Would it be possible to have the data from the .toml files available for each service in the API?
The only data that is available right now is the score, name, and description. I'd love to see other data being added such as sources, rubric, and citations.

What's the issue? Describe the problem below.

1. ProtonVPNl has received an independent audit, though these are not mentioned in the policy as their official security measure. Some security details are missing.
2. [rubric.revision-notify]. The score is incorrect.

What did you expect to be the case instead?

1. All ProtonVPN apps are now open source and audited. "For users with heightened security needs, it is possible to optionally i) enable 2FA on account access ii) enable login history so that suspicious login attempts can be tracked iii) remove the linked recovery email iv) pay anonymously with cash or bitcoin."
2. [rubric.revision-notify]=yes. "The Company reserves the right to periodically review and change this Policy, and will notify users who have enabled the notification preference about any change."

What's the issue? Describe the problem below.
When a product with several "sub-products" is listed, it appears as one "blob" as the screenshot shows

What did you expect to be the case instead?
I expected to be a clear seperation to prevent confusion between services.

Screenshots?

Additional context? N/A

Differential privacy provides a way to analyze large data-sets without violating the privacy of individuals.

Adjusting the scoring of the rubric's question "Does the policy allow personally-targeted or behavioral marketing?" for a company's use of differential privacy might make sense.

What's the product you'd like PrivacySpy to add?
I want Skiff added to PrivacySpy because they claim to be a very privacy-focused company and I want people to be able to easily see if that is right without having to read their lengthy official privacy policy and comparing it to the "Plain English" version

Where is the product's privacy policy? (Give a URL.)
https://app.skiff.com/docs/db93c237-84c2-4b2b-9588-19a7cd2cd45a#tyGksN9rkqbo2uGYASxsA6HVLjUoly/wTYK8tncTto8= (official)
https://skiff.com/annotated-privacy-policy (annotated/plain english)

Have you considered adding this product yourself?
Yes, but I have little to no experience with Git and I would not know where to start with TOML and summarizing the privacy policy

What's the issue? Describe the problem below.
Under the Transparency tab of PrivacySpy, under the question 'Is the policy's history made available?',
The answer is written 'Only the date it was last modified' which gives it a score of only 3/5.
Check the screenshots attached.

What did you expect to be the case instead?
as the note states

While one could check the full history on GitHub, only the last modified date is listed on the page.

So changes that could be added are-

1. change it into 'Yes, with revisions or a changelog'
2. change the note to 'full history can be viewed on GitHub' or something similar that makes it clear that it is available.

Screenshots?

What do you want added to PrivacySpy?
having a option to choose between a light or dark icon could help with visibility for people using dark themes in firefox/chrome
Have you considered implementing this addition yourself and submitting a pull request?
I could probably easily make the icon, but how to add the option im not sure

What do you want added to PrivacySpy?
Do you plan to add translation to this project? I think that could be useful and more effective.

Have you considered implementing this addition yourself and submitting a pull request?
I don't know the tool you have used. I have developer a couple of website with hugo, a static website generator. I could help to prepare translations of this project if someone could tell me where to start.

Alternatively I could fork it and mantain a version of privacyspy in my language, italian, but I prefer that the main website could be more effective if translated in many languages :-)

This is a test issue that should (hopefully) demonstrate the bot.

Basically the title; but will the redesign come with a dark theme? I'm fine with making a PR to add it myself, if needed

What do you want added to PrivacySpy?
A clear and concise description of what you're suggesting. (Ex. "I wish _____ would be added to PrivacySpy, because...")

Have you considered implementing this addition yourself and submitting a pull request?
(PrivacySpy is an open project, so you can contribute! If you're not feeling up to it, though, that's alright.)

Additional context
Add any other context or screenshots about the feature request here.

What do you want added to PrivacySpy?
Basically the title; at the very least, I would like to have it make the TOML files for me. If it's not planned or anything like that, I'll just make a separate tool for it here.

Have you considered implementing this addition yourself and submitting a pull request?
Nope. It wouldn't exactly be a simple implementation

What do you want added to PrivacySpy?
A bot that checks if policies still contain their citations, and if not, flags them for revision/as out of date.

Have you considered implementing this addition yourself and submitting a pull request?
Yes, I’ll probably end up building this myself. Creating an issue so that I don’t forget.

Additional context
None

What do you want added to PrivacySpy?
I think we should add a note to the Contribute page to tell people to avoid using single-lines citations that are 1024 (or more) characters long, as the github syntax-highliting does not currently support TOML lines which are that long.

Have you considered implementing this addition yourself and submitting a pull request?
I couldn't find a way to directly contribute to the webpage.

The mail provider Riseup.net is not part of PrivacySpy yet. I would expect that it would be very private.

As I am not comfortable enough to implement something like this myself and I haven't seen this Platform in the Issues and Pull Requests before I thought I would open this issue.

To help a little bit I've added a few links that I found:

• https://about.gitlab.com/privacy/
• https://about.gitlab.com/privacy/privacy-compliance/
• https://about.gitlab.com/privacy/2021-update-faq/
• https://about.gitlab.com/handbook/legal/privacy/

What do you want added to PrivacySpy?
Addition of exceptions in the rubric.

I found this data on tosdr- you can check it out here.

Though the point I have mentioned is debatable,
I feel like there could be more exceptions that could affect the rating.

The rubric answers a lot of questions but there might be exceptions that any contributor might miss.

I have attached a screenshot as an example

Have you considered implementing this addition yourself and submitting a pull request?
Um, I'm not so sure as my web dev skills are not that great, I understand basic js and HTML but nothing more.
I am willing to learn and contribute tho

Additional context

What do you want added to PrivacySpy?
If a privacy policy is unclear or vague, policies may not be graded properly. With a vague third-party-collection, the default would be no (100%), which would be wrong if said third-party-collection was along the lines of "If we collect other data that isn't here, we'll use it within this policy.", with it being expanded to third-party processors as well.

Additional context
See #147.

What's the product you'd like PrivacySpy to add?
BitWarden claims to be the leader in password management software. Even though their main product is open-source, analyzing the way that BitWarden handles data hosted by their own servers (which is their main business) would be beneficial.

Where is the product's privacy policy? (Give a URL.)
https://bitwarden.com/privacy/

Have you considered adding this product yourself?
Yes, but I have little to no experience with Git and I would not be the best to provide this information.

Apparently there is a missing category in the evaluation: what user information can be given to law agencies, that is, what user information is the service provider able (technically) to give to law enforcement agencies upon request? (this request is called subpoena in the US but let's be generic). We should assume here that the service provider would not resist to any demands of user information by a law agency about a particular user in a law case or investigation. All the information accessible technically by the provider staff should be considered here.
This is an acute question as for example, here protonmail, was forced to deliver info about a french activist user (the IP address and device type), which contributed to the arrest of this activist (and jailing) for a quite petty crime. On the other hand, it seems that Signal.org can only know the date of the initial account setup, and the last connection time. If the user is connected all the time, this leaves little user exposure through signal.org.
It would also be interesting to list in what country is the provider based , therefore to which law it obeys.

Messages you send are extremely personal information, but on Discord they will not be deleted when you delete your account. Every message you have sent will remain, though will be "anonymised" by changing the display name on the message to "Deleted User [Identifier]".

There is no way to mass delete your messages at all.

I don't think this is good enough for a 100% rating in this category. I'm not sure how I should edit the information on the page to reflect that.

What's the product you'd like PrivacySpy to add?
Taobao's policy uses this site, which is not related to the Chinese company refrenced in the policy here.

Where is the product's privacy policy? (Give a URL.)
https://www.taobao.com/helpcenter/content/help_rule_policy_en.html

Have you considered adding this product yourself?
I may or may not update this to reflect keeping the old privacy policy for the respective site, as well as adding the actual Taobao to PrivacySpy. I am fine with someone else taking this if I don't get to it right away.

What's the product you'd like PrivacySpy to add?
I want Grammarly added to PrivacySpy because...it is a popular service with questionable privacy practices.

Where is the product's privacy policy? (Give a URL.)
https://www.grammarly.com/privacy-policy

Have you considered adding this product yourself?
(PrivacySpy is an open project, so you can contribute! If you're not feeling up to it, though, that's alright.)

What do you want added to PrivacySpy?
When running gulp to build the site, I get the following warning:

Version 9 of Highlight.js has reached EOL and is no longer supported.
Please upgrade or ask whatever dependency you are using to upgrade.
https://github.com/highlightjs/highlight.js/issues/2877

It seems the source is from the seemingly abandoned helpers/handlebars-helpers package we use. The easiest option is to try and maintain it ourselves or find someone who already is doing so. A harder option is to find an alternative to replace it at build time.
This issues should probably have the assign expanded to both @milesmcc and @ibarakaiev since this is a pretty big thing based on the realistic resolution options.

Have you considered implementing this addition yourself and submitting a pull request?
If we come to a conclusion as to handle this, I can gladly try to impliment it myself.

testing

What's the issue? Describe the problem below.
ProtonMail has received an independent audit, though these are not mentioned in the policy as their official security measure.

What did you expect to be the case instead?
All ProtonMail apps are now open source and audited. openPGP library, Android, iOS, bridge.

What's the issue? Describe the problem below.

1. Data breach notification policy is not defined by WhatsApp privacy policy (both version EEA and the rest of the world).
2. The review is based on EEA privacy policy which applies to EU only.

What did you expect to be the case instead?

1. Mark should be aligned with those of other services (telegram, signal, wire) which get 0 in case of missing data breach notification policy [rubric.data-breaches].
2. Use rest of the world privacy policy which is less protective.

What do you want added to PrivacySpy?
I stumbled upon privacyspy through this Reddit post.

Tosdr is a similar initiative. A feature I like that they have is that

• you can submit requests for products (or services as they call) to be added. Check out this request template

An idea that I have is that you can design a workflow like

1. anyone can submit requests for addition of new products
2. contributors can choose which product they want to review and submit the rubric
3. moderators (or in this case contributor that has been assigned to review a pull request)
   can verify their data before committing to the main branch

Have you considered implementing this addition yourself and submitting a pull request?
I don't think I can pull this off since I'm not familiar with handlebars

Super exciting project! Thanks so much for the idea and the work so far.

Currently people wanting to share potential suggestions to the rubric are directed to an account-wall per https://privacyspy.org/about/#rubric ("please feel free to create a suggestion").

Adopting an RFC process like that of the Rust or Ember.js communities' could be a great way to solicit more discourse and give the rubric better flexibility as the privacy landscape changes.

** Apologies if there already is a place in the open for discussing and suggesting changes to the rubric.

What do you want added to PrivacySpy?
The API currently has four endpoints:

• /api/v2/index.json for the product index,
• /api/v2/contributors.json for the contributor list,
• /api/v2/rubric.json for the rubiric; and:
• /api/v2/products.json for the full product index and their in-depth scores.

Although this is a very powerful system as is, the last endpoint for products is a humongous file, making it impractical for things like the web extension and the PrivacySpy scanner/bot, as it would have to wait for a large database to download all at once.

I'm proposing that we add a new endpoint /api/v#/products/slug.json. This would allow for smaller files for developers to access, resulting in far less traffic, less caching needs, and, most importantly, much faster operations in the extension and in the bot.

Have you considered implementing this addition yourself and submitting a pull request?
I could try to, but Handlebars isn't my forte.

Additional context
I'm currently working on the bot right now, and plan to open-source it near when I'm done. I'll work around this missing endpoint for the time being, but it will make things, as aforementioned, much faster with this new endpoint.

cc @milesmcc @ibarakaiev

What's the product you'd like PrivacySpy to add?
I want OMNY added to PrivacySpy because I have heard suspicious data concerns and skimmed the privacy policy.

Where is the product's privacy policy? (Give a URL.)
https://omny.info/privacy-policy/420

Have you considered adding this product yourself?
I can't read privacy policies deeply.

What do you want added to PrivacySpy?
To reduce the time for using GitHub actions, we can archive and re-use the dependencies and have them be refreshed whenever there's a new update.

Have you considered implementing this addition yourself and submitting a pull request? I wanted to run it by the team first.

Additional context I've set it up in the past before; here's the documentation regardless

What's the product you'd like PrivacySpy to add?
I want Huggingface added to PrivacySpy because it is a known platform for sharing open source AI models.

Where is the product's privacy policy? (Give a URL.)
Privacy Policy

Have you considered adding this product yourself?
No, I have been working on learning git pull requests, but I don't qualify myself to do that sort of stuff yet.

As you may (or may not) be aware, I contributed a lot of things to PrivacySpy, a number of which that were pending for approval to be added. Do you guys still have a copy of those TOMLs or do I have to redo all of them? I wouldn't exactly mind if I had to, but it would be a pain as it's ~150 products with the old GUI for making these gone

What do you want added to PrivacySpy?
The current CI bot's logo looks fine on the app marketplace page, but is barely recognisable on dark theme.

Have you considered implementing this addition yourself and submitting a pull request?
There is the old logo on Product Hunt that could be used, that or simply adding a white background to the image

Additional context