Ask HN: How do you handle privacy policies for side projects?

2•sergei_pch•1h ago

I've been shipping side projects for a few years and every time I get to the "add a privacy policy" step, I hit the same wall.

Every generator I've tried (Termly, iubenda, TermsFeed) assumes I'm running a traditional stack with a legal department. None of them know what Supabase, PostHog, Vercel Analytics, or Lemon Squeezy are. I end up manually editing boilerplate to mention the actual services I use, and I'm never sure if I got it right.

The options seem to be: 1. Pay $10+/month for a subscription generator (for a document I generate once) 2. Copy someone else's policy and find-replace the company name 3. Spend hours reading legal guides and writing one from scratch 4. Ship without one and hope nobody notices

I'm considering building a generator specifically for developers — one that knows modern tech stacks, outputs markdown, no account required, one-time payment instead of subscription. Before I invest the time, I'm curious:

- How do you currently handle this? - Would tech-stack-aware presets (e.g. "I use Supabase + Stripe + Vercel") actually save you time? - What's your biggest frustration with existing tools?

Genuinely trying to understand if this is a real pain point or just my own annoyance.

Comments

nateb2022•1h ago

I just use an LLM for the most part, give it a quick proofread, and publish it.

sergei_pch•1h ago

That works until you need to verify it actually covers everything. GDPR Article 13 has a specific checklist of disclosures — data controller identity, legal basis per processing activity, retention periods, DPO contact. LLMs regularly skip some of these, and the output is different every time you regenerate. For a blog — fine. For a document that's technically a legal obligation — I'd want something deterministic.

jacquesm•1h ago

Simple: I don't collect data. Everything is stored locally, the site is 100% static, there are no analytics. Problem solved.

sergei_pch•1h ago

That's the ideal case, and I respect it. But the moment you add Stripe for payments, or any third-party auth, or even Vercel for hosting (which logs IP addresses), you're technically collecting data through third parties. Most side projects hit that point eventually, and that's where the policy question comes up.

jacquesm•1h ago

The moment you start charging it stops being a side project but it is a commercial enterprise with all of the required trappings, it's tough because there is an intermediary phase where you are then required to be a 'real company' but you can't afford the overhead that comes with that.

There used to be a whole raft of free privacy policy generators but all I can find for you right now is scalpers.

sergei_pch•17m ago

That's exactly the gap I'm trying to fill. You're in that in-between phase - charging money, so you need a real policy, but you're not at the point where you can drop $2,000 on a lawyer for three documents. The "whole raft of free generators" turned into subscription services or got acquired - that's what I found too. The ones left are either $12/month or produce generic output that doesn't reflect your actual stack. A one-time payment for a proper, stack-aware policy seems like it belongs in that intermediary phase.

jacquesm•11m ago

I'm almost tempted to spend the cash for a lawyer and make a donation to small time developers. Let me think about that.

coinfused•1h ago

37signals has open sourced theirs here

https://github.com/basecamp/policies

It hasn’t been updated in a while but they are a good starting point.

jacquesm•42m ago

Those look pretty good, I read through the privacy policy and it covers just about everything I would think of.

Still, if it is for commercial use I'd pass it by the lawyers to make sure it has been vetted.

sergei_pch•19m ago

Totally agree — for anything with real commercial stakes, lawyer review is the right call. The way I see it, a good generator gets you 90% there with accurate, stack-specific text, so when you do hand it to a lawyer, they're reviewing a solid draft instead of starting from scratch. Saves them time, saves you money.

sergei_pch•20m ago

Thanks for sharing — the Basecamp policies are well-written. The main gap I've found with using another company's policy as a template is that it describes their data practices, not yours. If you're using PostHog instead of Google Analytics, or Lemon Squeezy instead of Stripe, the specific disclosures (what data is collected, where it's processed, legal basis) are different. That's the part that takes the most time to get right manually.

Introduction to Human Behavioral Biology – Robert Sapolsky [video]

Tars – A local-first autonomous supervisor powered by Google Gemini

Nvidia expands open model families to power agentic, physical and healthcare AI

Eureka Manifesto: The Mission for Our Civilization

Mamba-3

We Banned React's UseEffect

Build a NAS Using FreeBSD on a Raspberry Pi

Nvidia announces Dynamo 1.0, first operating system designed for AI factories

Dark Matter as Gravitational Memory: A Causal Rail for Wave Function Collapse

Pap: Zero Trust AI Agents

Colorectal cancer now the most common cause of cancer deaths for people under 50

AI Drone Software Stock Jumps 520% in Best IPO Since Newsmax

API Extractor: TypeScript Analysis Tool for API Reports, Docs and .d.ts Rollups

Open AI is actively censoring information about voting today in the US

AI costs are showing up before revenue in public cloud companies

Firefox has killed its old mascot. Here's what the new (cute) one looks like

Ask HN: Best Tech News Sites

Framedeck: A Framework mainboard based Cyberdeck

HogPocket – Mobile dashboard for PostHog analytics

Apple can delist apps "with or without cause," judge says in loss for Musi app

Draft RFC for AgentPass, an open protocol for agent authorization

Anthropic Announces Dispatch for Claude Cowork

Optimal Tennis Match

How (some) good corporate engineering blogs are written (2020)

How Gregory Bovino became a face of Trump's deportations and ended his career

Krasis LLM Runtime – run large LLM models on a single GPU

People who built the future, in their own words – Oral histories from CHM

Fundamentals of Software Engineering: From Coder to Engineer

NIST Time Widget

Replit Is Pre‐Shopify‐2012