Use SSL and https for all sensitive data that users submit.

Allow users to browse your site anonymously, and require users to log in with a password before making a purchase or displaying any personal information. This helps prevent someone who has unauthorized access to a user’s machine from accessing private information stored in your system.

Handle credit card and payment information sensitively. Ask users for permission before storing credit card information for return visits. If your site confirms credit card information, it might be sufficient to show only the last four digits of the credit card. This is enough for users to confirm your site is using the right card, without needlessly passing around the complete information.

Don’t require people to enter more information than they’re comfortable giving. For example, if they’re downloading trial software, do you really need to collect their phone number and other personal information?

Use unsolicited e-mail sparingly. Many people regard any form of unsolicited e-mail as spam, no matter how valuable you think the information is. Receiving unsolicited e-mail will make them wary of your site.

Protect people’s privacy. Formulate a privacy policy, display it on your site, and make sure you adhere to it.