Where to Put Privacy Policy and Do Not Sell or Share Links on Your Website

For most websites, the footer is the default place for the main Privacy Policy link. Users expect to find it there, and many businesses also place Terms and Conditions, refund links, contact information, and other core legal pages in the same area.

The problem is that a footer link does not answer every placement question. If your business collects personal information through signup flows, checkout, account creation, lead forms, booking forms, newsletter forms, or embedded tools, some disclosures need to appear closer to those collection points than the footer alone provides.

A privacy policy works best when it is available through a persistent footer link and can also be reached from the flows where users are making meaningful decisions. That often includes signup, checkout, subscription enrollment, account settings, and app-store listing pages where your business is asking people to trust the product with payments, personal information, or both.

If your site relies on hosted legal pages, the link should be presented as part of the customer's own site structure. In other words, the user should experience the Privacy Policy as one of your published legal pages, even if the underlying document is hosted elsewhere.

California's Notice at Collection is not just another footer page. If the notice is required, it belongs at or before the point where personal information is collected. That often means placement near an account-registration form, newsletter signup, checkout flow, financing form, loyalty signup, or another collection interface.

For online businesses, this leads to two common patterns. The business either places a direct notice near the form or links from that form to a notice that is specific enough to cover the categories collected, the purposes of use, any sale or sharing disclosures, retention information, and the path to the full Privacy Policy.

If your business sells or shares personal information under California law, the opt-out path should not be buried inside the middle of the Privacy Policy. The safer pattern is a clear and conspicuous footer link or button labeled Do Not Sell or Share My Personal Information, Your Privacy Choices, or another compliant alternative that fits the current rules.

The right location depends on how your site is used, but the link should be easy to find without forcing the user to read the whole policy first. Many businesses place it in the footer alongside the Privacy Policy, and some also surface it in account settings, cookie or consent interfaces, and privacy-rights screens so the opt-out path is visible wherever a user would reasonably look for it.

Access, deletion, correction, and similar request methods should be published in the Privacy Policy, but users should not have to hunt through a long document to figure out how to use them. If your business relies on a request form, privacy email address, dashboard flow, mailing address, or phone channel, that path should be linked in your policy and be reachable from a footer or help-style location on your site.

The same logic applies to appeal paths in states that require them. A privacy-rights path is more useful when it is treated like a real support channel instead of a line hidden in dense disclosure text.

A public website footer is important, but apps and account-based products need privacy links in more than one place. App businesses often need the Privacy Policy in the app-store listing and inside the app itself. SaaS and membership products often need your policy, request path, and privacy choices path available from account settings, billing screens, or help areas as well as from the marketing site.

The relevant question is whether a user can find the correct notice or link at the point where that user is giving data, accepting tracking, paying, creating an account, or trying to exercise a privacy right.

The most common mistake is assuming the Privacy Policy alone covers every disclosure problem. The next mistake is publishing your policy but failing to surface the opt-out link, request path, or Notice at Collection where the user needs to see it. The third mistake is linking to a page that describes rights in theory while the real site has no working path for the user to act on them.

A business should review the footer, checkout, signup, account area, consent banner, and any form that collects data, then confirm that the placement of each privacy link matches the legal function of that link. The published links should follow the way your site operates, not the other way around.