← LeaderboardAll articles
3 min read

How to Read a Privacy Policy in 5 Minutes (Without a Law Degree)

The average privacy policy is 4,000 words long and written in legal jargon designed to protect the company, not inform the user. A 2024 study found that reading every privacy policy you encounter in a year would take roughly 76 work days. Nobody does it — and companies know that.

But you don't need to read every word. You just need to check five things.

1. Search for "sell" and "share" (30 seconds)

Open the policy and press Ctrl+F. Search for "sell," "share," "third party," and "partner." This immediately tells you whether your data leaves the company and under what conditions.

Red flags: "We may sell your personal information" is the worst case. "We share data with our family of companies" means corporate data pooling across brands. "Trusted partners" with no named list means they don't want you to know who gets your data.

Green flags: "We do not sell your personal data" stated explicitly. Named partner lists with links to their own privacy policies.

2. Check data collection scope (60 seconds)

Search for "collect" and "information we." Look for what the company gathers beyond what's obviously necessary for the service. A messaging app that collects your precise GPS location, full contact list, and browsing history is collecting far more than it needs.

Ask yourself one question: "Does this app need this data to function?" A calculator app requesting access to your contacts is a clear warning sign. A weather app collecting your financial information makes no sense.

3. Find the retention section (60 seconds)

Search for "retain," "delete," "how long," and "store." Good policies state specific timeframes: "We delete inactive account data after 2 years" or "Server logs are retained for 90 days." Bad policies say "as long as necessary to provide the service" — which in practice means forever, because the company defines what's "necessary."

If you can't find a retention section at all, that's one of the worst signs. It usually means the company keeps everything indefinitely.

4. Look for your rights (60 seconds)

Search for "your rights," "request," "delete," and "opt out." A privacy-respecting company makes exercising your rights easy: a clear email address or web form for data deletion requests, an obvious opt-out mechanism for data sharing and marketing, and a data export option so you can download everything they have on you.

If exercising deletion requires mailing a notarized physical letter to a PO box in another country, that's designed to discourage you — not to comply with the spirit of privacy regulations.

5. Check the last updated date (30 seconds)

A policy last updated in 2019 hasn't been reviewed since the early days of GDPR enforcement. It almost certainly doesn't address current regulations, doesn't reflect how the product has evolved, and may reference features or practices that no longer exist.

Current, well-maintained policies should reference specific regulations by name (GDPR, CCPA, LGPD), be updated at least annually, and include a version history or changelog.

Red flags cheat sheet

"We may share with affiliates" means your data goes to unknown related companies. "As long as necessary" means data is kept indefinitely. "To improve our services" often means used for AI training or behavioral profiling. "Non-personal information" often means the company redefines "personal" as narrowly as possible to exclude things like device fingerprints and IP addresses. No last-updated date means the policy may be completely outdated. "By using our service, you agree" means there's no real, granular consent mechanism.

Or just let Nudam do it

Reading privacy policies is genuinely important, and these five checks will catch the major issues in most policies. But let's be realistic — you're not going to do this for every app and website you use.

That's exactly why we built Nudam. Install the free Chrome extension and get a privacy score for any website in 10 seconds. The AI reads the full policy, checks all six scoring criteria, and gives you a grade from A to F with specific findings. Try it at nudam.app.

Want to understand how Nudam calculates scores? Read our full methodology at nudam.app/methodology.