About

We believe that you have the right to know exactly how companies store, process, and share your personal data.

Submit Suggestion
Source Code
Donate to Politiwatch

Most people don’t have the patience to read privacy policies. But privacy is important, and we shouldn’t just trust that products are treating our data right. PrivacySpy uses a consistent rubric to grade privacy policies on a ten-point scale.

Most privacy policies are convoluted—sometimes even intentionally so. They can be difficult to read, and even more difficult to comprehend. Rarely do they provide actionable insight into protecting one's data.

Making matters worse, companies are often only held accountable for their privacy practices when a data breach occurs or when they experience fallout from mishandling user data (think Facebook's Cambridge Analytica scandal, for example).

If companies were held accountable for their privacy policies—not just for creating policies, but also for creating good ones—our data would be safer. And if our data is safer, so is democracy. Because privacy matters.

Features

PrivacySpy makes privacy policies more convenient and accessible for those who simply don't have the time—or patience—to read full privacy policies themselves. Privacy policies should be more than just a box to check; they are fundamental to ensuring data transparency and allowing users to make informed choices. PrivacySpy is trying to make this our reality in three ways:

Ratings — We rate our policies using a consistent and vetted rubric. You can understand the key features and drawbacks of any rated policy at a glance.

Highlights — We use natural language processing to bring your attention to key elements of privacy policies. After all, reading something is better than reading nothing. (Please note that this is an experimental feature accessible at the bottom of each policy page.)

Warnings — When a product or company in our database is found mishandling user data, we note it on our website. That way, you can contextualize a service's privacy policy with its record.

Definitions

PrivacySpy uses a number of terms to describe how companies handle personal information. To ensure consistency, we've defined the key ones below. Note that our rubric, ratings, and defintions not intended to be read as legal documents.

Personal data — (from the GDPR) "any information relating to an identified or identifiable natural person ('data subject')" (examples include IP addresses, individual usage statistics, etc.)

Non-critical purposes — any use of personal data beyond what is reasonably necessary to provide the user a desired core service (a critical use of personal data would be using email addresses to send password reset emails; a non-critical use of personal data would be using email addresses and browsing habits to serve behavioral marketing)

Calculating Ratings

A product's overall rating is calculated according to its subratings in all of the rubric questions (see below). Higher ratings are better. Here are the steps our scoring algorithm takes to calculate the overall score:

  1. Find the total number of points the policy receives across all rubric questions (subscore sum);
  2. Find the total number of possible points to receive (maximum score sum);
  3. Divide the points received by the points possible;
  4. Multiply by 10 (to fit the score to the final ten-point scale).

For example, if there are three total questions with max scores of 5, 10, and 10, the total number of possible points is 25. If a policy receives scores of 4, 7, and 6 on each of those questions (respectively), it will have received 17 points. The overall score would be (4 + 7 + 6) / (5 + 10 + 10) = (17 / 25) = 0.68, which, when fitted to our final ten-point scale, is displayed as 6.8.

Rubric

A key element of PrivacySpy is its ratings, which are calculated based on a consistent rubric. All of our scores are fully transparent and backed by citations and/or notes.

We acknowledge that no rubric, no matter how good, can perfectly encapsulate the 'quality' of a privacy policy. That's why we don't ask you to trust us. We've included our full grading system below so you can evaluate it for yourself.

Note that while we do our best to ensure accuracy and consistency in our grading, there are bound to be some errors. If you find an error, please correct it using our 'suggestions' functionality (or offer to be a maintainer yourself). Thanks for helping us make PrivacySpy even better.

If you have an idea for how we could improve our rubric, please feel free to create a suggestion.

Collection

Does the service collect personal data from third parties?

10

This includes the use of data brokers and independent verification authorities (such as background check providers).

Possible Options

Yes0/10
Only for critical data

For example, a blog providing user avatars or a bank conducting identity verification

7/10
No10/10

Is it clear why the service collects the personal data that it does?

10

This question deals with transparency. Even if the service uses data for reasons that aren't ideal for privacy, provided they list all of those uses, the service can still receive full credit for this question. However, if they are not explicit about their uses (by employing language like "such as"), a lower score is assigned.

Possible Options

No0/10
Somewhat4/10
Mostly7/10
Yes10/10
No personal data is collected10/10

Does the policy list the personal data it collects?

10

Possible Options

No

The policy does not claim to not collect personal data, but it also doesn't provide any meaningful insight into the types of personal data it collects.

0/10
Only summarily

The policy uses overly vague language to provide a summary of the types of collected personal data.

3/10
Yes, generally

All general categories of collected personal data are listed, though not all types of personal data are explicitly mentioned (for example, the list might use a phrase like 'such as' when listing types of personal data).

7/10
Yes, exhaustively

All types of collected personal data are listed specifically

10/10
N/A (no personal information is collected)10/10

Does the service allow the user to control whether personal data is used or collected for non-critical purposes?

5

Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.

Possible Options

No0/5
On an opt-out basis, but only for some non-critical data/uses1.5/5
On an opt-out basis, for all non-critical data/uses3/5
N/A (no data used for non-critical purposes)5/5
On an opt-in basis

Non-critical use of personal data is not enabled by default.

5/5

Handling

Does the policy allow personally-targeted or behavioral marketing?

10

Possible Options

Yes0/10
Yes, but you can opt-out3.5/10
Yes, but you must opt-in7/10
No10/10

Does the service allow third-party access to private personal data?

10

This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).

Note that whether the policy allows sharing aggregated user data does not affect this question.

If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).

If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).

Possible Options

Yes, not all parties specified

The policy allows sharing personal data with third-parties (not just critical service providers), and does not explicitly list the third-parties.

0/10
Yes, all parties specified (including non-critical service providers such as advertisers)3/10
Yes, not all parties specified (but only to critical service providers)7/10
Yes, all parties specified (only to critical service providers)8/10
No10/10

Does the service allow you to permanently delete your personal data?

5

Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.

Possible Options

No0/5
Yes, by contacting someone3/5
Yes, using an automated mechanism5/5
N/A (no personal information collected)5/5

When does the policy allow law enforcement access to personal data?

5

Possible Options

Always

This includes cases in which law enforcement either runs the service or has a known backdoor into (or relationship with) the service.

0/5
Not specified0/5
When reasonably requested3/5
Only when required by a court order or subpoena4/5
N/A (no personal data to share)

The service would have no personal data to share with law enforcement.

5/5
Never (special legal jurisdiction)

The service operates in a jurisdiction in which sharing data with law enforcement is never required.

5/5

Transparency

Does the policy require users to be notified in case of a data breach?

7

Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.

Possible Options

No0/7
Yes, eventually

Users will be notified in case of a data breach, but within an unspecified amount of time.

5/7
Yes, within 72 hours7/7
N/A (the service collects so little personal data that notification would not be possible)7/7

Is the policy's history made available?

5

Possible Options

No0/5
Only the date it was last modified3/5
Yes, with revisions or a change-log5/5

Will the affected users be notified when the policy is meaningfully changed?

5

Possible Options

No0/5
Yes5/5
N/A (no personal data—or contact information—collected)5/5

Does the policy outline the service's general security practices?

3

Possible Options

No0/3
Somewhat

The policy provides only a very vague overview of its security practices.

1/3
Yes2/3
Yes, including audits

"Reviews," "monitoring," etc. also count as audits.

2.5/3
N/A (no personal data collected)3/3
Yes, including independent audits

Independent "reviews," "monitoring," etc. also count as independent audits.

3/3