Best Privacy Policy Tool for Your Pop-Up Shop or Craft Business: Termly vs iubenda
Whether you run a pop-up boutique, sell crafts online, or have a booth at the flea market, you collect customer information. This includes emails from sign-up sheets at craft fairs, payment details from Square or Shopify POS, or analytics data from your Etsy shop or custom website. In most US states and all of the EU, collecting this data means you legally need a privacy policy. Don't hire an expensive lawyer. A simple tool for about $20/month can handle it perfectly so you can focus on sourcing products or creating.
READY TO TAKE ACTION?
Use the free LaunchAdvisor checklist to track every step in this guide.
The quick answer
If you have an online store (Shopify, Etsy, Square website), collect emails for your newsletter (even on paper at a market), use Square or Stripe for payments, or have social media tracking pixels installed, you are collecting data. Termly is the best starting point for most US-based craft sellers, resellers, and boutique owners. It offers strong GDPR and CCPA coverage, sends automatic update notifications when privacy laws change, and includes a clear cookie consent banner for your website. iubenda is the stronger choice for businesses selling internationally, especially those with significant EU customer traffic. Free generators are acceptable only for the most basic static websites with no direct data collection, but they miss the ongoing compliance monitoring that makes paid tools worth the monthly cost.
Side-by-side breakdown
Termly: Costs $10-20/month. It covers major regulations like GDPR, CCPA, and COPPA, which is important even for small online shops. It auto-updates your policies when laws change, includes a cookie consent banner for your website (crucial if you use Google Analytics or Facebook Pixel), and generates a privacy policy, terms of service (great for your online store), and a cookie policy. This is a strong fit if your customer base is mostly US-based, whether you're selling custom jewelry or vintage clothing.
iubenda: Ranges from $9-27/month depending on your plan. It was developed in Italy, so EU compliance is its main focus. It offers multi-language support, which is handy if you ship globally, and is IAB TCF certified (important for EU advertising compliance). Choose this if your handcrafted items or unique products frequently ship to Germany, France, or other international destinations, or if your online ads target a global audience.
Free generators (PrivacyPolicies.com, Termly free tier): These are adequate for a very basic site, perhaps just a simple gallery linking to your Etsy store without any other features. They offer no auto-updates and no ongoing compliance monitoring. They may also miss state-specific requirements. Only use a free option if you collect minimal data (e.g., no email list, no payment processing directly on your site, no analytics beyond basic server logs) and plan to review your policy every 90 days. If you use Square, Shopify Payments, Google Analytics, or a Facebook Pixel, a free generator likely isn't enough.
When to choose Termly
Choose Termly when you are a US-based craft seller, reseller, or boutique owner, and your primary sales are within the US. If you use common US e-commerce platforms like Shopify, Etsy (for your custom domain storefront), or Square Online, Termly is a great fit. It allows you to set up your privacy policy once for your online store, your email signup forms (whether digital or from a market clipboard), and your standard payment processors. Then you can focus on creating, marketing, and selling. Termly's interface is the most intuitive for first-time business owners, and their support is thorough.
When to choose iubenda
Choose iubenda when a significant portion of your online sales or customers are located outside the US, especially in the EU. This is true if you ship your unique handcrafted items or curated boutique products globally, or if you run advertising (like Instagram ads) that targets a broad international audience requiring IAB TCF consent framework compliance. If your customers are in multiple countries with different legal requirements, iubenda’s legal monitoring team tracks regulatory changes across dozens of jurisdictions, giving you better peace of mind for your global pop-up shop.
When a free generator is acceptable
Use a free generator only if you have a static informational website that simply shows photos of your products, lists your upcoming market dates, and links to your social media or a marketplace like Etsy. This means no email collection forms, no advertising pixels, no direct online sales, and no website analytics beyond what your basic web host provides. This describes very few pop-up shops or craft businesses today. If you have Google Analytics installed, a Facebook Pixel running, or collect customer emails for your newsletter, you are already past the threshold where a free generator is sufficient.
The verdict
For most US-based pop-up shops, craft sellers, or resellers: Termly. For those with significant international customers or sales: iubenda. Neither tool should take more than 30 minutes to set up, which is less time than arranging your display booth. Publish your privacy policy, terms of service, and cookie policy before you drive any paid traffic to your online store or social media. Some ad platforms, like Facebook and Google, will require these policies before they approve your advertising account.
How to get started
1. List every type of data you collect: This includes names and emails from market sign-up sheets, payment info from Square, Stripe, or Shopify Payments, analytics data from your website or Etsy store, cookies from your website visitors, and even customer photos if you post them on social media. 2. Choose Termly (US focus) or iubenda (international focus) based on where your customers are primarily located. 3. Use their guided wizard to generate your privacy policy, terms of service (essential for any online shop selling goods), and cookie policy. 4. Publish all three pages on your website with clear links in the footer (e.g., your Shopify store, custom domain for online orders, or a dedicated page if you use Square Online). If you primarily sell on a marketplace like Etsy, ensure these links are included in your shop policies or 'About' section if allowed. 5. Enable the cookie consent banner on your website before running any paid advertising, like Instagram ads, Facebook promotions, or Google Shopping campaigns.
RECOMMENDED TOOLS
Termly
Privacy policy + cookie consent banner — best for US businesses
iubenda
Best for EU compliance and international audiences
PrivacyPolicies.com
Free generator for simple sites
Some links above are affiliate links. We may earn a commission if you sign up — at no extra cost to you.
FREQUENTLY ASKED QUESTIONS
Do I need a privacy policy if I do not sell products online?
Yes, if your website collects any data — including email addresses, contact form submissions, or analytics. GDPR applies to any business that collects data from EU residents regardless of where the business is located. CCPA applies to businesses collecting data from California residents above certain thresholds.
What is a cookie consent banner and do I need one?
A cookie consent banner informs visitors that your site uses cookies and, in many jurisdictions, requires their consent before non-essential cookies are set. GDPR requires explicit consent for analytics and advertising cookies. CCPA requires a Do Not Sell My Personal Information option. If you run Google Analytics or any advertising, you need a compliant banner.
How often should I update my privacy policy?
Update it whenever you add a new data collection method, change a third-party service that handles user data, or when a new privacy law takes effect in a jurisdiction where you have users. Paid tools like Termly and iubenda alert you when updates are needed.
Apply This in Your Checklist