn't just a, oh, a sale comes in and I just try to get around to it. No, you have to have people in place to facilitate orders and handle all that. So I've worked with WooCommerce, both on what I just described there with more of the startup type, people that might have an existing business entering into the eCommerce world. WooCommerce has been a fantastic solution. And then we handled large scale. Well, I shouldn't say large scale, because I think that's interpretable for me. Large scale programs where WooCommerce was serving as the backbone to the entire eCommerce experience for its users and administrators. It's been wonderful the whole time.

Jonathan: That's fantastic. And what about you, Donata?

Donata: I actually worked at an agency before too, and this is how Hans and I met. I was the chief operating officer of an agency in Chicago, and then Hans ended up buying that agency. We actually built quite a few websites using WooCommerce as well. I think specifically one of the projects that we were working on, it was a game to be played where you would guess the name of a wine that you were drinking. It's like blind wine tasting.

Our client created this product where it was a box that came with a game and all the things that you needed, and he actually ended up selling that through his website using WooCommerce. It was a great experience because you can adapt it so well to exactly what you need. It's very customizable, but then also at the same time, it's not so difficult where it takes a week to program something. And so I think that's a wonderful solution.

From Licensed Attorney to Website Agency

Bob: How did you get from a licensed attorney to an agency? That's what I'm curious about.

Donata: Well, when I was in school, I had this super boring class called property law, and I was sitting next to one of my friends and he was working at an agency as a salesperson. He said they needed somebody to do operations. And I was like, "You know what, I'm not doing anything after school, apart from studying," I could put in a few days a week there. And it just ballooned from there. So it was very serendipitous, I would say.

Hans: You became a licensed attorney at 21, right?

Donata: Yes.

Hans: So you must I've been doing that at 20 years old?

Donata: Yeah. I became a licensed attorney roughly a year after I started there, I think. And then after that, Hans bought the company. So that's how everything worked out.

Moving Into the World of Privacy Policies

Jonathan: So you guys have this agency background, both at separate agencies and then you started working together. How'd you make the transition into the world of privacy policies? Where did that come into the mix?

Hans: For me, I was building websites for clients. About three days before site launch, my client would ask, "What should I do for a privacy policy?" And I kid you not, I felt like it was three days before any site launch, and they would ask me, 'What should I do for a privacy policy?’? And I would say, "I have no idea. I'm not an attorney." And before I know it, I'm scrounging around looking to copy and paste a template from a competitor, or I'm going to a generator online, or I'm trying to get them connected with an attorney. Copying and pasting the template is obviously not a good idea, especially where the world is heading, with the privacy laws that are being added.

I certainly wouldn't want to provide something and say, "You're good to go,” and then they get sued or fined. When it comes to using other generators, I happened to be dating a privacy attorney at the time. She showed me some of the pitfalls or challenges people might be having with those tools. Long story short, she's now my fiancé and is the president of Termageddon.

Donata: So for me after the agency that I worked for was bought out, I went into private practice because at the time I got my license here in Illinois, and I was working with agencies, writing contracts for their projects. I would get my clients telling me three days before site launch, "This client needs a privacy policy, can you help?" Usually, I wouldn't have the ability to turn something around in three days, because that's not very realistic when you have multiple clients and work needs to be done.

Then I noticed when I was writing these policies, it was getting monotonous. I was working with small business clients. They all had very similar websites and I was asking them very similar questions about their privacy practices and using very similar language for my clients as well. I noticed that it just wasn't necessarily worth the cost. And I thought what a great idea it would be to automate this because I'm sick of writing the same thing over and over again. I felt like the technology could integrate really well. So Hans and I were talking about it one night over dinner, and that's how the idea for Termageddon came out.

Hans: And this was all the way back in 2016 before GDPR even existed. This was before California proposed their second privacy bill, and Nevada's, and quite a few others and fast forward to now, we are updating our policies. It seems like every two months, because of amendments to existing privacy laws or new privacy laws going into effect.

Donata: Or new regulations and training.

Why Have a Privacy Policy? Is Anyone Reading It?

Jonathan: So I'm going to ask this somewhat tongue in cheek, but still I think it will represent what a lot of folks may feel about privacy policies. Like why does it even matter? No one reads them anyway.

Donata: I think it's funny, right? Like no one reads them. I think that was a true statement three years ago. Three years ago, nobody read them, but now a recent study came out saying that 52% of Americans won't use the platform if they feel like it's not respecting their privacy. They won't buy, they will leave your website, they won't use your products, they won't purchase your services.

So something changed in our collective consciousness as a country. And I think the Cambridge Analytica scandal did that. So the Cambridge Analytica scandal propelled privacy forward in the United States. Before then, consumers didn't understand what was done with their data. Didn't really care about it, thought it was just taken and whatever. Ever since Cambridge Analytica, more people are looking into the privacy practices of businesses, but even more importantly, they're pushing their legislators to pass privacy laws that protects their personal information. So while three years ago, nobody read them, the sentiment has completely changed.

Hans: I appreciate that type of question because we don't get anywhere as individuals if we don't ask the question, "Why should I even care about this?" I think Donata's points are important. Privacy is growing. It's becoming more important, not less important over time. And even if we as individuals don't even care about our own individual privacy, the fact is, more and more privacy laws are being introduced that are going to give citizens more rights.

So citizens are going to have more rights, whether we care about privacy or not, and businesses, whether they like it or not, will have to comply with these privacy laws, otherwise they can be fined or even sued. So for example, New York is proposing a bill that will enable their citizens to sue any business of any size located anywhere just for having as little as a contact form on their website without a compliant privacy policy.

There might not be that many people today thinking privacy is really not that big of a deal. It seems like the trend is absolutely headed in the direction of more privacy rights being issued to more people. And at that point in time, we'll see more people will care as well.

Privacy Policy, More Than Just Covering Yourself

Bob: From the website owner or the store owner, whoever it is that owns the site to even question, who reads my privacy policy and does anyone read my disclaimer. So what's the point? It seems like that protection is very obvious too, because if you've stated in your privacy policy or disclaimer something you can flip back to when people ask about do you do this, you can say, "Have you checked my disclaimer? Or have you checked this?" So I'm wondering if they are biting themselves in the butt. They want to make sure they're following the laws, but they also want to keep their own tails covered as well.

Thanks to our sponsor: This episode is brought to you by Recapture Abandoned Cart Recovery and email marketing for WooCommerce.

Anyone who runs a Woo shop knows how frustrating abandoned carts are. And getting them back with Recapture is easy and setup takes less than 5 minutes. With their ready-to-use emails you can take them out of the box and start working for you right away. You’ll save time having to start from scratch. 

Abandoned cart emails are managed for you automatically as the email service runs outside of your store ensuring the best delivery to your customers. Their easy to ready analytics reports will help you to monitor your cart recover. And what’s really cool is you can watch what is happening live on your store with Recaptures Live Cart Feed.

The plugin is highly optimized so don’t worry about it slowing down your site. And their guarantee of email delivery, traffic increase loads and support make it a valuable investment compared to the free plugins out there.

From what I hear, if you sign up you will be joining thousands of merchants who have already recovered over $115,000,000.

Make sure and check them out and as a listener, get 60 days free with Recapture. Just go to

And now, back to our conversation.

Jonathan: Bob, that actually brings up a good point. From my point of view, one of the challenges with these things in general is that these policies, these pages, these documents tend to be very inaccessible in terms of how it's written and how applicable it is. It's pretty common. Like I feel more often than not, if I were to actually go read a privacy policy, I would either find who they copied and pasted it from, or would find things where they clearly didn't finish filling in the blanks. And that just overall gives a pretty low confidence every now and then. Take something like documentation, it's one of those things that with a lot of sales products, et cetera, you can tell who really puts the effort into it or not.

In general, one of the reasons why people, at least in my experience, won't spend the time investing in reading something, is that they feel it's a pretty low confidence that it's going to be useful or applicable to their situation. I can see how that can be addressed, but in my experience, that was part of when I've read a few privacy policies like, "Okay, did you guys even finish this," what's the point? But what I'm hearing you say is part of that's a time thing. It's becoming more relevant, people are recognizing the need more to care about it. And from my point of view, it's not just the protection and covering yourself.

There's also an opportunity there to convey a message that's in line or that doesn't need to be disconnected from your brand experience. Where it can be an opportunity to educate them. I'm curious about your thoughts on that, right? Like you're dealing with generators, and how do you standardize the parts that need to be standardized, but how can you at the same time make it accessible to people, or not feel so cookie cutter from one to the next?

Cut and Paste Policies, Generated Policies

Donata: For sure. I think one great example of this is compliance with the US-EU Privacy Shield Framework. So it's basically a framework that allows companies to take data from the European Union to the United States. And a few years back, a bunch of companies decided that they were going to comply with the privacy shield and they were going to comply with the privacy shield framework by saying that their privacy policies are complying and then they do literally nothing about it, which is wrong.

Basically some of these privacy policies that are still floating around from back in the day, people are copying and pasting them and saying that they comply with this framework. Well, the federal trade commission decided to crack down on this practice and hence they do about 60 lawsuits per year about this particular framework, because people copy and paste stuff. Don't look at it, don't read it and then put it on their site. So copying and pasting somebody else's privacy policy without reading it, and without making sure that it's exactly what your privacy practices are, is actually considered unfair trade practices to consumers, which can lead to very high fines in almost every state, because you are deceiving a consumer about your practices.

When it comes to having a generator, you can have a generator that asks somebody five questions. What information do you collect? What do you do with it? Who do you share it with? Do you use cookies? What's your contact information, right? You answer those five questions and then you paste that on your website. And that's what you get when you were referring to something that's a poor product, a poor experience, both for the user and for the company. That's what those generators do. Well, we decided to do something quite different.

We actually start our process by figuring out what privacy laws applied to you. And then we will ask very granular information. So not just what purposes you get this from, but what you use this information for, and depending on what laws apply to you and the sources you get it from? Who do you share it with? Do you sell it? So we will have dozens and dozens of questions depending on what laws apply to you and hundreds of thousands of different combinations. You don't necessarily get the same privacy policy cookie cutter, this website gets the same thing, that website gets the same thing. No, you're actually making sure that we know what laws apply to you, that you have all of the required disclosures when it comes to that particular law and that your privacy policy is completely customized to your website and to privacy practices.

Hans: Do you want to speak on the efforts of making our policies readable at a fifth grade reading level?

Jonathan: Oh, yeah.

Making the Privacy Policy Readable

Donata: It's going to be an endless project for me because the laws keep changing. Every time I catch up, something changes and then I have to redo it all over again. But eventually my idea is to take the policies and make them readable at a fifth-grade level. And each policy can be read in 15 minutes or less. So you take the policy itself, take all of the disclosure requirements that the laws required to make, and then translate that into something that's readable and then run it through a software to make sure that it is readable because something that's readable for me isn't necessarily readable for a fifth grader.

So I finally got to the point where I got most of them translated into this readable format. And then the California Consumer Privacy Act went into effect. And then it all just went out.

Hans: Which was a huge, but it's something we're actively working on to increase the accessibility within the tool we provide to clients. How do we make this readable within a fifth grade education framework and have it be understood in under 15 minutes. We're shooting for under five, but 15 minutes is because, unfortunately, there are some privacy laws that require a whole bunch of disclosures, whether we like it or not.

The Value a Privacy Policy Brings to the Customers and Your Business

Jonathan: One of the things that I'm curious about is oftentimes when privacy policies are brought up, first it's painful for folks because they don't have policies and procedures in place to deal with personally identifiable information. They just don't have some of that stuff set up operationally. But overall, in your experience, what are some of the benefits to businesses? Because often it's conveyed from the cover- yourself, protect-yourself standpoint and at least some business owners are like, "Why do I spend my time worrying about what could go wrong? I want to focus on value to my customer."

You deal with this a lot from the perspective of value to the customer and increasing the value that a business is providing. So what are you seeing?

Hans: As someone who's now been fully immersed in privacy, I can say that it is an exciting time to know that one day—I’m in Illinois— one day, I will have the right to tell companies to get rid of my data, and they'll have to listen. I know that might not seem like a big deal, but that is a big deal, that you as a human being have a right to tell companies, "Get rid of my data." So I think, why is this a benefit? It's a benefit to humanity in terms of the right to privacy. And it's a huge step forward in that.

We may have our eyes glazed over and are like, "Why do I care about this?" I certainly was of that mindset for a very long time, but I think that is changing. I think people are waking up to just how easily their privacy can be removed from their lives if they aren't careful about it. Now they will have the right to go back and say, "I want my information to be withheld, or I want you to delete my information."

How it Benefits SEO and Builds Trust

Two benefits immediately come to mind for why a company may want you to disclose this information. One is, well, how does someone get to the website in the first place? Very often, people use search engine optimization to be found through relevant keywords. Although it's not set in stone, everyone believes that having a privacy policy can help increase your search engine optimization because a privacy policy builds trust, which is one of the ranking factors that Google looks for.

Even when you're running Google ads, you can see your ad score gets lowered if you don't have a privacy policy. And if you add one, it raises. So there are a lot of signs that suggest that there's SEO benefit to helping bring in more traffic to your site in the first place. Now, how does it convey value to the client? It shows that you are on top of your game. I feel like at this point in time, I think, five years from now, everyone's going to have one, and just like an SSL certificate, five years ago, it was nice to have. Now we look at websites that are not safe, and we're like, "I feel unsafe visiting this web."

Jonathan: That's a good example.

Hans: I think five years from now, we're going to look at it being like, "Wow, I think websites that don't have a privacy policy are really weird. These are companies taking my data. They're not going to tell me what they're going to do with it. I don't trust them." What you’re showcasing to people is that you are respectful of their privacy. You care about their privacy enough to write out and disclose what you want to do with it. And I think that's what separates the generators that are unfilled and incomplete to the policies that are comprehensive. And in disclosing, here are your rights as a human being on our platform.

Jonathan: Awesome. Donata, anything that you'd add or say differently?

Donata: I would add that where before would just agree, now they actually look for it. A study by Cisco found that privacy can cause sales delays of seven to eight weeks, that's the timeframe. So I'm sure that people don't want to lose business because they didn't have a privacy policy. Same thing goes for websites. Consumers will leave websites, will leave platforms that don't respect their privacy to go to platforms that do.

And when it comes to comparing yourself to your competitor, if the only difference between you two is that you care about privacy and they don't, those are customers who you are going to be gaining. It's something that people look out for now and care about. I think that as businesses, we all have the responsibility to care about it too, because our customers care about it.

Branding and Creativity with Your Privacy Policy

Bob: One of the things I find interesting, as you were talking about the generated policies and you've found that sweet spot. I think of privacy policies and other documents that you created They're legal documents. That's why they are what they are. I mean, we can't get around that. They're legal and they’ve got to speak legalese to some effect. Have you found, or do you see people saying, "Well, maybe I can up the game by making my privacy policy a little creative or, God forbid, sexy or something. I don't know if anybody has ever taken the time or attempted this, where they start putting too much in themselves or their brand into the privacy policy where it actually loses, I guess, its legality. Have you seen that? Because I could see, especially some people feel like everything has to be significant to their brand and its my own voice, and my own voice should come through my privacy policy.

Donata: It's amazing. I've seen a couple of examples of those. So one example that I see quite frequently is on contact forms where people will say, "We promise we won't spam you, or we'll send you love only, or something like that." And that's insane because people define spam differently. So there might be a legal definition of what spam is, and there might be your personal definition of what spam is, and that does not give the consumer any information whatsoever about what you do with their personal information. Are you going to send me email newsletters or are you going to share my data? Or for what purposes are you going to use it? It just doesn't do anything. So to me, that's a very irritating practice.

Another one that I see a lot in privacy policies themselves is the, "We respect your data. We don't share it with anyone. We don't sell it to anyone," and that's it, that's the entire privacy policy and that does not meet the legal requirements of what a privacy policy needs to have. So regardless of the fact that you might want to put your own spin on things and word things the way you might want them to be worded, these requirements are strictly prescribed by privacy laws. And if you change the wording on them, you could be out of compliance and not meeting that particular disclosure requirement.

Unless you know for a fact that what you're saying is meeting that disclosure requirement with how you're saying it. I really wouldn't want to spend time putting this into a beautiful novel format because that's not what it's there for. It's there to inform people and to be factual, not to entertain or be a representative of your brand. Make sure that your privacy practices are solid before you care about how branded your privacy policy is.

Jonathan: And it's interesting too, within the world of commerce, folks understand this. You're going to have a shipping policy, a refund policy, there's going to be policies that you oftentimes find perfectly appropriate. You'll find ways to convey the message in something that is appropriate for your brand. But yet you're still going to be clear on the details, right? Because at the end of the day, your refund policy needs to be clear.

Donata: Correct, exactly.

Jonathan: Even if it's broad and generous, that needs to be explicit.

Hans: Absolutely.

Donata: Exactly. And just because it says here at Butterfly Enterprises, we don't share your data with anyone and it turns out that you send it to MailChimp.

Hans: So often we find that people say, "Well, I don't share my information with anyone," and we quickly find out, okay, when a form submission comes in, it's stored on your local server or it’s shared with your email provider. That helps us unravel and get people to realize, "Wow, I never thought of this." I'll be honest. I didn't think of it either. Like I didn’t even think of it when I created Termageddon as well.

Donata: Well, okay I did.

Hans: No, absolutely. Well, Donata's the newsletter editor for the American Bar Association. So she is the credibility. I'm the lost puppy in a forest trying to find itself out.

But realizing that has been something that I see people's eyes open up when I take them through the process of setting up their policies through our questionnaire. They're like, "I don't share it." I'm like, "All right, well, let's talk about this for a second." They're like, "Oh wow. I share with five different entities." And that's a great example of just the uncovering and the new world we're heading into that we've operated at a million miles an hour. Just trying to be as optimized as possible as a society. And now we are stepping back and realizing, you know what? Privacy is something we got to carry on the back of our shoulders because now it's legally required.

Thanks to our sponsor:This episode is brought to you by WP Activity Log formally WP Security Audit Log. This is something all store owners need to do. Stay on top of things with a detailed log of all store and product changes.

Their comprehensive activity logs that you can use with WooCommerce keeps you on top of what is going on with your shop managers and your team. You will be able to monitor and record when they make changes to products, order and coupons. And notably, it will help you with your store compliances. They make it easy to troubleshoot when there is something going on. In fact, you will be able to configure emails and instant SMS notifications to get alerted of critical changes.

Want to go a step further? You will see who is logged in and what changes are being made in real-time. And if needed, you can mange, limit, block and even terminate any user sessions. This is perfect for membership or subscription sites as it can help you control limitations on single user access.

There is a number of reports you can generate from the activity logs and you are able to use the search and filters for troubleshooting. In a nutshell, stay on top of it all. What is going on, where and when. No better way to manage your WooCommerce store. You can check them out at and click on the activity log for WooCommerce.

Now let’s head on back to the show.

Jonathan: There's some interesting opportunities too, or interesting conversations to have in the world of commerce. When you take a platform like Woo, open source, and a lot of it's how you choose to host it versus some of these proprietary platforms. And they can be explicit, but also you should know what are they doing with the data. Is it yours? Is it theirs? Like, how is that working? And I think that can become a relevant discussion for folks.

Hans: Extremely relevant discussion. In fact, I think it will swing businesses to the extremes. I think some businesses will become very successful because they've respected privacy all the way through. And I think some businesses will have challenges. And I think for some businesses, their DNA is in the hidden selling your data to a broker type model.

But to speak to your thoughts, Bob, I have come across policies where people are putting their own brand and messaging into their wording. And I get it, I'm not an attorney, so I get it. You're trying to have your voice and your consistent messaging and everything. And just to reiterate that, not as point, are you putting your brand into every single element of what you do in your life because maybe that's extreme and probably very expensive. Maybe it's policies, legal disclosures that you may want to have done without sacrificing, or without going too far and just questioning your brand.

Combining Your Policies

Bob: Yeah. Another thing I wanted to touch on a little bit. Okay. So you can generate four policies: privacy policy, terms and conditions, disclaimer, and end user license agreement. You obviously have these separated out for a reason. I've been guilty of this so you can shame me and throw me in the corner of the room with my face against the wall. It's probably a good idea, no matter what your site is about, to keep those four distinctively separate. I mean, when somebody wants to read your privacy policy, they should not also be forced into your disclaimer. Some of them obviously need to sit by themselves, like the end-user license agreement. But I'm guessing, even legally, or for user-friendliness, that it's not ideal to combine any of these, even a couple of them?

Donata: Most privacy laws actually state how your privacy policy needs to be displayed. And essentially what that means is they'll talk about how big the link needs to be, what color it needs to be, what font, blah, blah, blah. And the main thing that they say is you should not combine privacy policies with terms of service or any other policies, because it's confusing to the consumer. Also, the General Data Protection Regulation, which is the European Union law, expressly prohibits combining a privacy policy with the terms of service, because you can't make somebody give their personal information to perform a contract like terms of service, unless it's absolutely necessary to do so.

So it's a couple of things. Privacy law saying that it's prohibited, privacy law saying that it's confusing to individuals. Cases that show that if you had somebody agree to your privacy policy and terms of service at the same time, you can't show consent for your privacy practices, which is an issue with some laws, and then attorney general regulation saying, don't do it. So it's not a good idea all around because it's confusing and it's wrong from a legal perspective.

Bob: That makes sense.

The Termmageddon Experience

Well, I will admit and let everyone know that I didn't have a chance to really get serious about it, but I did go through the privacy policy process through Termageddon before this show, and I'm going to go back and tweak it some. But it was amazing. It's a no brainer. Like, "Duh, why wouldn't you just do this instead of dealing with figuring it our yourself? And the end result if easy to read and not reams and reams of information.

Jonathan: Or all in caps.

Bob: Yeah, it was impressive.

Donata: Good. I'm very happy to hear that.

Bob: And I sell very little on my site, but I write a lot and I do a contact form and all these different things. And I'm thinking, "Man, this is just one less headache," because I remember doing the copy-and-paste. That's what I did with mine. And it was just a nightmare. I would look at it and think through every paragraph, how does this relate to me? How do I make it relate to me? And then you'd go back later and found out you left some one thing in, from the copy-and-paste, that just was either embarrassing, or probably totally screwed up the legality of it. So that wasn't the best way to do it. That's for sure.

Hans: Well, I appreciate you trying it out. And I think you hit on a very important point, which is that people are going to sit there and stress about their privacy policy solution until they find one. And then there's usually no more stress, especially when that solution is one where you've built out a strategy to monitor and keep your policies up to date when the laws changed. That's what I think is going to be the most annoying thing, especially what we're going to see in America. There's just over a dozen states who have proposed their own privacy bills to protect their citizens. And each one of these privacy laws is unique, a few are mirrors from other laws, but many of them are very unique. So to stay on top of that when you're getting sales from across state lines, and having to process data of people differently, it's a nightmare.

Insights with Policies in the eCommerce World

Jonathan: Let's talk about that. Let's start with the world of commerce. So you have a have background in that. With the types of websites that you work with today through Termageddon, what rough percentage are commerce-related versus just general?

Hans: I would say 20% are eCommerce.

Jonathan: Any insights or perspectives you have on the world of commerce? So you already alluded to one of them, you could be selling to a lot of different places and privacy policies are unique. What insights do you have in the world of commerce specifically?

Cancellation and Refund Policies

Donata: I'd say from my personal experience, a lot of people don't know what their cancellation or refund policies are. They really have no idea. "Can a user get a refund? It's my store, but I don't know." That's something that you should really get down to is what your refund policy is instead of doing on a case-by-case basis, because that can be very time consuming. So creating Standard Operating Procedures and a refund policy is really important, at least in my opinion. And then I also see a lot of people who are using Stripe, or third-party payment processors. I think it's important for them to know that should also be disclosed as well. At least in your terms of service, that there's a third party collecting that information because some business owners might not know that.

Hans: The insights that I've seen is that the mass majority of people with eCommerce sites are using WooCommerce as the foundation to their eCommerce platform. And then the second most popular is Shopify. And then it is a steep dropoff. It's crazy. Like there's just a few of random ones I've never heard of. So I thought that was interesting as well. I think Donata had a great point when she said people come to generate their refund policy. Well, within the terms of service, you can have a refund policy or a separate refund policy, but either way, you're coming to that policy not even knowing what that is.

And I think just naturally when getting eCommerce websites going, you are excited about marketing, you're excited about sales. You're excited about all the stuff that happens before the transaction is actually made, but you got to think about the entire user experience from start to finish, and finish is usually 30 days after they've received the product. So my advice always would be know your refund policy, especially your warranties, your cancellation policies. Those are some great things to just think about and it's okay if you don't have one, you just need to disclose you don't have one. But figure it out yourself, what works for you and what you offer.

Jonathan: That's a good point, because they may not be prepared to create one right then. But at least cautiously acknowledge that you don't have one.

Hans: Absolutely. I think a lot of people want to provide a refund policy by default, which makes them all stressed out. I don't know what to do. Like, doesn't everyone offer a refund policy and yes, you remember the refund policy because you appreciate that as a human. I buy stuff from a place that has a good refund policy in case I don't like what I received, but sometimes you're offering things to the world that doesn't really make sense to have a refund policy. And it's escaping me a good example right now. I'm sure I'll think of a hundred later. But you don't have to have one. What's most important is you say you don't have one so that users can make the best decision for themselves.

Donata: Food.

Hans: Food. That's a great one. Things that expire.

Bob: Well, I have one very important question. This has nothing to do with privacy policy or eCommerce, but I was looking at your website and at the about page. I always loved reading about pages and Hans, I see that Donata enjoys beekeeping, hunting for morel mushrooms and walks with her fiance and two dogs. Now I'm assuming you like walking with Donata and your two dogs, but what about the beekeeping and hunting for mushrooms which you also point out on your about page. Since you said you also enjoy that, was that by osmosis or were you together one time and just found out you both like them?

Hans: It's the latter. We both wrote up basically what we had done in the last couple of days and that just stuck. That's awesome. You're the only person who's ever called me out on that, too. So happy wife, happy life.

Bob: Yeah, that was good. You covered yourself well there on the end so, and yes, you're engaged. I see that.

Donata: Yeah. We're definitely clearly talking about each other.

Jonathan: That's awesome.

Hans: We have a lot of fun together. We work from home and we have a nice forest preserve next to us that we find ourselves in everyday, so that's nice.

Jonathan: That's fantastic.

Bob: Very cool. Alrighty, well, announcements. And I guess I could probably have you on every week and you'd have an announcement with all the changes, but could we do a formal announcement on something that recently changed that you think might be important for people to know about?

California Consumer Privacy Act

Donata: Sure. So I think something that people need to know about is the California Consumer Privacy Act, which is a new privacy law protecting the personal information of Californians. It is set to be enforced on July 1st by the California Attorney General. And the California Attorney General, after being asked a bunch of times, said that COVID is not moving that enforcement date later. We've actually already seen a few private lawsuits concerning the California Consumer Privacy Act, because that went into effect January 1st. So before July 1st, make sure you have that privacy policy all figured out because that's when the AG, will start enforcing it.

Bob: All right.

The Pandemic and Growth Online

Hans: I don't really have too profound of an announcement. I would say that over the last six months, we've had seven states propose their own unique privacy bills. And then we had a pandemic, which certainly paused things in legislation, except for California and a few states who actually have added bills. But I think after this whole experience, more people are going to be online. I think there's going to be more demand for privacy and you have this amazing opportunity right now to take the time to learn about it, It's just like anything else in life, it's confusing and intimidating until you learn it. And then, it's really not that bad. I would just invite anyone, now's the time to be proactive rather than be reactive. And that comes by very rarely, at least from my experience.

Jonathan: That's a great way to think about it is there's opportunity for you to provide more value to the customers you serve, especially in the world of eCommerce and being proactive and learning a bit more about it now could help you provide more value and also less pain later.

Hans: Amen.

Donata: Yeah.

What’s Up at Woo

Bob: Jonathan, anything exciting going over on Woo?

Jonathan: Always. You mentioned WooCommerce Payments at the beginning, we're really happy with how that's going so far. We've got big plans and intentions for it. And it's now out of beta and we've had a lot of positive feedback. Also, a lot of things happening on the Woo Community side. Meetups are growing, as you can imagine, there's been a stronger than normal growth. Woo has been growing steadily for a long time, but the past few months, there's been a pretty sharp escalation of interest from a lot of different perspectives. So we're doing our best to keep up. But always good things happening. We're going to be at WordCamp Europe in a couple of weeks, with a virtual booth. So even if you're not in Europe, it's a good thing to check out. That's all I got, Bob.

Where to Find Donata and Hans Online

Bob: Well, great show and I was so anxious to get you two on here. Where's the best place to find both of you on the web?

Hans: So I'm on Twitter, @DeepSpaceHans. @DeepSpace, H-A-N-S.

Donata: And you can probably find me on LinkedIn, just search Donata, and you'll find me. And all of our social media is @Termageddon. So Twitter, Facebook, LinkedIn, Instagram, it's just @Termageddon and so you can always get in touch with one of us there, too.

Bob: Alrighty. I'd like to thank the sponsors once again, for your email marketing and cart abandonment,, just because then you can hang out with Jonathan and and keep on top of your site. Then, of course, I will have links for Termageddon, check it out. If you have an eCommerce store and you're not connected to Termageddon and you've got to get on it.

You can find this podcast on all your favorite apps. You can sign up for my news or listen to my news podcast, and you can become a friend of Do the Woo. I just want to thank you both for joining us today. It was excellent having you on.

Donata: Thank you for having us.

Hans: You both asked a lot of really good questions today, thank you.