Privacy Pilot: Your Privacy Rights at a Glance

• 

  PrivacyPilot in action on DevPost Terms and Conditions

Inspiration

A 2017 Deloitte survey found that 91% of people in the U.S consent to legal terms and services conditions without reading them. A Carnegie Mellon study revealed that reading all the privacy policies an average internet user encounters would take 76 full workdays per year - the equivalent of a third of your working life just to understand how your data is being used.

These documents are often deliberately complex, hiding important information about data collection, privacy rights, and user content ownership. A 2019 study found that the terms of service for the top 500 US websites were as complex as academic journal articles. Most users click "Accept" without understanding the implications for their digital privacy and rights.

We built this extension because we believe privacy shouldn't require a law degree to understand.

What it does

Tired of not knowing what you're signing up for? Privacy Pilot scans any website on the internet in the click of a button. We find and analyze all relevant legal information for you so you can accept any Terms & Conditions or Privacy Policy agreement with confidence. Our Chrome Extension provides a convenient sidebar next to the website you're browsing so you can pull up all relevant information without even leaving the page. Plus, our fully anonymized platform never collects your personal data and only runs when you want it to.

Core Features

Privacy Pilot transforms incomprehensible legal jargon into crystal-clear privacy insights in seconds. This intelligent browser extension acts as your personal privacy guardian, powered by advanced AI to decode complex Terms & Conditions in real-time, without the user having to read or even open the terms pages themselves.

Instant Privacy Analysis

• One-click functionality that scrapes all links found on a website to isolate relevant legal pages, sends data to our AI-powered backend API, and provides the user with a final Privacy Policy score and related information in a convenient sidebar next to the original website
• Leverages AI to instantly compare privacy policies against General Data Protection Regulation (GDPR) and CCPA (California) standards, ensuring your rights meet the world's most comprehensive privacy laws
• Analyzes 10 critical privacy parameters based on GDPR (EU) and CCPA (California) covering data collection, sharing practices, account control, security measures, and user rights
• Detects red flags about data collection, sharing, and user rights instantly
• Provides users with relevant quotes from the Terms and Policy pages that influenced the final scores

Interactive Risk Dashboard

• Implements an intuitive visual scoring system that evaluates and rates each privacy parameter on a scale of 1-5, giving users a quantitative assessment of privacy practices
• Features a smart color-coding interface that immediately alerts users to concerning practices, with red indicating high risk and green showing safer policies
• Intuitive color-coding highlights concerning practices
• Presents a comprehensive dashboard that consolidates all privacy metrics into a single, easy-to-scan view, allowing users to assess their privacy exposure instantly
• Streamlines decision-making by presenting complex privacy information in an accessible format that users can understand and act on within seconds

Evidence-Based Insights

• Automatically identifies and extracts relevant quotes from privacy policies and terms of service that directly support each risk assessment finding
• Integrates seamless navigation by providing direct links to specific sections in the original documents where concerning practices are mentioned
• Delivers detailed documentation for each privacy concern identified, ensuring users understand exactly why certain practices were flagged as risky
• Enables immediate verification of all findings by providing direct quotes and links to source material

PRIVACY IS OUR PRIORITY

• Fully decentralized not requiring users to login or provide any personal information
• Simply add extension from chrome store
• Only runs on a website when the user has given permission

How we built it

Our technical implementation combines modern web technologies with advanced AI capabilities to create a robust and scalable system. At the core of our backend, we leverage FastAPI, a modern Python web framework chosen for its high performance and native async support. This allows us to handle multiple document analyses concurrently, significantly reducing processing time when examining multiple Terms & Conditions documents.

For data persistence and caching, we implemented a MongoDB database that stores previously analyzed documents, preventing redundant processing and enabling quick retrieval of existing analyses. The database integration uses PyMongo with server-side API validation, ensuring data integrity and optimal performance.

The heart of our analysis pipeline consists of two major AI models working in tandem. We primarily utilize Google's Gemini 1.5 Flash model for its speed and efficiency, with Anthropic's Claude 3.5 Sonnet serving as a sophisticated backup. This dual-model approach ensures reliable analysis even when one service experiences issues.

Text processing is handled by our custom HTMLTextExtractor class, built on BeautifulSoup4, which efficiently parses and cleans document content. The extractor is designed to be robust against various HTML structures and formatting styles.

The entire system is wrapped in a RESTful API that supports concurrent processing through Python's async/await patterns. We've implemented comprehensive CORS support for cross-origin requests, URL encoding/decoding for handling complex URLs, and intelligent response combining for multi-document analyses. All of these components work together to provide real-time, accurate analysis of privacy policies and terms of service documents.

Our frontend is built using React. We used Vite as our build tool so our project build would be lightweight and easy to upload as a Chrome extension. When the scan button is clicked, we run a content script that scans the entire website for any <a> link tags. We then match relevant words such as "Privacy," "Agreement," and "Terms" to determine which links contain relevant legal information. These URLs are sent using fetch to our API backend which either returns cached data (if the website URLs have been previously visited and analyzed) or uses AI to analyze the website content before returning. This information is sent to our frontend where we calculate a final Privacy Policy score by averaging subsection scores, as well as display progress bars and other relevant info for the user to view.

Challenges we ran into

One of our most significant hurdles was implementing Infrastructure as Code (IaC) using Terraform for AWS deployment. Setting up declarative infrastructure for our EC2 instances required careful consideration of security groups, networking rules, and auto-scaling policies. We had to learn the intricacies of Terraform's HCL (HashiCorp Configuration Language) to properly define our infrastructure, ensuring both reliability and scalability.

Working with AWS CLI presented another layer of complexity, particularly in automating deployment processes and managing resources programmatically. We needed to establish secure credential management while setting up CI/CD pipelines, requiring deep dives into AWS IAM roles and permissions. The learning curve for AWS CLI command structures and JSON policy documents was steep, but mastering these tools ultimately enabled us to create a more robust and maintainable deployment process.

Another challenge we faced was implementing our one-click functionality. Our original idea was to have the user open up the Terms & Conditions and Privacy Policy pages in a separate tab so we would be able to retrieve the content more easily. However, we wanted to prioritize the user experience and remove the need to hunt for the correct URLs manually on every website. This meant spending many hours implementing automated functionality to grab relevant links and filter out irrelevant ones - the average website we checked had 20+ links on every page, most of which were not related to legal terms at all. Furthermore, any relevant URLs are "opened" and analyzed on the backend which means the user doesn't even have to leave the page and interrupt their workflow to see relevant info.

Accomplishments that we're proud of

Our most significant technical achievement has been the implementation of an efficient caching system using MongoDB, which has dramatically improved our service performance.

• Reduced latency by 99% for previously analyzed documents
• Optimized API costs by eliminating redundant AI model calls
• Improved scalability through distributed caching architecture

We are also proud of our one-click approach to calculating a Privacy Pilot score for any website. We can scan any website to extract all outgoing links, which we filter using pattern matching to isolate the most relevant legal pages. These are sent to our custom API backend which consolidates info from these pages to calculate category sub-scores, extract relevant quotes from the pages, and determine a final Privacy Pilot score that is representative of the trustworthiness of the website's overall policies.

What we learned

This project has been an incredible learning journey across multiple domains of modern web development and AI integration. We gained deep insights into asynchronous programming with FastAPI, learning to effectively manage concurrent requests and handle complex async workflows. The process of integrating multiple AI models taught us valuable lessons about prompt engineering, error handling, and creating fallback systems for improved reliability.

Working with MongoDB in a web service context enhanced our understanding of document-based databases and efficient caching strategies. Most importantly, we learned how to balance technical sophistication with user accessibility, creating a tool that makes complex privacy analysis approachable for everyday users.

We also learned how to build a Chrome Extension as none of us have ever done that before. There were lots of technical details to learn such as running background and content scripts, implementing sidebars, connecting to our API from the extension itself, using Vite to make a lightweight, static bundle we could upload to Chrome, etc.

What's next for Privacy Pilot

The next steps for privacy pilot are:

• Annotating the relevant quotes in the terms and conditions document, and being able to jump to them
• Make the browser available across all major web browsers - not just Chrome, but also Safari, Firefox and Edge
• Add functionality to decline optional cookies on websites

In the long term, we see Privacy Pilot becoming a comprehensive privacy advocacy platform. Key features will include real-time monitoring of privacy policy changes with instant alerts, automated assistance for data access and deletion requests, and a community-driven annotation system where users can share insights about privacy policies. These enhancements will help us achieve our mission of making digital privacy more transparent and manageable for everyone.

Privacy Pilot empowers you to understand and protect your privacy with the same sophistication as legal experts—all through a simple browser extension. Make informed decisions about your digital footprint in seconds, not hours. Because understanding your privacy rights shouldn't require a law degree.

Built With

• amazon-web-services
• anthropic
• beautifulsoup4
• css
• ec2
• fastapi
• gemini
• google-generativeai
• html
• mongodb
• pymongo
• react
• tailwind
• terraform
• typescript
• uvicorn
• vite