Privacy Policy Debugger

the main dashboard of the website

Inspiration

What Inspired Us"It started with a simple moment. I was downloading a new app on my phone — one of those popular games everyone was playing. A privacy policy popped up. 15 pages long. Legal language. I did what everyone does — I scrolled to the bottom and clicked I Agree without reading a single word.Later I found out that app was collecting my microphone data, location, and sharing it with advertising partners. I had no idea. And the worst part? I couldn't do anything about it because I had already agreed.That's when I asked — what if there was a tool that read it for me? Not just flagged keywords, but actually understood what it meant, told me the risks in simple words, and told me exactly what I could do about it. That's why we built Krypton."

What it does

Every time you download an app — Instagram, Spotify, a game, anything — they show you a privacy policy. It's a long legal document that says:

What data they collect about you Who they share it with How long they keep it What your rights are Nobody reads it. It's thousands of words of legal language designed to be confusing.Krypton reads it for you in seconds.

How we built it

Hour 1-2 — Ideation We started by asking one question: what problem do we personally face every day? Privacy policies came up immediately. Everyone in the team had clicked "I Agree" without reading. We researched existing tools, found their gaps, and decided to build something better. Hour 3-6 — Backend First We built the FastAPI backend first. Started with a simple keyword scanner that gave a basic score. Once that worked, we integrated Gemini AI on top — first for simple analysis, then technical analysis, then data table extraction. Hour 7-12 — AI Engineering The hardest part was getting Gemini to return structured JSON consistently. We wrote specific prompts for each of the 6 AI calls — simple explanation, technical analysis, data table, category scores, benchmark comparison, and actionable solutions. Each prompt took multiple attempts to get right. Hour 13-18 — Frontend Built the entire UI in vanilla HTML CSS JS. Designed it like a chat app because that's what people are comfortable with. Added the sidebar with history, 4 tabs for different views, follow-up questions, and the help modal with glossary. Hour 19-22 — Integration & Testing Connected frontend to backend. Tested with real privacy policies — Instagram, Google, WhatsApp. Fixed bugs, tuned prompts, added the SQLite history database.

Challenges we ran into

Challenge 1 — Getting Gemini to return structured JSON Gemini sometimes returns markdown instead of clean JSON. We had to write a parser that strips code fences and handles edge cases. Took 2 hours to get right.

Challenge 2 — Model deprecation mid-build We started with gemini-1.5-flash but hit a 404 error — the model wasn't available on our API key. Had to switch to gemini-2.0-flash-lite on the fly during development.

Challenge 3 — API rate limits Free tier has limited requests per minute. We added Groq as a fallback so if Gemini hits limits, the app keeps working automatically.

Challenge 4 — CORS issues When opening the HTML file directly by double-clicking, the browser blocked API calls to the backend. Had to serve the frontend through a Python HTTP server to fix it.

Challenge 5 — URL extraction Some websites block bots from fetching their pages. We had to add proper browser-like headers to make our URL fetcher work on most privacy policy pages.

Challenge 6 — Matching data types The backend returns data type names like "Location" but the frontend grid expected "Location (GPS)" and "Location (Approximate)". Had to build a fuzzy matching system to connect them.

Accomplishments that we're proud of

What we learned

About AI Prompting is a skill, not a shortcut. We thought you just send text to Gemini and it gives a perfect answer. It doesn't. Getting it to return clean, structured JSON every single time took hours of trial and error — specific instructions, exact format requirements, and a custom parser to clean the output. AI reads between the lines. Keywords don't. A keyword scanner catches "sell your data" but completely misses "We may share aggregated information with select partners" — which means exactly the same thing. Gemini catches that. That's what separates AI analysis from simple pattern matching. One AI call is never enough. We started with one call trying to do everything. The output was messy. Breaking it into 6 focused calls — each with one job, one format — made everything reliable and clean. Rate limits are real. The free tier has limits. We hit them during testing, which is exactly why we added Groq as an automatic fallback. A product that never fully breaks is more valuable than one that's perfect until it isn't. About Security We almost pushed our API key to GitHub. Adding .gitignore and .env saved us. Lesson — never hardcode secrets. This is an industry standard we now understand from experience, not just theory.

What's next for Privacy Policy Translator

Trying to add screenshot feature and many more features

Built With

Submitted to

BugBash

Created by

Contributed as a Full-Stack Developer during the hackathon, working on both frontend and backend aspects of the project.
On the frontend, I focused on building a responsive and user-friendly interface. On the backend, I assisted in developing core functionalities, handling API integration, and ensuring smooth data flow between the client and server.Collaborated closely with the team to deliver a functional and well-integrated solution within the given time frame.

Rahman Shariff
Pratyush-Joshi123 Joshi
Nithish.S
Dhanush Chandra

Updates

Pratyush-Joshi123 Joshi started this project — Apr 26, 2026 02:27 AM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.