A privacy risk assessment tool that analyzes your online accounts and services based on their data-sharing policies and breach history.
-
Risk Scoring Engine: Calculates privacy risk scores (0-100) based on:
- Data selling policies (1-10 scale)
- AI training data usage (1-10 scale)
- Account deletion difficulty (1-10 scale)
- Historical breach detection
- Account staleness (unused for 2+ years)
-
Multi-tier Risk Assessment:
- π’ Green (0-39): Low risk
- π‘ Yellow (40-69): Moderate risk
- π΄ Red (70-100): High risk
-
API Integration:
- Risk scoring endpoints (single and batch)
- Privacy policy analysis with LLM integration
- Breach detection via Have I Been Pwned API
- Firebase/Firestore integration for persistence
- Node.js 18+
- PostgreSQL (optional, for seed scripts)
- Firebase project with Firestore enabled
-
Clone the repository
-
Install dependencies:
npm install
-
Configure environment variables:
cp .env.example .env # Edit .env with your credentials
Required environment variables:
- Firebase:
REACT_APP_FIREBASE_*variables - Google OAuth:
GOOGLE_CLIENT_ID,GOOGLE_CLIENT_SECRET - NextAuth:
AUTH_SECRET(generate withnpx auth secret) - Optional APIs:
OPENAI_API_KEY,HIBP_API_KEY
The test suite validates the risk scoring engine and sample payloads:
# Test risk scoring engine
npm run test
# Validate sample JSON files
npm run test:sampleβ All 7 tests passing:
- β Basic scoring with high risk (breach + stale account)
- β Green tier scoring (low-risk service)
- β Red tier scoring with stale high-risk account (old breach + stale)
- β Stale account penalty (2+ years unused)
- β Schema validation
- β Sample JSON file validation
- β Batch sample JSON validation
Example payloads in /scripts:
risk-score-sample.json- Single service risk assessmentrisk-score-batch-sample.json- Batch risk assessment (3 services)
npm run seed:demoSeeds risk demo data for a demo user. Requires:
- Active database connection
- Demo user created via NextAuth login
npm run seed:policiesPre-populates the policy cache with hardcoded assessments for major companies (TikTok, Meta, Google, LinkedIn, etc.)
- POST
/api/risk/score- Score a single service - GET
/api/risk/score?domain=example.com- Get latest risk for domain
- POST
/api/risk/score/batch- Score multiple services - GET
/api/risk/score/batch- Get user's services with risks
- POST
/api/policy/analyze- Analyze privacy policy (with LLM or cache)
- GET
/api/breach/check?domain=example.com- Check for breaches via HIBP
src/
βββ Backend/
β βββ app/api/ # Next.js API routes
β βββ Firebase/ # Firebase config
βββ components/ # React components
βββ lib/ # Firebase admin setup
βββ server/ # Shared server utilities
β βββ auth.ts # NextAuth configuration
β βββ firebase-db.ts # Database abstractions
β βββ risk/
β βββ engine.ts # Risk scoring logic
βββ env.js # Environment validation
Total Score = Policy Score + Breach Score + Stale Score
Policy Score:
= (dataSelling Γ 2.5) + (aiTraining Γ 1.8) + (deleteDifficulty Γ 1.7)
Breach Score:
= 20 (if breached)
+ 5 (if breach > 3 years old)
Stale Score:
= MIN(15, 5 + (years_unused - 2) Γ 3) if unused 2+ years
Final Score = CLAMP(Total, 0, 100)
- β
src/server/auth.ts- NextAuth configuration - β
src/server/firebase-db.ts- Database operations - β
src/server/risk/engine.ts- Risk scoring engine - β
src/lib/firebase-admin.ts- Firebase admin SDK - β
scripts/test-risk-engine.mjs- Test suite - β
scripts/test-samples.mjs- Sample validation - β
package.json- Updated with required dependencies - β
.env.example- Environment configuration template
npm install
npm run devOpens the app at http://localhost:3000
npm run build
npm startISC