some.im
开始使用

privacy-policy-drafter

Category: Coding Risk: High risk ★ 4.6 · Rating 4.6/5 (1014) mohitagw15856/pm-claude-skills MIT

Rating is derived from the repo's GitHub stars and shown for reference.

credential_access
Download zip View source

name: privacy-policy-drafter
description: "Draft a clear, plain-language privacy policy tailored to what a product actually collects and does with data. Use when asked to write a privacy policy, draft a data-protection notice, or create a GDPR/CCPA-aware privacy statement. Produces a structured policy covering data collected, purposes, legal bases, sharing, retention, user rights, and contact — written to be readable, not boilerplate. Not legal advice; have counsel review before publishing."

Privacy Policy Drafter Skill

A privacy policy should tell users plainly what you collect, why, and what control they have — not hide it in legalese. This skill drafts a structured, regulation-aware policy from how the product actually handles data. Not legal advice — a qualified lawyer should review before you publish, and obligations vary by jurisdiction.

Working from a brief

Given a product description, draft the full policy anyway, inferring typical data flows and marking each inference (confirm — reflects assumed practice). Never leave "[company name]"-style gaps un-flagged, and never state a practice the founder didn't confirm as fact without labelling it an assumption.

Required Inputs

Ask for (if not already provided):

  • Product / company and what it does
  • Data collected (account info, usage/analytics, payment, location, cookies, etc.)
  • Why it's collected and who it's shared with (processors, analytics, payment, ads)
  • Jurisdictions / regulations in scope (GDPR, UK GDPR, CCPA/CPRA, others)
  • Contact for privacy requests and whether there's a DPO

Output Format

A ready-to-review policy with these sections:

  1. Who we are & scope — controller identity, what the policy covers, effective date
  2. Information we collect — categorised (provided / automatic / from third parties), each with examples
  3. How and why we use it — purposes, with legal bases where GDPR applies (consent, contract, legitimate interest…)
  4. Cookies & tracking — types used and how to control them (link to a cookie notice if separate)
  5. Sharing & disclosure — processors and third parties, why, and cross-border transfer note
  6. Retention — how long, and the criteria for deciding
  7. Your rights — access, deletion, correction, portability, objection, opt-out of sale/sharing; how to exercise them
  8. Security — high-level measures (no false guarantees)
  9. Children — whether the service targets/permits minors
  10. Changes & contact — how updates are notified; the privacy contact / DPO

End with: ⚠️ Review checklist — the specific items counsel must confirm (legal bases, retention periods, transfer mechanism, sub-processor list).

Quality Checks

  • Each data category ties to a stated purpose (and legal basis where GDPR applies)
  • User rights and how to exercise them are explicit
  • Retention is addressed, not skipped
  • Plain language — readable by a non-lawyer
  • Assumptions flagged; "not legal advice — counsel must review" retained

Anti-Patterns

  • Generic boilerplate that doesn't match what the product does
  • Claiming GDPR/CCPA compliance as a fact rather than reflecting practices
  • Vague "we may share with third parties" with no categories or purpose
  • Overpromising security ("your data is 100% safe")