Privacy Policy for Etsy Shops — Free Template for Sellers

If you sell on Etsy, you might assume Etsy's privacy policy covers everything. It does not. Etsy's policy covers Etsy as a platform — how Etsy processes your customer data when they browse and buy. The moment you start communicating with customers directly, building an email list, or using any external tools, you become a data processor in your own right and need your own privacy policy.

When Etsy Sellers Need a Privacy Policy

You need your own privacy policy if you do any of the following:

• Collect customer email addresses outside of Etsy purchases (newsletter, freebie download, custom order form)
• Sell custom or personalized items requiring back-and-forth messages with customer data
• Run a separate website (Shopify, Squarespace, your own domain) alongside your Etsy shop
• Use email marketing tools (Mailchimp, ConvertKit, Flodesk)
• Run Pinterest, Facebook, or Instagram ads that capture leads
• Sell digital products that get delivered outside Etsy's system
• Sell to EU or UK customers (GDPR applies to YOU, not just to Etsy)
• Sell to California customers and your gross revenue exceeds $25M (CCPA applies, but most Etsy sellers are below this threshold)

Most active Etsy sellers do at least one of the above. If you have a Mailchimp account or your shop is part of a broader brand presence, you need your own policy.

What Etsy's Own Policy Covers vs What It Does NOT

Activity	Covered by Etsy	Need your own policy
Customer browses Etsy	Yes	No
Customer checks out via Etsy	Yes	No
Customer messages you on Etsy	Partially	Yes if you store/use the data
You build an external email list	No	Yes
Custom order form on your own site	No	Yes
You run Pinterest ads to your shop	No	Yes (Pinterest data)
You install marketing pixels	No	Yes

How to Generate Your Etsy Privacy Policy

1. Open the privacy policy generator
2. Enter your shop name (use your registered business name or shop name)
3. Enter your Etsy shop URL OR your external website URL (whichever customers will land on)
4. Enter a contact email (use your business email, not personal)
5. Check these data types: Name, Email, Mailing Address (for shipping), Payment Information (note: Etsy handles actual payment, but you receive the order details), Cookies (if you have a separate website)
6. Check third-party services you use: Mailchimp/Klaviyo/Flodesk for email, Pinterest if you run pin ads, Facebook Pixel if you advertise on Meta
7. Enable GDPR (Etsy is global — you will get EU customers)
8. Generate, copy, paste into your shop's Additional Information section or your external site

Where to Display Your Policy on Etsy

Etsy does not have a dedicated "privacy policy" field for sellers, which is part of the gap. Your options:

1. Add to your shop's "About" section. Paste a short summary and link to the full policy hosted elsewhere.
2. Add to "Additional Information" in your shop policies. This shows on every listing and gives you legal coverage.
3. Add a link in your message templates. If you respond to customer inquiries with a template, include a footer link to your privacy policy.
4. Host on a free site. Use a free Carrd, Notion page, or simple HTML page to host your policy. Include the URL in your Etsy shop description.
5. Add to email marketing footers. Every Mailchimp/ConvertKit email should have a privacy policy link in the footer.

What to Specifically Mention for Etsy Sellers

Beyond the standard sections, an Etsy seller policy should include:

• Your shop name and Etsy shop URL so customers know who they are dealing with
• That you receive customer info from Etsy when an order is placed (name, shipping address, message)
• How long you keep customer data (typically 7 years for tax purposes, longer if you maintain a customer list)
• Whether you use customer info for marketing (only with explicit opt-in — Etsy customers do NOT automatically join your email list)
• Your refund and return policy reference (separate document, but mention it exists)

Custom Order Specific Risks

Custom and personalized items often require sensitive customer data: dates (anniversaries, birthdays), names of loved ones, personal photos, addresses for engraving. Your policy should explicitly address:

• How you store custom order details (don't keep them indefinitely)
• Whether you use customer-submitted images or text in marketing (typically no without permission)
• How long you retain the personalization details after order completion

What Most Etsy Sellers Get Wrong

The most common mistakes:

1. Adding Etsy customers to your email list without consent. A purchase does not equal newsletter consent. You need an explicit opt-in.
2. Sharing customer photos without permission. Reposting a customer's photo of your product on Instagram requires their consent, especially for portraits.
3. Storing customer info forever. The longer you keep data, the more risk you carry. Set a retention period and follow it.
4. Ignoring international customers. Etsy is global. EU customers trigger GDPR even on a small US-based shop.

The 5-Minute Compliance Checklist

• Generate a privacy policy with the free generator
• Add it to your shop's About or Additional Information section
• Add a privacy policy link to your email marketing footer
• Create a separate consent step for newsletter signups (not "purchase = subscription")
• Set a data retention period and stick to it