Want your users to trust your product? It’s not just about the “fun” stuff like giving your product a personality, showing value quickly, and letting people feel a sense of control. It’s also about the “boring” stuff. What’s your privacy policy? How will you handle your users’ data? How will you write the digital meta-content that explains all of that to users? This stuff matters a lot.
To put the point first: You need to handle users’ data sensitively, and tell them so in language they’ll understand.
A best practice that is hard to execute is putting required legalese into plain language for users. Why is it hard? Well, it’s legalese. Most product managers aren’t including it because they like it. They’re including it at the behest of a legal advisor. They’re including it to CYA in case something goes wrong. And, because the source of legalese is usually a lawyer, it isn’t written with the typical online user in mind (sorry, lawyers).
The good news is, if we’ve done our research, we have a pretty good sense of what scares users. When I worked on digital health products sold through employers and insurance plans, our users had one big fear in common. They’d tell us that they assumed we shared their individual data with the HR manager or healthcare provider. They thought (wrongly) that using our programs was letting their bosses and doctors see their most private, personal information.
We had all the “data will only be provided in aggregate” language in the legalese but almost no one read it or understood it. Like many terms of service (ToS) documents, ours was a dense block of text that was hard to skim.
Our fix? We pulled that piece about not sharing individual data out of the huge text block and moved it to the front of the legalese. We rewrote it in simple language that doesn’t require a legal education to understand. We also repeated our commitment to privacy as we collected data in the product: “Remember, anything you share is confidential. Any reports we produce use average data from hundreds or even thousands of people.”
This change seems simple. It was, in many ways, simple.
But it wasn’t easy to pull off.
We had to make our legal reviewers comfortable that the simplified privacy statement was as legally protective as the dense, complicated one. It took a lot of rounds of review to get there.
If you work in an environment where you have this type of structured legal review, get to know your reviewers. Have some human conversations with them, outside of your review meetings (which can feel like trials). I found that once the legal counsel knew where I was coming from and trusted me a little, and once I understood their concerns and trusted them a little, it became much easier to find a solution that worked for both of us.
If you don’t work with a legal review requirement, you’re not getting off easy. It’s worth your while to ask someone with a technical and legal background to review your privacy policy against your actual practices to ensure it’s accurate. And then have a content expert collaborate with that legal advisor to rephrase your legalese so your typical user can understand it.
A company that I think has done a great job of revising their legalese so anyone can follow is Pinterest. Check out these samples from their privacy policy:
By reorganizing the content within the privacy policy so that it’s broken out by topic, written in clear language, and followed by a TLDR summary, Pinterest has made it much easier for their users to trust them.