What information should my privacy policy include regarding email?

Your privacy policy should clearly explain how you collect, use, and protect email addresses and related data. For collection, describe what email-related data you gather (email address, name, preferences, engagement data), how you collect it (signup forms, purchases, third parties), and the purposes for which you'll use it (marketing communications, transactional messages, personalization). Be specific about whether you purchase lists, share data with partners, or use subscriber information for purposes beyond email communication.

Address subscriber rights and controls comprehensively. Explain how subscribers can opt out of marketing emails, access their data, request corrections, or request deletion. Describe your unsubscribe process and how quickly you honor opt-out requests. If you operate under GDPR, include required disclosures about the legal basis for processing (consent, legitimate interest), data subject rights, and your identity as data controller. For CCPA, address the categories of personal information collected and consumers' rights to opt out of data sales.

Include practical details that build trust through transparency. Explain what third parties have access to subscriber data (ESPs, analytics platforms, CRM systems) and for what purposes. Describe your data retention practices-how long you keep subscriber information and what happens to data when someone unsubscribes. Address security measures you employ to protect email data, even if generally. If you use tracking technologies like open pixels or click tracking, disclose this practice. Your privacy policy regarding email should answer every reasonable question a subscriber might have about what happens to their information-before they have to ask.