Privacy Policy Readability Assessment Checklist

Published at 12:57 on 17 Jun 2025

There are three key elements that determine how easily your audience is able to interpret your privacy policy:

  1. Structure
  2. Language and Tone
  3. Accessibility.

How does your privacy policy stack up? We cover some key elements of a clear privacy policy here, and there’s a downloadable checklist at the bottom. 

Table of Contents

Privacy Policy Structure

Key elements to consider

  • Headers
  • Skimmability & Flow
  • Searchability
  • Formatting
  • Mobile-Friendliness

In-Detail

Headings and Subheadings

Header Hierarchy: Use H1 for the policy title, H2 for main sections (e.g., “Our Commitment to Privacy,” “What Information We Collect”), and H3 for subsections (e.g., “Personal Information,” “Non-Personal Information”).

Clarity & User-Focus: Use actionable and clear headings. Instead of “Data Usage,” try “How We Use Your Information” or “What We Do With Your Data.”

Navigability: Ensure that if you implement a table of contents, it’s easily visible and clickable. This is essential for policies over 1,500 words. Make it sticky or easily accessible throughout the document.

Skimmability

Top-Heavy Content: Most important info first in the document and each section.

Whitespace: Ample space between paragraphs and around headings to prevent dense text blocks.

Short Paragraphs: Aim for 1-3 sentences per paragraph; ideally, one idea per paragraph.

Extensive Lists: Use bullet points or numbered lists frequently for types of data, purposes, or user actions. Keep list items brief.

Strategic Bolding: Use bold sparingly to highlight only critical keywords or phrases. Avoid over-bolding.

Short Sentences: Aim for an average of 15-20 words per sentence. One main idea per sentence.

Searchability

Ensure the text is selectable and easily searchable (e.g., not an image-only PDF).

Formatting

Consistent Formatting: Use consistent font styles, sizes, and colors for headings, body text, and links. Avoid excessive bolding, italics, or all caps, as these can hinder readability.

Mobile-Friendliness

Test your policy on various mobile devices (smartphones, tablets) to ensure it renders correctly, is easy to scroll, and doesn’t require excessive zooming or horizontal scrolling.

Language and Tone

Easily Readable: Aim for a readability score of no higher than grade 10. Use the Hemmingway Editor to check your readability scores and identify hard-to-read sentences. 

Avoid Legalese: Replace terms like “heretofore,” “hereinafter,” “whereas,” “indemnify,” “notwithstanding,” and “in conjunction with” with simpler language.

Define Technical Terms: If you must use a technical or legal term (e.g., “de-identification”), define it clearly and concisely. It’s helpful to include a glossary of terms, and if you can make the glossary accessible by the user hovering above the technical term. 

‘You’ language: Use “you” and “we” to make the policy more conversational and less like a formal legal document.

Active Voice: Instead of “Your data is collected by us,” write “We collect your data.” Grammarly offers a free passive voice checker

Concise: If a sentence can be shorter without losing meaning, shorten it.

Empathetic Tone: Use phrases that demonstrate respect for user privacy, such as “Your privacy is important to us,” or “We are committed to protecting your personal information.”

Avoid Ambiguity: If there’s any doubt, rephrase for clarity.

Consistent Terminology: If you use “personal information” in one section, don’t switch to “personal data” in another unless there’s a specific, defined difference.

Accessibility

Contrast and Font Size: Ensure text color contrasts sufficiently with the background (e.g., dark text on a light background). Use a font size that is easily readable without zooming, typically at least 16px for body text on web pages.

Screen Reader Compatibility: If your policy is on a website, ensure it’s built with proper HTML semantic elements (headings, paragraphs, lists) so that screen readers can interpret and read the content effectively. Avoid using images of text.

Alternative Formats: Clearly state that individuals can request the policy in alternative formats.

Download the checklist here (no personal information required)

Privacy, security and training. Jodie is one of Australia’s leading privacy and security experts and the Founder of Privacy 108 Consulting.