Published:

Should you have different policies for your domain and subdomains? 

General

Photo of author

Donata Stroink-Skillrud

Co-founder and President of Termageddon

If you have a website under a particular domain (e.g. example.com) and a subdomain (e.g. shop.example.com), you may be wondering whether you need separate sets of policies for the main domain and the subdomains. Whether you will need separate policies will depend upon who owns the subdomain, whether having one set of policies would be confusing to the individuals reading the policies and your personal preferences. In this article, we will explore these factors so that you can make the right decision for your website and business. 

Who owns the subdomain? 

When determining whether to have separate policies for a domain and a subdomain, the first question that you should ask yourself is who owns the subdomain. For example, let’s consider a situation where the main domain is an informational website that links to a subdomain (e.g. pay.example.com). If the subdomain is actually a portal where customers pay their invoices and the subdomain is owned and managed by a third party (e.g. Quickbooks), chances are that the third party’s policies will apply to the subdomain as they are the owners of the subdomain. In that case, you would not need to worry about the policies for the subdomain since that would be the responsibility of the owner of the subdomain. It is important to note that some third parties may still require you to have your own policies for the subdomain so it is important to double check this with the third party to confirm that you will not need to provide your own policies for the subdomain. 

On the other hand, if the subdomain is owned by you and not by a third party, you will need to have policies that cover that subdomain. Thus, your next question should be whether you can use the same policies for your domain and subdomain or if you should have separate policies. 

Would using the same policies for a domain and subdomain be confusing? 

Typically, the standard practice for most business websites is to use one set of policies for a domain and subdomain. This is due to the fact that a subdomain lives under the umbrella of the main domain and is thus a part of the website under the main domain. The main reason why a company would want to deviate from this typical setup and have separate policies for a domain and a subdomain is if the typical setup would be confusing to the individuals reading the policies. 

For example, let’s consider a situation where the main domain uses Google Analytics and the Meta Pixel. If the subdomain does not use analytics or advertising tracking tools, an individual visiting only the subdomain may be confused as to whether they are actually being tracked or not. Ideally, if users can visit the subdomain without visiting the main domain and the privacy practices between the subdomain and the domain are drastically different, then you would want to consider separate policies. However, if you do not believe that having one set of policies would be confusing, then you can choose the more typical setup of having one set of policies to cover both. 

Lastly, choosing to have separate policies can come down to the personal preferences of the business owner. If you prefer to have one set of policies to make updating and managing those policies easier, then this may be the right choice for you. 

How to display your policies on your domain and subdomain

Whether  you choose to have one set of policies or separate sets of policies for your domain and subdomain, it is important that those policies are properly displayed. If you choose to have one set of policies for both your domain and subdomain, you should ensure that both the domain and subdomain have those policies clearly listed as you cannot assume that a website visitor will visit both the domain and the subdomain. If you decide to list your policies in the footer of your website, they should be clearly visible. You can achieve this by using contrasting colors from the footer, different font from the surrounding text and larger type size from the surrounding text to make sure that the policies are clear and conspicuous. 
Regardless of whether you choose to have one set of policies or separate sets of policies, you should ensure that the policies contain all of the disclosures that are required by the laws that apply to you and that they are updated with new disclosures as legislation changes. If you do not currently have policies or do not have a strategy to keep your policies up to date as laws change, make sure to check out the Termageddon auto-updating website policy solution.

Photo of author
About the Author
Donata Stroink-Skillrud

Donata is the Co-founder and President of Termageddon and a licensed attorney and Certified Information Privacy Professional. She serves as the Vice-Chair of the American Bar Association's ePrivacy Committee and the Chair of the Chicago Chapter of the International Association of Privacy Professionals.

Search the Site
Popular Articles
Browse by Category

Comparing Policy Generators

Cookie Consent Banner

Cookie Policy

Culture

Disclaimer

EULA

How To's

Privacy Policy

Terms of Service

Subscribe for Updates