India's first AI-powered privacy policy analyzer helping users understand how websites handle their personal data with comprehensive DPDP Act 2023 compliance analysis.
🌐 Live Demo · 📖 Methodology · 🐛 Report Bug · ✨ Request Feature
- About
- Features
- Analysis Methodology
- Tech Stack
- Getting Started
- Architecture
- API Documentation
- Contributing
- Deployment
- Roadmap
- License
PrivacyHub is a production-ready, AI-powered privacy policy analyzer that empowers users to make informed decisions about their personal data. Using advanced AI models and comprehensive regulatory frameworks, we provide detailed privacy assessments with actionable recommendations.
- 🇮🇳 India-Focused: First privacy analyzer built specifically for India's DPDP Act 2023
- 🔍 Evidence-Based Analysis: Scientific methodology based on DPDP Act 2023 and international best practices
- 🤖 AI-Powered: DeepSeek Chat model via OpenRouter for sophisticated policy analysis
- 📊 Comprehensive Scoring: 6-category weighted assessment with 90+ privacy criteria
- 🎯 DPDP Act Compliance: In-depth analysis of Digital Personal Data Protection Act 2023 requirements
- 🎨 Modern UX: Intuitive dashboard with visual analytics and category breakdowns
- 🚀 Production-Ready: Enterprise-grade error handling, fallback systems, and security measures
-
🔐 Advanced Privacy Analysis
- AI-powered comprehensive privacy policy evaluation
- India DPDP Act 2023 compliance assessment
- 6 weighted categories: Data Minimization & Collection (30%), Third-Party Data Sharing (25%), Individual Rights & Controls (20%), Security & Risk Management (15%), Regulatory Compliance (7%), Transparency & Communication (3%)
- 5-tier risk classification (HIGH RISK, MODERATE-HIGH RISK, MODERATE RISK, LOW RISK, EXEMPLARY)
- Letter grades (A+ to F) for quick assessment
- Evidence-based findings with specific DPDP Act regulatory references
-
📊 Interactive Results Dashboard
- Overall privacy score (1-10 scale) with circular progress visualization
- Real-time category breakdown with color-coded mini charts
- Privacy grade and risk level badges
- Executive summary for stakeholders
- Critical findings highlighting high-risk practices
- Positive practices recognition
- Actionable recommendations (immediate, medium-term, best practices)
- Detailed regulatory compliance notes
-
🎨 Enhanced User Experience
- Web3-style gradient buttons (blue-purple-pink for Analyze, emerald-teal-cyan for Reset)
- One-click Reset button to start new analysis
- Home button for easy navigation back from results
- Mobile-responsive design with optimized layouts
- Collapsible methodology section for transparency
- PWA-ready with custom icons and theme colors
-
⚡ 3-Tier Scraping System
- Primary: Firecrawl API (markdown extraction)
- Fallback 1: Crawlee PlaywrightCrawler (JavaScript rendering)
- Fallback 2: Simple fetch (basic HTML parsing)
- Automatic retry with graceful degradation
-
🔒 Production-Grade Reliability
- 60-second API timeout for complex analyses
- Comprehensive error handling with specific timeout/network messages
- Global error boundaries (error.tsx, not-found.tsx, loading.tsx)
- Input validation and URL sanitization
- Security headers middleware (HSTS, CSP, X-Frame-Options)
-
📱 SEO & Discoverability
- Dynamic sitemap.xml generation
- Robots.txt for search engine indexing
- Open Graph and Twitter Card metadata
- Optimized meta descriptions and keywords
- Comprehensive methodology page with detailed framework explanation
- Privacy education resources
- Category-specific icons and visual indicators
- Color-coded score bars for quick assessment
- Regulatory framework references (90+ compliance criteria)
- Real-time analysis progress indicators
PrivacyHub uses a scientifically-grounded, evidence-based framework for privacy assessment focused on India's DPDP Act 2023:
-
Data Minimization & Collection (30%)
- Collection scope, legal basis, purpose specification
- Sensitive personal data protections (DPDP Act Sec. 9)
- Children's data compliance (DPDP Act Sec. 9)
- Data fiduciary obligations and transparency
-
Third-Party Data Sharing (25%)
- Sharing scope and commercial exploitation
- International transfers and cross-border data flow (DPDP Act Sec. 16)
- Data processor agreements (DPDP Act Sec. 8)
- Consent Manager integration readiness
-
Individual Rights & Controls (20%)
- Data Principal rights: access, correction, erasure (DPDP Act Sec. 11-12)
- Data portability and objection mechanisms
- Grievance redressal mechanisms (DPDP Act Sec. 32)
- Withdrawal of consent (DPDP Act Sec. 7)
-
Security & Risk Management (15%)
- Encryption standards (end-to-end, in-transit, at-rest)
- Incident response and breach notification
- Data localization compliance for India
- Reasonable security safeguards (DPDP Act Sec. 8)
-
Regulatory Compliance (7%)
- DPDP Act 2023 compliance indicators
- Data Protection Board registration requirements
- Data fiduciary and Significant Data Fiduciary obligations
- Consent Manager framework compliance
-
Transparency & Communication (3%)
- Plain language usage and readability
- Grievance officer details (DPDP Act requirement)
- Vernacular language support for Indian languages
- Proactive change notifications
- EXEMPLARY (10): Privacy-by-design implementation, exceeds DPDP Act minimums
- LOW RISK (8-9): Strong privacy framework with minor gaps
- MODERATE RISK (6-7): Some privacy protections present, improvement areas identified
- MODERATE-HIGH RISK (4-5): Multiple compliance gaps, Data Principal rights compromised
- HIGH RISK (1-3): Significant DPDP Act violations likely, Data Protection Board action probable
- Framework: Next.js 15.5.2 (App Router with Turbopack)
- Language: TypeScript 5.0
- Styling: Tailwind CSS 3.4
- UI Components: shadcn/ui (Radix UI primitives)
- Icons: Lucide React
- Fonts: Inter (sans-serif), JetBrains Mono (monospace)
- API Routes: Next.js API Routes (serverless functions)
- AI Model: DeepSeek Chat via OpenRouter
- Web Scraping:
- Firecrawl API (primary)
- Crawlee PlaywrightCrawler (fallback)
- Native fetch API (final fallback)
- Hosting: Vercel (recommended) or self-hosted
- CDN: Vercel Edge Network
- Analytics: Vercel Analytics (optional)
- Deployment: CI/CD via Vercel Git integration
- Input validation and URL sanitization
- SSRF protection (blocks private IPs, localhost)
- Security headers middleware
- Error boundaries and fallback UI
- PWA-ready with service worker support
- Optimized images (AVIF/WebP)
- Node.js 18+ and npm
- OpenRouter API key (required)
- Firecrawl API key (optional, recommended)
-
Clone the repository
git clone https://github.com/privacypriority/privacyhub.git cd privacyhub -
Install dependencies
npm install
-
Set up environment variables
cp .env.example .env.local
Edit
.env.localand add your API keys:# Required - OpenRouter API for AI analysis OPENROUTER_API=your_openrouter_api_key_here # Optional - Firecrawl API for better web scraping FIRECRAWL_API_KEY=your_firecrawl_api_key_here
-
Run development server
npm run dev
-
Open your browser Navigate to http://localhost:3000
# Build the application
npm run build
# Start production server
npm startSee .env.example for a comprehensive list of available environment variables with detailed explanations.
Required:
OPENROUTER_API: OpenRouter API key for AI analysis
Optional:
FIRECRAWL_API_KEY: Firecrawl API key for enhanced scraping
privacyhub/
├── src/
│ ├── app/ # Next.js App Router
│ │ ├── api/
│ │ │ └── analyze/
│ │ │ └── route.ts # Privacy analysis API endpoint
│ │ ├── methodology/
│ │ │ └── page.tsx # Methodology explanation page
│ │ ├── error.tsx # Global error boundary
│ │ ├── not-found.tsx # Custom 404 page
│ │ ├── loading.tsx # Loading state
│ │ ├── layout.tsx # Root layout with metadata
│ │ ├── sitemap.ts # Dynamic sitemap generation
│ │ └── page.tsx # Homepage
│ ├── components/
│ │ ├── ui/ # shadcn/ui components
│ │ │ ├── circular-progress.tsx
│ │ │ ├── heatmap.tsx
│ │ │ ├── score-card.tsx
│ │ │ └── ...
│ │ ├── Header.tsx # Navigation header
│ │ ├── Footer.tsx # Footer with links
│ │ ├── PrivacyAnalyzer.tsx # Main analyzer component
│ │ └── MethodologySection.tsx # Methodology display
│ ├── lib/
│ │ └── input-validation.ts # URL validation and sanitization
│ └── middleware.ts # Security headers
├── public/
│ ├── favicon.ico # Favicon (all sizes)
│ ├── robots.txt # Search engine directives
│ └── site.webmanifest # PWA manifest
├── .env.example # Environment variable template
├── next.config.ts # Next.js configuration
├── tailwind.config.ts # Tailwind CSS configuration
├── vercel.json # Vercel deployment config
└── package.json # Dependencies and scripts
- User Input → URL validation → SSRF protection
- Scraping:
- Try Firecrawl API (markdown extraction)
- Fallback to Crawlee (JavaScript rendering)
- Final fallback to fetch (basic HTML)
- AI Analysis:
- Send content to DeepSeek Chat via OpenRouter
- Structured JSON response with scores and findings
- Results Display:
- Parse and validate AI response
- Render interactive dashboard
- Show category breakdowns, compliance status, recommendations
POST /api/analyze
- Input:
{ "url": "https://example.com/privacy" } - Output: Comprehensive privacy analysis JSON
- Timeout: 60 seconds (Vercel Pro)
- Error Handling: Specific error messages for timeouts, network issues, invalid URLs
Endpoint: POST /api/analyze
Request Body:
{
"url": "https://example.com/privacy"
}Response:
{
"url": "https://example.com/privacy",
"timestamp": "2025-10-16T10:00:00.000Z",
"content_length": 15420,
"scraper_used": "firecrawl",
"analysis": {
"overall_score": 8.0,
"risk_level": "LOW",
"privacy_grade": "A-",
"regulatory_compliance": {
"dpdp_act_compliance": "COMPLIANT",
"major_violations": []
},
"categories": {
"data_collection": {
"score": 8.5,
"reasoning": "...",
"dpdp_notes": "..."
},
// ... 5 more categories
},
"critical_findings": {
"high_risk_practices": [],
"regulatory_gaps": [],
"data_subject_impacts": []
},
"positive_practices": ["..."],
"actionable_recommendations": {
"immediate_actions": [],
"medium_term_improvements": ["..."],
"best_practice_adoption": ["..."]
},
"executive_summary": "..."
}
}Error Responses:
400 Bad Request: Invalid URL, insufficient content408 Request Timeout: Request cancelled429 Too Many Requests: Rate limit exceeded (if enabled)504 Gateway Timeout: Website slow/unresponsive
We welcome contributions from the community! Here's how you can help:
- 🐛 Report Bugs: Open an issue
- ✨ Request Features: Submit a feature request
- 📝 Improve Documentation: Fix typos, add examples, clarify instructions
- 💻 Submit Code: Fix bugs, add features, improve performance
- 🎨 Design: Improve UI/UX, create graphics, enhance accessibility
- 🌍 Translate: Help make PrivacyHub multilingual
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Make your changes with clear, documented code
- Commit:
git commit -m "feat: add amazing feature" - Push:
git push origin feature/amazing-feature - Open a Pull Request
We follow Conventional Commits:
feat:New featurefix:Bug fixdocs:Documentation changesrefactor:Code refactoringperf:Performance improvementstest:Test additions or changes
-
Import Repository
- Connect to GitHub in Vercel Dashboard
- Import the privacyhub repository
-
Configure Environment Variables
- Add
OPENROUTER_API(required) - Add
FIRECRAWL_API_KEY(optional) - Mark as "Sensitive" in Vercel settings
- Add
-
Deploy
vercel --prod
Vercel Configuration (vercel.json):
- API route timeout: 60 seconds
- CORS headers configured
- Automatic HTTPS
Requirements:
- Node.js 18+ server
- Process manager (PM2 recommended)
- Reverse proxy (nginx/Apache)
- SSL certificate
# Install PM2
npm install -g pm2
# Build application
npm run build
# Start with PM2
pm2 start npm --name "privacyhub" -- start
# Configure nginx reverse proxy
# Point to localhost:3000- Category breakdown visualization
- Web3-style gradient UI enhancements
- Navigation improvements (Home, Reset buttons)
- DPDP Act 2023 integration
- Enhanced error handling
- Stateless architecture (no database dependency)
- Multi-language support (Hindi, Spanish, French)
- Privacy policy comparison tool
- Export analysis as PDF
- Browser extension
- Historical policy tracking
- Mobile app (React Native)
- Advanced filtering and search
- API for third-party integration
- Custom compliance frameworks
- Enterprise features (teams, SSO)
See Issues for detailed feature requests.
This project is licensed under the MIT License - see the LICENSE file for details.
- Next.js - React framework
- OpenRouter - AI API gateway
- DeepSeek - AI model
- Firecrawl - Web scraping
- Crawlee - Web crawling framework
- shadcn/ui - UI components
- Tailwind CSS - CSS framework
- Lucide - Icon library
- Vercel - Hosting platform
- DPDP Act 2023 - Digital Personal Data Protection Act (India)
- IT Act 2000 - Information Technology Act (India)
- IT Rules 2011 - Reasonable Security Practices and Procedures
- ToS;DR - Terms of Service; Didn't Read
- Privacy Guides - Privacy tools and services
- Privacy research and academic publications
- Website: privacyhub.in
- GitHub: Issues | Discussions
- Methodology: View Analysis Framework
If you find this project useful, please consider giving it a star! It helps the project grow and reach more users who care about privacy.
Made with ❤️ for privacy awareness