Our Privacy Scoring Methodology
Last updated: 21 January 2026
Grade Scale
Factor Weights
Transparency is important to us. Here’s how we evaluate tools and calculate privacy scores in Privacy Registry.
How Privacy Scores Work
Each tool in our directory receives a privacy score from A (excellent) to F (poor). This overall grade is calculated from five key factors, each weighted according to its importance for user privacy.
The Five Scoring Factors
1. Data Residency (30% weight)
Where is your data stored?
This is our most heavily weighted factor because data location determines which laws protect your information.
| Classification | Score | Description |
|---|---|---|
| EU Only | 100 | Data stored exclusively in EU/EEA countries |
| EU + Others | 60 | Data stored in EU plus other jurisdictions |
| Non-EU | 20 | Data primarily stored outside the EU |
Why it matters: EU data protection laws (GDPR) provide strong privacy rights. When your data is stored in the EU, you benefit from these protections.
2. Open Source Score (20% weight)
Is the code open source and auditable?
We assess whether the software’s source code is publicly available and can be independently verified.
| Score Range | Meaning |
|---|---|
| 90-100 | Fully open source, regularly audited, active community |
| 70-89 | Mostly open source, some proprietary components |
| 50-69 | Partially open source (e.g., clients only) |
| 25-49 | Minimal open source, mostly proprietary |
| 0-24 | Fully proprietary, no code transparency |
Why it matters: Open source code can be audited by security researchers, making it harder to hide privacy-invasive practices.
3. Privacy Policy Score (20% weight)
How clear and user-friendly is the privacy policy?
We evaluate privacy policies based on clarity, completeness, and how well they respect user rights.
| Score Range | Meaning |
|---|---|
| 90-100 | Exemplary: Clear, comprehensive, user-friendly, minimal data collection |
| 70-89 | Good: Clear policies, reasonable data practices |
| 50-69 | Average: Standard policies, some concerns |
| 25-49 | Below average: Vague policies, concerning practices |
| 0-24 | Poor: Unclear, extensive data collection, or missing policy |
What we look for:
- Clear explanation of what data is collected
- Transparent data retention periods
- Easy-to-understand language
- Clear user rights and how to exercise them
- Minimal data collection philosophy
4. Trackers Score (15% weight)
What third-party trackers are used?
We analyze the service’s websites and applications for third-party tracking scripts and analytics.
| Score Range | Meaning |
|---|---|
| 90-100 | No third-party trackers, self-hosted analytics only |
| 70-89 | Privacy-friendly analytics only (e.g., Plausible, Fathom) |
| 50-69 | Limited tracking, essential analytics only |
| 25-49 | Multiple trackers, some advertising-related |
| 0-24 | Extensive tracking, advertising networks, social trackers |
Why it matters: Third-party trackers can follow you across the web and build profiles of your behavior, often without your knowledge.
5. Terms of Service Score (15% weight)
How fair are the terms of service?
We assess whether the terms are balanced and respect user rights.
| Score Range | Meaning |
|---|---|
| 90-100 | User-friendly terms, strong rights retention |
| 70-89 | Fair terms with minor concerns |
| 50-69 | Standard terms, typical limitations |
| 25-49 | Concerning clauses, broad rights grants |
| 0-24 | User-hostile terms, extensive liability waivers |
What we look for:
- Data ownership and portability
- Account termination policies
- Dispute resolution fairness
- Liability limitations
- Arbitration clauses
How We Calculate the Overall Grade
The overall grade is calculated using a weighted average:
Overall Score = (Data Residency × 0.30) +
(Open Source × 0.20) +
(Privacy Policy × 0.20) +
(Trackers × 0.15) +
(Terms of Service × 0.15)
The resulting score (0-100) maps to a letter grade:
| Grade | Score Range | Meaning |
|---|---|---|
| A | 90-100 | Excellent privacy practices |
| B | 80-89 | Good privacy practices |
| C | 70-79 | Average privacy practices |
| D | 60-69 | Below average privacy practices |
| F | Below 60 | Poor privacy practices |
Example Calculation
For a hypothetical tool:
| Factor | Raw Score | Weight | Weighted |
|---|---|---|---|
| Data Residency (EU Only) | 100 | 30% | 30.0 |
| Open Source | 85 | 20% | 17.0 |
| Privacy Policy | 90 | 20% | 18.0 |
| Trackers | 95 | 15% | 14.25 |
| Terms of Service | 80 | 15% | 12.0 |
| Total | 91.25 |
Result: Grade A (score 91.25 rounds to 91)
Important Disclaimer
Our privacy scores are assessments based on publicly available information, including:
- Official privacy policies and terms of service
- Public security audits and certifications
- Open source code repositories
- Third-party security research
- News reports and official announcements
Limitations to understand:
-
Point-in-time assessment: Scores reflect our evaluation at the time of review. Policies and practices can change.
-
Public information only: We cannot verify internal practices or undisclosed data handling.
-
Subjective elements: Some scoring factors involve judgment calls based on our interpretation.
-
Not legal advice: Our scores are informational and should not be considered legal or security advice.
-
Regional variations: Some services may have different practices in different regions.
Review Process
Each tool is reviewed by our team using a standardized checklist. We aim to re-review tools periodically and when significant changes are announced.
The “Last Reviewed” date on each tool indicates when our most recent assessment was completed.
Feedback and Corrections
We strive for accuracy and welcome feedback. If you believe a score is inaccurate or have updated information about a tool, please contact us.
Tool vendors are also welcome to reach out with clarifications or to provide additional information about their privacy practices.