Creating a website that people trust starts with protecting their personal information.

Privacy laws like GDPR and CCPA are designed to help with that, but they can feel confusing when you’re just trying to do the right thing.

Many of these rules ask you to add a ‘Do Not Sell My Info’ page to your site, and it’s not always clear where to start. I’ve been there myself.

After trying several different approaches, I found a step-by-step method that actually works for beginners.

In this guide, I’ll walk you through the exact process I use to build a professional ‘Do Not Sell My Info’ page in WordPress. I’ll also show you how to handle incoming requests, so you can protect your visitors’ privacy and stay compliant with international data laws.

Why Do You Need a ‘Do Not Sell My Info’ Page?

A ‘Do Not Sell My Info’ page gives your visitors a clear way to say they don’t want their personal data shared with outside companies. In many cases, this is required by law, but it’s also a smart way to build trust.

Some site owners assume that these kinds of privacy laws don’t apply to them because they’re not selling anything.

But under some laws, like the California Consumer Privacy Act (CCPA), “selling” personal information doesn’t just mean trading it for money. It can also include sharing user data with other companies for things like ads, tracking, or analytics—even if no money is involved.

For example, if your site uses ad networks, tracking pixels, or embedded YouTube videos, then you may still be seen as “selling” or “sharing” personal information under these laws.

Because the definitions are so broad, adding a ‘Do Not Sell My Info’ page helps you stay on the safe side of privacy rules while giving users more control over how their information is used.

As a website owner, it’s important to follow these laws and give your visitors real control over their data. While each regulation is different, most require you to let users opt out of having their personal information shared or sold to third parties.

This type of page is a specific requirement under the CCPA. Even though the GDPR doesn’t mention it by name, adding a ‘Do Not Sell My Info’ page can help meet its requirement to give users control over how their data is used.

But this isn’t just about legal compliance.

When visitors see that you take privacy seriously, they’re more likely to sign up for your email list, make a purchase, or stick around longer.

Overall, a ‘Do Not Sell My Info’ page helps meet modern privacy expectations and makes your site more trustworthy in the process.

How to Create a Do Not Sell My Info Page in WordPress

With privacy regulations getting stricter all the time, creating a ‘Do Not Sell My Info’ page is no longer just a good idea, but a legal requirement.

In this guide, I’ll walk you through the process of creating a ‘Do Not Sell My Info’ page on your WordPress website step-by-step. I’ll also show you how to manage user requests effectively, so you stay on the right side of the law.

Step 1. Set Up WPConsent

The easiest way to add a Do Not Sell My Info page in WordPress is by using WPConsent. This is the best privacy compliance plugin that helps you meet key privacy standards by giving users more control over their personal data.

WPConsent includes helpful features like cookie banners, privacy policy generators, and a consent log to track user permissions, which are all useful if you’re ever audited.

It also offers a Do Not Track addon, which lets you create a dedicated form page in just a few clicks. Visitors can fill out this form to tell you not to sell their personal information.

These requests are stored locally in a custom table on your site, so you can review and respond to them right away.

If you’re working with a limited budget, there’s also a free version of WPConsent available on WordPress.org.

It includes many essential features to help you comply with laws like the GDPR.

To use the Do Not Track addon, you’ll need the premium version. If you need help upgrading, take a look at our guide on how to install a WordPress plugin.

Once the plugin is active, you’ll see a quick onboarding wizard that walks you through setup, usually in under five minutes.

When you’re ready, click the ‘Let’s Get Started’ button to begin.

This setup wizard will guide you through several important tasks, such as scanning your site for third-party scripts and creating a cookie popup.

Completing these steps will help you comply with crucial privacy laws like the Personal Data Protection Law (PDPL), so I encourage you to go through the entire onboarding process.

After you’ve finished the setup, WPConsent will take you back to the WordPress dashboard.

Step 2: Create a WordPress Page 

WPConsent lets you add a Do Not Sell My Info form to any page or post on your WordPress site. However, to keep things simple, I suggest creating a new page especially for this important form.

In your WordPress dashboard, head over to Pages » Add Page.

You can now give this page a clear title, something like ‘Do Not Sell My Info.’ You can also add any other information you think is important, such as an introduction explaining what the form is for and why someone might want to use it.

When you’re happy with how the page looks, save it as a draft for now.

Step 3: Install the Do Not Track Addon

WPConsent includes tools to help you follow major privacy laws right away. But if you want to add a Do Not Sell My Info page, then you’ll need to install an extra addon.

In your WordPress dashboard, go to WPConsent » Do Not Track. When that screen loads, just click the ‘Install Do Not Track Addon’ button.

After a moment, WPConsent will automatically install and activate the addon for you.

Step 4: Create the ‘Do Not Sell My Info’ Form

Next, you need to head over to WPConsent » Do Not Track, and open the ‘Configuration’ tab.

Here, you’ll be able to choose where the form should appear.

Simply open the ‘Do Not Track Page’ dropdown and select the page you created earlier. This will automatically add a basic form to that page.

By default, the form includes a few essential fields:

• First Name
• Last Name
• Email

These are needed to identify the visitor, so WPConsent won’t let you remove them.

That said, you can update the labels if you want to use different wording—just change the text in the ‘Field Label’ box.

If you need more details from your users, you can also enable extra fields like:

• Address
• ZIP Code
• City State
• Country
• Phone

To include one, just check the box that says ‘Enable this field.’

These extra fields are optional by default.

But if there’s something you want to make mandatory, you can check the ‘Make this field required’ box.

Just like before, you’re free to update any of the field labels to match your site’s tone.

Once everything looks the way you want, scroll to the bottom and click the ‘Save Changes’ button.

Step 5: Adding the Form to Your Page

Now, you’re ready to add this form to the page you created earlier. In your WordPress dashboard, open that page for editing. 

Find the spot where you want to add the form and click the + icon.

In the box that appears, start typing ‘Shortcode’ to find the right block.

When the shortcode block appears, click on it to add it to the page.

You can now paste the following shortcode into the block: 

[wpconsent_do_not_track_form]

With that done, simply publish the page as you normally would.

You can now visit your WordPress blog or website to see the ‘Do Not Sell My Info’ page in action.

Step 6: Add Links to Key Areas

Now that you’ve created a ‘Do Not Sell My Info’ page, it’s important to make it easy for visitors to find.

One way to do this is by inserting a link from your Privacy Policy page to your ‘Do not sell info’ page. You might also consider placing it in a prominent spot like your website footer.

These small steps can go a long way in building trust. When visitors see that you’re open about your data practices, they’re more likely to feel confident browsing your site.

Step 7: Manage Incoming Requests 

Now that everything is set up, WPConsent will automatically log each request and display it in your WordPress dashboard. This makes it easier to stay on top of privacy requests as they come in.

To check your current requests, go to WPConsent » Do Not Track and make sure the ‘Requests’ tab is selected. You’ll see a list of all submissions along with key details for each one.

How you respond depends on how you manage customer information. For example, you might add a note to your CRM tool to mark the user as opted out.

You can also export your list of requests as a CSV file. This can be helpful for recordkeeping or auditing.

To do that, just open the ‘Export’ tab under WPConsent » Do Not Track.

First, click the ‘From’ field and choose a start date.

Then, select the end date by clicking the ‘To’ field.

By default, WPConsent includes all requests, both processed and unprocessed.

If you only want to see requests that still need attention, it’s a good idea to check the box that says ‘Export only “not processed” entries.’

Planning to act on those requests right away?

You might also want to check the box that says ‘Mark exported data as processed.’ That way, WPConsent will automatically update the status in your dashboard.

If you do that, make sure to follow through and complete each request. That helps keep your dashboard accurate.

Once everything’s ready, simply click the ‘Export’ button to download your CSV file.

If you didn’t mark them as processed automatically, you’ll need to close each one manually. To do that, hover over the request in your dashboard and click the ‘Mark as processed’ link.

Processed requests will be clearly labeled, so you can quickly see which ones are still open.

What to Do When Someone Opts Out

When one of your website visitors asks you not to sell or share their personal information, logging the request is just the first step.

The next step is to delete that user’s personal data from your website.

Fortunately, WordPress includes a built-in erase tool that lets you remove a user’s data on request.

You can find it by going to Tools » Erase Personal Data in your dashboard.

Using this tool helps you stay compliant with laws like the CCPA and GDPR, especially if you’ve collected contact information through forms, comments, or email signups. It’s a simple way to make sure you’re following through on privacy requests.

Do Not Sell My Info Pages: FAQs

Data compliance is a serious topic, so it’s understandable if you still have some questions.

To help you out, I’ve collected all the most frequently asked questions about setting up a ‘Do Not Sell My Info’ page in WordPress.

What is WPConsent, and why should I use it?

WPConsent is a comprehensive plugin designed to help WordPress website owners comply with various privacy regulations, such as the Lei Geral de Proteção de Dados (LGPD), CCPA, and GDPR. 

WPConsent makes it easier to create and manage essential privacy pages and features on your site, allowing you to meet legal requirements and build trust with your audience.

How does a ‘Do Not Sell My Info’ page differ from other privacy pages?

A ‘Do Not Sell My Info’ page serves a specific purpose: it lets users opt out of the sale of their personal data. This is required by various privacy laws, including the California Consumer Privacy Act (CCPA).

Typically, your website will have other privacy-related pages, but they won’t offer this particular function.

Can I use other privacy plugins alongside WPConsent for enhanced compliance?

Yes, you can use WPConsent with other privacy and security tools. For example, you might use WPConsent to manage your ‘Do Not Sell’ requests. At the same time, you might use a plugin like Sucuri to check your site for security weaknesses that could cause a data breach.

What should I do when a user sends me a ‘do not sell’ request?

Once you receive a request, you need to make sure you honor it properly. This means updating your internal data handling practices in order to reflect the user’s wishes.

For example, you might need to:

• Update your records: Mark the user’s profile in your database or CRM system. For example, you could add a ‘Do Not Sell’ tag to their contact record in your CRM software. This makes it clear to your team that their data should not be sold.
• Notify relevant teams: Ensure everyone involved in data processing knows about the request. After that, they can avoid any actions that would violate the user’s preferences.
• Review data flows: If you share data with third parties, then confirm this user’s data is no longer included in those transfers.
• Document the action: Keep a clear record of when you received the request and how it was processed. This documentation will also help you demonstrate compliance if you’re ever audited. The good news is that some tools log all user requests automatically, such as WPConsent.

If you don’t honor these requests, then you could face legal penalties, including significant fines and serious damage to your website’s reputation.

With that in mind, it’s essential that you take immediate action every time you get a ‘Do Not Sell’ request.

Is it important to regularly update the ‘Do Not Sell My Info’ page?

Absolutely. Regular updates are vital to ensure you’re complying with the latest legal requirements. 

Privacy laws can evolve over time, and new regulations might come into effect. By keeping your page up-to-date, you can avoid potential penalties and other legal issues.

You also need to ensure your compliance reflects any changes you make in how you handle data. For example, if you start collecting new types of data or partnering with new third parties, then your ‘Do Not Sell My Info’ page should reflect those changes.

When it comes to reviewing and updating your ‘Do Not Sell My Info’ page, I recommend adding this task to your website maintenance checklist.  

Additional Resources for Privacy Compliance

Navigating data privacy can be complex, but having the right resources to hand makes things much easier.

With that said, here’s a list of extra articles and guides to help you continue your compliance journey:

• How to Know if Your WordPress Website Uses Cookies
• How to Add WordPress Analytics Without Cookies
• How to Keep Personally Identifiable Info Out of Google Analytics
• How to Stop Storing IP Addresses in WordPress Comments
• How to Make Google Fonts Privacy Friendly

I hope this guide has helped you add a Do Not Sell My Info page to your WordPress website. Next, you may want to see our expert picks for the best WordPress security plugins or our ultimate WordPress security guide.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Create a Do Not Sell My Info Page in WordPress first appeared on WPBeginner.

Recently, we discovered something alarming while auditing one of our clients’ websites. Email addresses and phone numbers were showing up in their Google Analytics reports, exposing sensitive visitor information that they never intended to collect.

Collecting personally identifiable information from users can be a major issue. Not only does it violate privacy regulations like GDPR, but it also puts your business at risk of hefty fines and losing the trust of your customers.

But here’s the good news: preventing personally identifiable information (PII) from ending up in your analytics is actually quite straightforward once you know how.

We’ve spent years working with Google Analytics across hundreds of websites, and we’ve developed a foolproof system to keep sensitive data out of your reports. In this guide, we’ll show you exactly how to protect your visitors’ privacy while still getting all the valuable insights you need from your analytics data.

What Is Personally Identifiable Information, and Why Should You Protect It?

Personally Identifiable Information (PII) is any data that, when combined, can reveal a person’s identity.

Some common examples of PII include:

• Full name (first and last)
• Email address
• Phone number
• Home address
• Credit card information
• Login credentials (usernames and passwords)
• IP addresses (when linked to individuals)

The problem is that PII often sneaks into Google Analytics through URLs.

Let’s say that users submit personal details on contact forms or login pages on your WordPress site. This data can be embedded in the URL of the next page they visit.

The URL might look like this:

www.example.com/contact-us/[email protected].

In that example, we can see that the URL shows the user’s email address.

Why Should You Keep Personal Info Out of Analytics?

Privacy laws like GDPR are serious about protecting personal data. That’s one reason why Google doesn’t allow businesses to collect or store PII.

If your Google Analytics account is capturing PII, you could end up in trouble, facing hefty fines or having your account suspended.

And it’s not just a technical issue – it can have real consequences for your business. Users expect businesses to respect their privacy. But if they feel their data isn’t safe, they might take their business elsewhere.

That’s why it’s so important to keep PII out of your Google Analytics data.

With that in mind, we’ll show you how to keep personally identifiable information (PII) out of Google Analytics. Here’s a quick overview of the 2 methods we’ll share with you:

Ready? Let’s get started.

Method 1. Using a Plugin to Keep Personally Identifiable Info Out of Google Analytics

Google Analytics can be overwhelming to navigate, especially when trying to ensure compliance with privacy regulations.

Managing cookie consent, anonymizing IP addresses, and adjusting privacy settings can quickly become overwhelming. For many people, sorting through these settings and ensuring compliance is no easy task.

If you’re a WordPress user, then we have good news for you.

MonsterInsights is the best WordPress analytics plugin, and it integrates seamlessly with Google Analytics 4 (GA4). With its Privacy Guard feature, it offers privacy-friendly tracking that you can manage directly from your WordPress dashboard.

ℹ️ Quick note: MonsterInsights powers our conversion tracking at WPBeginner, helping us monitor traffic, forms, buttons, referral links, and more with ease. See why we love it in our detailed MonsterInsights review!

Step 1. Install and Activate the MonsterInsights Plugin

First, let’s get started by creating a MonsterInsights account. Just head over to the website and click the ‘Get MonsterInsights Now’ button.

You can then go ahead and choose a plan. For this tutorial, we recommend the Plus plan or higher, as it includes the Privacy Guard feature to help with compliance.

After signing up, you can install and activate the MonsterInsights plugin on your WordPress site. For step-by-step instructions, see our guide on how to install a WordPress plugin.

Step 2. Connect MonsterInsights to Your Google Analytics Account

Upon activation, you’ll need to connect the MonsterInsights plugin to your Google Analytics account.

In your WordPress dashboard, you need to go to Insights » Launch the Wizard to start the setup.

After that, you’ll select the category that best describes your website.

MonsterInsights gives 3 options – business site, publisher (blog), or eCommerce (online store).

After selecting a category, simply click ‘Save and Continue’ to proceed.

On the next screen, you can click ‘Connect MonsterInsights’ to start the connection process.

Then, you can follow the prompt to sign in to your Google Analytics account.

Upon signing in, you can select the website you want to track from the dropdown menu.

From here, go ahead and click the ‘Complete Connection’ button. MonsterInsights will then automatically install Google Analytics on your WordPress website.

For details, feel free to refer to our guide on how to install Google Analytics in WordPress.

Step 3. Enable the Privacy Guard Feature

Keeping Personally Identifiable Information (PII) out of your tracking doesn’t have to be complicated.

With MonsterInsights’ Privacy Guard, you can do it in just a few clicks!

This feature automatically scans your website for sensitive information. It checks for any private details and prevents them from being stored in your analytics reports.

These details can be:

• Form submission data, such as personal information entered in contact or registration forms.
• URL data, which is the full web address of the page, including the domain name, path, and any additional information.
• Query parameters, which are the bits of data in URLs, like “?id=1234.” They often track specific user actions or provide extra information to the website.

To do this, let’s navigate to the Insights » Settings » Engagement tab.

From here, you can go ahead and turn on the ‘Privacy Guard’ switch – that’s it!

MonsterInsights will now help protect personally identifiable information and keep you compliant with privacy laws.

Method 2. Keeping Personally Identifiable Info Out of Google Analytics

In this method, we’ll guide you through configuring the settings that you need to keep PII out of Google Analytics directly from its dashboard.

This option is best for advanced users, as it gives you full control over the setup.

Additionally, since this method isn’t limited to WordPress, you can follow along even if you made your website with a different website builder.

First, you’ll need to sign in to your Google Analytics account.

Go ahead and click on the ‘Sign in to Analytics’ button.

In the dashboard, let’s hover over the sidebar and click the ‘Admin’ menu.

Once inside, you’ll want to locate the ‘Data collection and modification’ section.

After that, let’s click on ‘Data streams.’

This will take you to the table, which lists all your data streams.

Now, you can select your website from the list.

This will open the ‘Web stream details’ slide-in.

From here, let’s scroll down to the ‘Events’ section and click ‘Redact data.’

On the next screen, you will see the ‘Redact data’ menu.

The ‘Choose what to redact’ section of this slide-in has two switches at the top.

Let’s first redact email addresses by flipping the switch. Google Analytics will then automatically exclude email addresses from the data it collects.

Then, you can filter out other PII by entering query parameters.

To do this, you’ll need to enable the switch for ‘URL query parameter.’ Then, you can enter your query parameters in the respective field.

For example, here, we added ‘name,’ first_name,’ ‘last_name,’ and ‘ip_address.’

Once everything looks good, you can save your settings.

Google Analytics will now help protect PII and keep your site privacy-compliant.

Bonus Tips for Privacy Compliance on Your Website

Keeping personal info out of analytics reports is just one way to comply with privacy regulations. We also recommend following these tips:

• Show a cookie notice on your WordPress website. This popup message allows users to give their consent for tracking cookies on your website. Plus, it’s super easy to set up with a powerful plugin like WPConsent.
• Create GDPR-compliant forms. With a form plugin like WPForms, you can easily add GDPR agreement fields to your forms, disable user cookies and details, and delete user data when requested.
• Add a GDPR comment privacy checkbox. Comment plugins like Thrive Comments can help your discussion section comply with GDPR with just the click of a button.

For more details, just see our complete guide to GDPR compliance for WordPress users.

FAQs About Keeping Personally Identifiable Info Out of Google Analytics

Keeping PII out of Google Analytics is important for privacy and compliance. If you still have questions, feel free to take a look at some quick answers to common questions:

How does Google handle user data and privacy concerns?

Google takes privacy seriously. It anonymizes data and complies with strict regulations like GDPR.

While Google provides tools to help businesses protect user privacy, it’s ultimately up to the businesses to make sure they don’t collect personally identifiable information (PII).

Does Google Analytics collect personally identifiable information?

Not by default. But if you’re not careful, PII can sneak in through URLs, form submissions, or custom tracking settings. That’s why it’s important to set things up correctly.

Do all sites with analytics need cookie warnings?

Yep! If your site tracks users with cookies (like Google Analytics does), then privacy laws like GDPR and CCPA require you to show a cookie notice and get user consent.

Further Reading: More Analytics and Tracking Guides

Understanding how to keep PII out of Google Analytics is just the beginning! If you want to fine-tune your tracking, improve data accuracy, and stay compliant with privacy laws, then check out these helpful guides:

📊 Google Analytics 4: A Beginner’s Guide – Learn how to set up GA4 on your WordPress site and make the most of its powerful features.

• 📢 WordPress Post Analytics – Find out how to easily access and track your blog stats.
• 🎯 How to Set Up Google Analytics Goals – Measure what really matters on your WordPress website.
• 🔗 How to Install and Setup Google Tag Manager – Simplify tracking by managing all your tags in one place.
• 🔍 How to Track Outbound Links – See which external links your visitors are clicking the most.
• ✋ How to Block WordPress Referrer Spam in Google Analytics – Improve the accuracy of your reports by making sure that spam requests do not pollute your data.
• 💭 In-Depth Comparison of MonsterInsights vs SiteKit – See how these powerful analytics plugins stack up.

That’s all there is to it! We hope this guide has helped you learn how to keep personal info out of Google Analytics. You may also like to see our guide on how to get a custom email alert in Google Analytics or our expert pick of the best WordPress GDPR plugins.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Keep Personally Identifiable Info Out of Google Analytics first appeared on WPBeginner.