Privacy Policy Analyzer

Paste a URL, and an LLM will evaluate the privacy policy across 18 criteria in 5 categories: data handling, user control, transparency, collection & security, and special considerations like AI training. Each policy gets a score from 0 to 10.

Paste URL
Upload File
Rubric
About
Loading rubric...

What this tool does

This tool uses an AI language model to analyze privacy policies against a structured rubric of 18 criteria covering data handling, user control, transparency, data collection, security, and special considerations like AI training and international transfers.

What this tool does NOT do

  • It only reads the privacy policy. It does not evaluate the company's actual technical infrastructure, security architecture, code, or behavior. A company that encrypts everything end-to-end but doesn't mention it in their policy will score lower than they deserve.
  • It cannot verify claims. If a policy says "we never sell your data," this tool takes that at face value.
  • It does not review related documents. Many companies have terms of service, cookie policies, or supplemental regional notices that contain important privacy information. This tool only analyzes what you give it.
  • Scores are AI-generated and may contain errors. While we use a detailed rubric to improve consistency, different runs may produce slightly different scores. Treat scores as approximate, not precise.

Why good companies can score lower than expected

Some of the most privacy-respecting services have short, simple privacy policies — precisely because they collect almost nothing. But our rubric grades what the policy says, and silence on a topic (even if the reason is "we don't do that") still counts as a gap.

Signal is the clearest example. It's widely regarded as the gold standard for private messaging: end-to-end encrypted, open source, nonprofit, no ads, minimal data collection. But its privacy policy doesn't mention breach notification procedures, uses broad language about law enforcement, doesn't describe data retention periods, and assumes consent by continued use. These are real documentation gaps — but they don't mean Signal is bad for your privacy.

Why bad companies can score higher than expected

A company with sophisticated legal teams can write a policy that checks many boxes while still engaging in extensive data collection. Meta, for instance, has a detailed policy with clear headings, self-service data tools, and explicit disclosures — scoring reasonably well on transparency — while operating one of the largest behavioral advertising platforms in the world. A well-written policy is not the same as good privacy.

The takeaway: A high score means the policy is thorough and privacy-respecting. A mediocre score might mean bad practices, OR it might mean a sparse policy. Use this tool as one input, not the final word.

Open methodology

Our full grading rubric is open — see the source code or the Rubric tab above. We welcome feedback on criteria, scoring levels, and calibration.

Analyzing privacy policy... this may take up to 30 seconds.

Detailed Breakdown
How to read this score: This analysis is generated by an AI and grades only the written privacy policy — not the company's actual behavior, technical architecture, or reputation. A company can score lower than expected if their policy is sparse, even if their practices are excellent. Conversely, a thorough policy can score well even if the company's actual practices are poor. This score reflects the quality of the policy document, not a comprehensive assessment of the company's privacy practices. Learn more

Previously Analyzed Policies

Loading...

Ask about this policy

Does it mention training on my data?
What is the data retention policy?
How are third parties handled?
Can I delete my data?
What data is collected?