Close this search box.


The following criteria serve as the rubric for evaluating privacy policies using the PPGS ™ 2.1 framework, ensuring a comprehensive assessment of privacy practices and standards.


Beautiful Table
Grading Criteria
Transparency Meets all criteria Meets most criteria Partially meets criteria Meets few criteria Does not meet criteria
User Control Provides strong user control Provides some user control Provides limited user control Provides minimal user control Does not provide user control
Third-party Sharing Provides strong limits and consent options Provides some limits and consent options Provides limited limits and consent options Provides minimal limits and consent options Does not provide limits or consent options
Security Measures Strong security measures in place Some security measures in place Limited security measures in place Minimal security measures in place No security measures in place
Data Minimization Collects only necessary data Collects mostly necessary data Collects some unnecessary data Collects mostly unnecessary data Collects only unnecessary data
Retention Policies Short retention periods and clear policies Moderate retention periods and policies Long retention periods or unclear policies Very long retention periods or no policies No retention policies
About us

Ready to Defend Sworn to Protect

The PPGS ™ 2.1 by Ken Cox is a system for rating privacy policies using specific criteria. It assigns a letter grade (A to F) and a corresponding color to each policy. Here is the rubric for the PPGS 2.1: Grading Scale and Colors:
  • A (Blue): The policy meets all criteria and provides strong privacy protection.
  • B (Green): The policy meets most criteria, but there is room for improvement.
  • C (Yellow): The policy partially meets the criteria, but there are significant shortcomings.
  • D (Orange): The policy meets few criteria and offers minimal privacy protection.
  • F (Red): The policy does not meet the criteria and offers little to no privacy protection
  1. Transparency (Clear and Complete):
    • The privacy policy is written in clear and simple language, easy for users to understand.
    • The policy comprehensively covers the types of personal data and usage information collected.
    • The policy clearly explains the purposes for collecting personal data and usage information.
  2. User Control (Access, Deletion, and Changes):
    • The policy allows users to access their personal information.
    • The policy provides users with the option to delete their personal information.
    • The policy allows users to change or modify their personal information.
    • The policy includes options for users to opt-out of certain data collection and sharing practices.
  3. Third-party Sharing (Limits and Consent):
    • The policy clearly outlines when personal information is shared with third parties.
    • The policy explains whether users can give or withhold consent for sharing their personal information with third parties.
    • The policy details any limits on third-party sharing and the circumstances in which sharing occurs.
  4. Security Measures:
    • The policy describes the security measures in place to protect users’ personal information from unauthorized access, use, or disclosure.
    • The policy provides information on the company’s commitment to maintaining the security of users’ personal information.
  5. Notification of Changes:
    • The policy explains how users will be informed of significant changes to privacy practices.
    • The policy specifies the methods of notification, such as email or updates on the website.
  6. Readability:
    • The policy is written clearly and concisely, making it understandable for an average 9th-grade United States student.
    • If the reading level is higher than that of an average 9th-grade United States student, the overall grade will be reduced by one letter.