Free Tool

Privacy Audit

Answer a few questions to get a personalized action plan based on your privacy risk level.

What This 8-Question Audit Actually Measures

Personal-privacy posture in the United States breaks cleanly into eight measurable dimensions: account hygiene (unique passwords + password manager), authentication strength (hardware key or app-based 2FA on email + banking + cloud + password manager), data-broker exposure (presence in people-search aggregators), browser hygiene (tracking-prevention level + ad-blocker + container/profile separation), email isolation (alias forwarding for low-trust signups), mobile-OS settings (advertising-ID reset + per-app location/contacts/microphone permissions), credit-bureau lockdown (active freeze on Equifax + Experian + TransUnion + Innovis), and statutory-rights exercise (active CCPA/CPRA/state-equivalent deletion requests). PrivacyFix's audit weights each dimension by published industry incident-response data — credential reuse and weak 2FA together account for over 80% of consumer account takeovers tracked by major incident-response firms; people-search broker exposure is the single largest source of unsolicited cold calls and SMS phishing.

The audit runs entirely in your browser — answers never leave your device and PrivacyFix has no analytics or telemetry on the tool itself. Each answer maps to a 0-100 sub-score; the final score is a weighted sum and the personalized action plan is generated from the lowest-scoring dimensions. Most users score 30-55 on a first run; reaching 80+ takes 6-10 hours of focused work spread across 2-3 weekends. The follow-up tracker (next tab) lets you log progress and see your score climb as you complete each remediation step. PrivacyFix recommends re-running the audit every 90 days because new accounts, devices, and breaches continuously change your exposure surface.

Progress Question 1 of 8

This audit is for informational purposes only and does not constitute legal advice. All data is processed locally in your browser and never sent to our servers.

Recommended Next Steps

Based on common risk profiles, these guides will help you act on your audit results:

Data Broker Opt-Out Guide
Remove yourself from 12 priority people-search and data broker sites. Covers Spokeo, WhitePages, BeenVerified, and more.
Password Security Guide
Stop reusing passwords. Compare Bitwarden, 1Password, NordPass, and Dashlane — and set up credential stuffing protection.
Social Media Privacy Settings
Lock down Facebook, Instagram, LinkedIn, and TikTok. Every major platform defaults to maximum data collection.
VPN Buyer's Guide
Honest comparison of NordVPN, Surfshark, ProtonVPN, and Mullvad on logging policy, jurisdiction, and speed.

Methodology & Sources

  • NIST Cybersecurity Framework — Risk assessment categories and terminology follow NIST CSF 2.0 guidelines for personal data exposure.
  • EFF Privacy Guidelines — Electronic Frontier Foundation guidance on data broker opt-outs, social media defaults, and personal information security practices.
  • Have I Been Pwned (Troy Hunt) — Referenced for data breach prevalence statistics and breach monitoring recommendations.
  • State privacy laws — State rights questions and answers reflect enacted legislation as of 2026 (CCPA/CPRA, VCDPA, CPA, CTDPA, and 15 others).

Related Guides

Social Media Privacy
Lock down Facebook, Instagram, LinkedIn, and TikTok privacy settings step by step.
Email Privacy Guide
Stop data brokers from tracking you via your email address. Use aliasing.
VPN Buyer's Guide
Honest comparison of NordVPN, Surfshark, ProtonVPN, and Mullvad for privacy.

More Privacy Tools

Opt-Out Tracker
Track your data broker submissions
Breach Check
Check if your data has been exposed
State Rights Lookup
Know your privacy rights by state

Frequently Asked Questions

What does the Privacy Audit measure?
The Privacy Audit evaluates your exposure across eight categories: data broker awareness, opt-out history, property records exposure, social media settings, breach history, state privacy rights, primary concerns, and time commitment. Each answer is scored to produce an overall risk level from Low to Critical.
Is the Privacy Audit stored anywhere?
Your results are saved only in your browser's localStorage so you can return to them later. No data is sent to any server. You can clear the results at any time by clearing your browser data or starting over.
How accurate is the risk score?
The risk score is a directional assessment based on common privacy risk factors identified by the NIST Cybersecurity Framework and EFF guidelines. It is not a guarantee of your actual exposure level, but it highlights the most important areas to address based on your specific situation.
What should I do after completing the audit?
Follow the personalized action plan in your results. High-priority items should be addressed first. For most people, this means checking for data breaches, opting out of major data brokers, and reviewing social media privacy settings. Use the Opt-Out Tracker to monitor your progress.
Can I retake the audit later?
Yes. You can retake the audit at any time by clicking Start Over. We recommend retaking it every 6-12 months after completing the recommended actions to see how your privacy risk level has improved.