We believe that you have the right to know exactly how companies store, process, and share your personal data.
Donate to Politiwatch
Most people don’t have the patience to read privacy policies. But privacy is important, and we shouldn’t just trust that products are treating our data right. PrivacySpy uses a consistent rubric to grade privacy policies on a ten-point scale.
Most privacy policies are convoluted—sometimes even intentionally so. They can be difficult to read, and even more difficult to comprehend. Rarely do they provide actionable insight into protecting one's data.
Making matters worse, companies are often only held accountable for their privacy practices when a data breach occurs or when they experience fallout from mishandling user data (think Facebook's Cambridge Analytica scandal, for example).
If companies were held accountable for their privacy policies—not just for creating policies, but also for creating good ones—our data would be safer. And if our data is safer, so is democracy. Because privacy matters.
PrivacySpy makes privacy policies more convenient and accessible for those who simply don't have the time—or patience—to read full privacy policies themselves. Privacy policies should be more than just a box to check; they are fundamental to ensuring data transparency and allowing users to make informed choices. PrivacySpy is trying to make this our reality in three ways:
Ratings — We rate our policies using a consistent and vetted rubric. You can understand the key features and drawbacks of any rated policy at a glance.
Highlights — We use natural language processing to bring your attention to key elements of privacy policies. After all, reading something is better than reading nothing. (Please note that this is an experimental feature accessible at the bottom of each policy page.)
PrivacySpy uses a number of terms to describe how companies handle personal information. To ensure consistency, we've defined the key ones below. Note that our rubric, ratings, and defintions not intended to be read as legal documents.
Personal data — (from the GDPR) "any information relating to an identified or identifiable natural person ('data subject')" (examples include IP addresses, individual usage statistics, etc.)
Non-critical purposes — any use of personal data beyond what is reasonably necessary to provide the user a desired core service (a critical use of personal data would be using email addresses to send password reset emails; a non-critical use of personal data would be using email addresses and browsing habits to serve behavioral marketing)
A product's overall rating is calculated according to its subratings in all of the rubric questions (see below). Higher ratings are better. Here are the steps our scoring algorithm takes to calculate the overall score:
- Find the total number of points the policy receives across all rubric questions (subscore sum);
- Find the total number of possible points to receive (maximum score sum);
- Divide the points received by the points possible;
- Multiply by 10 (to fit the score to the final ten-point scale).
For example, if there are three total questions with max scores of 5, 10, and 10, the total number of possible points is 25. If a policy receives scores of 4, 7, and 6 on each of those questions (respectively), it will have received 17 points. The overall score would be (4 + 7 + 6) / (5 + 10 + 10) = (17 / 25) = 0.68, which, when fitted to our final ten-point scale, is displayed as 6.8.
A key element of PrivacySpy is its ratings, which are calculated based on a consistent rubric. All of our scores are fully transparent and backed by citations and/or notes.
Note that while we do our best to ensure accuracy and consistency in our grading, there are bound to be some errors. If you find an error, please correct it using our 'suggestions' functionality (or offer to be a maintainer yourself). Thanks for helping us make PrivacySpy even better.
If you have an idea for how we could improve our rubric, please feel free to create a suggestion.