SkillAgentSearch skills...

Privacyhub

PrivacyHub is an open‑source project focused on increasing privacy transparency across the web for DPDP India. It empowers users to understand how websites collect, process, and protect their personal data by providing AI‑powered privacy policy analysis. Now Part of https://wbfoss.org

GenerateConvertImprove

Install / Use

/learn @privacypriority/Privacyhub
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

🔒 PrivacyHub.in - Privacy Policy Analyser

<div align="center">

Next.js TypeScript Tailwind CSS License PRs Welcome

India's first AI-powered privacy policy analyzer helping users understand how websites handle their personal data with comprehensive DPDP Act 2023 and DPDP Rules 2025 compliance analysis.

🌐 Live Demo · 📖 Methodology · 🐛 Report Bug · ✨ Request Feature

</div>

📋 Table of Contents

🎯 About

PrivacyHub is a production-ready, AI-powered privacy policy analyzer that empowers users to make informed decisions about their personal data. Using advanced AI models and comprehensive regulatory frameworks, we provide detailed privacy assessments with actionable recommendations.

Why PrivacyHub?

  • 🇮🇳 India-Focused: First privacy analyzer built specifically for India's DPDP Act 2023 and Rules 2025
  • 📊 Dual Scoring System:
    • Overall Privacy Score - User-centric evaluation of data protection practices
    • DPDP Compliance Score - Regulatory compliance assessment for business owners
  • 🔍 Evidence-Based Analysis: Scientific methodology based on DPDP Act 2023, Rules 2025, and international best practices
  • 🤖 AI-Powered: DeepSeek Chat model via OpenRouter for sophisticated policy analysis
  • 📈 Comprehensive Assessment: 6-category weighted evaluation with 120+ privacy and compliance criteria
  • 🎯 Complete DPDP Coverage: Analysis against all 23 Rules and 7 Schedules of DPDP Rules 2025
  • 🎨 Modern UX: Intuitive dashboard with visual analytics and category breakdowns
  • 🚀 Production-Ready: Enterprise-grade error handling, fallback systems, and security measures

✨ Features

Core Analysis Features

  • 🔐 Advanced Privacy Analysis with Dual Scoring

    • AI-powered comprehensive privacy policy evaluation
    • Dual Scoring System:
      • Overall Privacy Score (1-10): User-focused assessment of data protection and privacy practices
      • DPDP Compliance Score (1-10): Regulatory compliance evaluation against DPDP Act 2023 and Rules 2025
    • India DPDP Act 2023 and Rules 2025 compliance assessment
    • 6 weighted categories: Data Minimization & Collection (30%), Third-Party Data Sharing (25%), Individual Rights & Controls (20%), Security & Risk Management (15%), Regulatory Compliance (7%), Transparency & Communication (3%)
    • Evaluation against all 23 Rules and 7 Schedules including:
      • Rule 6: Security safeguards
      • Rule 7: 72-hour breach notification
      • Rule 8: Data retention periods (Class A/B/C Data Fiduciaries)
      • Rule 12: Children's data processing exemptions
      • Rule 13: Significant Data Fiduciary obligations (DPIA, DPO, audits)
      • Rule 14: Data Principal rights implementation
      • Rule 15: Cross-border transfer requirements
    • 5-tier risk classification (HIGH RISK, MODERATE-HIGH RISK, MODERATE RISK, LOW RISK, EXEMPLARY)
    • Letter grades (A+ to F) for quick assessment
    • Evidence-based findings with specific DPDP Act sections and Rules references

  • 📊 Interactive Results Dashboard

    • Dual score display:
      • Overall Privacy Score (1-10) with circular progress visualization
      • DPDP Compliance Score (1-10) with regulatory compliance summary
    • Real-time category breakdown with color-coded mini charts
    • Privacy grade and risk level badges
    • Executive summary for stakeholders
    • Compliance summary specifically for business owners and legal teams
    • Critical findings highlighting high-risk practices
    • Regulatory gaps with specific DPDP Act and Rules violations
    • Positive practices recognition
    • Actionable recommendations (immediate, medium-term, best practices)
    • Detailed regulatory compliance notes with Act sections and Rules references

  • 🎨 Enhanced User Experience

    • Web3-style gradient buttons (blue-purple-pink for Analyze, emerald-teal-cyan for Reset)
    • One-click Reset button to start new analysis
    • Home button for easy navigation back from results
    • Mobile-responsive design with optimized layouts
    • Collapsible methodology section for transparency
    • PWA-ready with custom icons and theme colors

Technical Features

  • ⚡ 3-Tier Scraping System

    • Primary: Firecrawl API (markdown extraction)
    • Fallback 1: Crawlee PlaywrightCrawler (JavaScript rendering)
    • Fallback 2: Simple fetch (basic HTML parsing)
    • Automatic retry with graceful degradation

  • 🔒 Production-Grade Reliability

    • 60-second API timeout for complex analyses
    • Comprehensive error handling with specific timeout/network messages
    • Global error boundaries (error.tsx, not-found.tsx, loading.tsx)
    • Input validation and URL sanitization
    • Security headers middleware (HSTS, CSP, X-Frame-Options)

  • 📱 SEO & Discoverability

    • Dynamic sitemap.xml generation
    • Robots.txt for search engine indexing
    • Open Graph and Twitter Card metadata
    • Optimized meta descriptions and keywords

Additional Features

  • Comprehensive methodology page with detailed framework explanation
  • Privacy education resources
  • Category-specific icons and visual indicators
  • Color-coded score bars for quick assessment
  • Regulatory framework references (90+ compliance criteria)
  • Real-time analysis progress indicators

📐 Analysis Methodology

PrivacyHub uses a scientifically-grounded, evidence-based framework for privacy assessment focused on India's DPDP Act 2023 and DPDP Rules 2025:

Dual Scoring System

We provide two distinct scores to serve different audiences:

1. Overall Privacy Score (User Perspective)

  • Range: 1-10
  • Focus: How well the policy protects user privacy and data rights
  • Audience: General users wanting to understand privacy risks
  • Factors: User data protection, transparency, control, privacy-friendly practices

2. DPDP Compliance Score (Business/Regulatory Perspective)

  • Range: 1-10
  • Focus: Compliance with DPDP Act 2023 and Rules 2025 statutory requirements
  • Audience: Business owners, compliance officers, legal teams
  • Evaluation Criteria:
    • Notice requirements (Sec. 5, Rule 3)
    • Consent mechanisms (Sec. 6, Rule 3)
    • Data Principal rights (Sec. 11-13, Rule 14)
    • Security safeguards (Sec. 8, Rule 6)
    • 72-hour breach notification (Rule 7)
    • Retention periods (Rule 8, Third Schedule)
    • Children's data processing (Sec. 9, Rule 12, Fourth Schedule)
    • Consent Manager obligations (Rule 4, First Schedule)
    • Significant Data Fiduciary requirements (Rule 13)
    • Cross-border transfers (Sec. 16, Rule 15)
    • Grievance redressal (Sec. 32)
    • DPO appointment where required (Rule 13)

Why Two Scores?

A privacy policy could score high on regulatory compliance (meets all legal requirements) but still have user-unfriendly practices like extensive data sharing. Conversely, a policy might be very user-friendly but missing some regulatory formalities. The dual scoring helps both users and businesses understand the complete picture.

Assessment Categories (Weighted)

  1. Data Minimization & Collection (30%)

    • Collection scope, legal basis, purpose specification
    • Sensitive personal data protections (DPDP Act Sec. 9)
    • Children's data compliance (DPDP Act Sec. 9, Rule 12, Fourth Schedule)
    • Data fiduciary obligations and transparency
    • Retention period compliance (Rule 8, Third Schedule - Class A/B/C Data Fiduciaries)
    • Automatic deletion mechanisms post-purpose completion

  2. Third-Party Data Sharing (25%)

    • Sharing scope and commercial exploitation
    • International transfers to approved countries (DPDP Act Sec. 16, Rule 15)
    • Data processor agreements (DPDP Act Sec. 8)
    • Consent Manager compliance (Rule 4, First Schedule)
    • State data processing exemptions (Rule 5, Second Schedule)

  3. Individual Rights & Controls (20%)

    • Data Principal rights implementation (DPDP Act Sec. 11-13, Rule 14)
    • Rights: access, correction, erasure, grievance redressal, nomination
    • Data portability and objection mechanisms
    • Grievance redressal mechanisms (DPDP Act Sec. 32)
    • Consent withdrawal procedures (DPDP Act Sec. 7, Rule 14)

  4. Security & Risk Management (15%)

    • Security safeguards commensurate with data sensitivity (Rule 6)
    • Encryption standards (end-to-end, in-transit, at-rest)
    • 72-hour breach notification to Data Protection Board (Rule 7)
    • Breach disclosure to affected Data Principals (Rule 7)
    • Data Protection Impact Assessments for Significant Data Fiduciaries (Rule 13)
    • Data localization compliance for India

  5. Regulatory Compliance (7%)

    • DPDP Act 2023 and Rules 2025 compliance indicators
    • Data Protection Board registration (Rules 16-22)
    • Significant Data Fiduciary obligations: DPO, DPIA, audits, logging (Rule 13)
    • Consent Manager registration and technical standards (Rule 4, First Schedule)
    • Legal basis documentation and consent records management (Rule 3)

  6. Transparency & Communication (3%)

    • Plain language usage and readability
    • Notice content completeness (Rule 3 requirements)
    • Grievance

privacypriority

View profile

View on GitHub
GitHub Stars14
CategoryDevelopment
Updated26d ago
Forks6
privacypriority/privacyhub

Languages

TypeScript

Security Score

95/100

Audited on Mar 11, 2026

No findings