Data Handling Principles
Purpose limitation, data minimization, accuracy, and storage limitation — are you collecting only what you need, for clearly defined purposes?
A holistic, AI-powered compliance assessment that evaluates your codebase against privacy requirements and delivers executive-level findings with root cause analysis.
Purpose limitation, data minimization, accuracy, and storage limitation — are you collecting only what you need, for clearly defined purposes?
Consent validity, legitimate interests, and contractual necessity — does your code enforce the legal basis you claim?
Access, erasure, portability, objection, and restriction — can users actually exercise their rights through your application?
Privacy by design, encryption, access controls, and incident logging — are the right technical measures in place?
Impact assessments, processing records, and controller obligations — can you demonstrate compliance, not just claim it?
What a Privacy Review delivers — illustrated with a fictional e-commerce SaaS
The codebase collects user email addresses and behavioral analytics but lacks explicit purpose declarations for each processing activity. Consent mechanisms exist but do not cover all data flows. Deletion endpoints are present for user accounts but do not cascade to third-party integrations.
Analytics events are collected across 6 modules without a documented processing purpose. This affects purpose limitation, consent scope, and transparency requirements.
Add a data processing manifest (e.g. PROCESSING_PURPOSES.md or a config file) that maps each analytics event to a specific, declared purpose.
The user deletion endpoint removes the local database record but does not propagate deletion requests to the payment processor or email marketing service.
Extend the deletion handler to issue API calls to connected third-party services when a user exercises their right to erasure.
User registration collects only email and display name. No excessive fields were found in the signup flow.
Analytics events are emitted in 6 modules but no explicit processing purpose is declared for behavioral data collection.
A cookie banner is present but does not gate analytics script loading. Scripts fire before user interaction with the consent dialog.
A deletion endpoint exists at /api/users/:id but does not cascade to the Stripe customer record or Mailchimp subscriber list.
Database connection uses TLS. S3 bucket policy enforces server-side encryption for all stored objects.
No data processing inventory or records of processing activities were found in the repository.
Is behavioral analytics data shared with any third-party advertising networks?
The codebase includes a Google Analytics integration but the data sharing configuration could not be determined from code alone.