How we score privacy policies

Nudam analyzes every privacy policy against 6 weighted criteria. No black box — here's exactly how your score is calculated.

The 6 criteria

Final score = (C1 × 0.20) + (C2 × 0.25) + (C3 × 0.20) + (C4 × 0.15) + (C5 × 0.10) + (C6 × 0.10)

1Data Collection

20%

How much data does the service collect, and is each piece justified?

Score 10

Only strictly necessary data collected, explicit purpose for each item.

Score 0

Harvesting all possible data with no justification or vague purposes.

2Third-Party Sharing

25%

Does the service share or sell your data to third parties? This is the most heavily weighted criterion.

Score 10

No sharing, or only essential processors with data processing agreements.

Score 0

Sells data to data brokers without consent and no opt-out available.

3User Rights

20%

Can you access, correct, delete, and port your data easily?

Score 10

Full GDPR rights with an easy process and response within 30 days.

Score 0

No meaningful user rights or rights that are impossible to exercise.

4Data Retention

15%

How long is your data kept, and is automatic deletion in place?

Score 10

Specific retention periods per data type with automatic deletion.

Score 0

No retention policy — data kept indefinitely with no deletion mechanism.

5Security

10%

What security measures protect your data?

Score 10

Encryption at rest and in transit, breach notification within 72 hours, regular audits.

Score 0

No security measures described or only vague, generic claims.

6Clarity & Transparency

10%

Is the policy readable, honest, and easy to find?

Score 10

Plain language, no dark patterns, easy to find, versioned with change history.

Score 0

Deliberately confusing, buried in Terms of Service, impossible to understand.

Grade scale

Grade	Score	Meaning
A	8.5 – 10.0	Exemplary — genuine privacy-by-design
B	7.0 – 8.4	Good — solid practices, minor gaps
C	5.0 – 6.9	Average — standard industry practices, room to improve
D	3.0 – 4.9	Poor — concerning practices, user rights weak
E	1.5 – 2.9	Very poor — data exploitation, minimal user protection
F	0.0 – 1.4	Dangerous — flagrant violations or no policy

Regulations covered

GDPREurope

The General Data Protection Regulation is the world's strongest privacy law. Nudam evaluates compliance with Articles 5, 6, 7, 12, 13, 17, 20, and 25 — covering lawful processing, consent, transparency, right to erasure, data portability, and privacy by design.

CCPACalifornia

The California Consumer Privacy Act gives residents the right to know what data is collected, request deletion, and opt out of data sales. Nudam checks whether these rights are clearly communicated and practically accessible.

LGPDBrazil

The Lei Geral de Proteção de Dados mirrors GDPR principles for Brazilian users. Nudam evaluates consent mechanisms, data subject rights, and whether a Data Protection Officer is identified.

Why Claude AI

We use Claude by Anthropic — the AI model with the strongest legal reasoning capabilities.

Claude reads the full policy text, not just keywords. It understands context, exceptions, and legal nuance. Each policy is analyzed against every criterion with specific clause references — not pattern matching or keyword density.

Limitations & transparency

Nudam scores are informational, not legal advice.
Scores reflect the written policy — not how companies actually behave.
Policies change — we re-analyze automatically when a policy is updated.
If you think a score is wrong, contact us at hello@nudam.app.

See it in action

Check a site's score now

Browse privacy scores