What does Check Privacy Score check?

We check public web exposure (email, phone, name, address, business), website privacy (HTTPS, headers, trackers, exposed contact info), breach history via HIBP, and IP network visibility.

What does Check Privacy Score NOT check?

We do not scan the dark web, scrape login-only pages, bypass CAPTCHAs, check social media accounts, monitor credit, or access private databases.

Are scores guaranteed?

No. Estimated scores are clearly labeled as estimates. Verified checks are labeled separately. Not found does not mean safe everywhere — only that the checked sources returned no results.

How is sensitive data handled?

Sensitive values like email addresses and phone numbers are redacted in scan results. We do not require SSNs, government IDs, or banking details. Passwords are stored using one-way hashing.

Trust and transparency

How Check Privacy Score works — and what we do not do.

We believe privacy tools should be honest about what they check, what they skip, and what their scores actually mean. This page explains our approach.

What we check

Check Privacy Score examines publicly available information only. We never access private databases, login-only pages, or restricted systems.

Personal exposure estimates — We estimate exposure risk based on the identifiers you enter (email, phone, name, address, business). This produces a privacy score based on known patterns — higher means stronger privacy, not a live scan of every database on the internet.
Website/domain privacy — We scan public websites for HTTPS, security headers, third-party scripts, trackers, exposed contact information, privacy policy links, and robots.txt. These are real, verified checks.
Breach history — We check public breach catalogues (via Have I Been Pwned) for domain-level breach records. Per-email breach checks are available as a verified check when an API key is configured.
IP network visibility — We show what public IP data reveals about your network location, ISP, and connection type.
Password exposure — We check if a password hash prefix appears in breach data using the k-anonymity model. Your full password is never sent to any server.

What we do not check

It is important to understand the limits of any privacy scanning tool, including ours.

We do not scan the dark web.
We do not scrape login-only or CAPTCHA-protected pages.
We do not check social media accounts or private profiles.
We do not monitor credit reports or financial records.
We do not access government databases or court records.
We do not bypass anti-bot protections on any website.
We do not claim to find every instance of your data online.

"Not found" means the sources we checked returned no results. It does not mean your information is safe everywhere.

How scoring works

Every score includes a clear status label so you know what is real and what is estimated.

Found with evidence — A real check was performed and something was detected. The finding includes the source, severity, confidence level, and a recommended fix.
Not found — A real check was performed and nothing was detected from that source. This does not guarantee safety.
Estimated — Risk was calculated from known patterns based on the identifiers you entered. No live data lookup was performed for this category.
Not checked — This source was not included in the scan because no relevant input was provided.
Skipped — This source requires additional configuration (such as a paid API key) or was unavailable.

We never inflate scores to create false urgency. If we find nothing, we say so.

How your data is handled

We do not require Social Security numbers, government IDs, driver's license numbers, or banking details.
Passwords are stored using one-way hashing (bcrypt). We cannot read your password.
Sensitive values like email addresses and phone numbers are redacted in scan results and report views.
Saved reports are stored in your private account and are not shared publicly.
We use HTTPS everywhere and enforce security headers (HSTS, CSP, X-Frame-Options, and more).
Payment processing is handled entirely through Stripe. We do not see or store your card details.

Consent and authorization

Every scan requires you to confirm that you are checking your own information or have authorization to check it. We only scan public web sources. We respect robots.txt, rate limits, and Terms of Service.

Analytics and third-party services

We use Google Analytics (GA4) to understand how the site is used. This is documented in our privacy policy. Cloudflare provides CDN and DDoS protection, which may add its own analytics beacon. No other third-party tracking services are used.

What we do not claim

We are not a security certification or compliance body.
We do not guarantee complete removal of personal data from the internet.
We do not claim that our tool catches every privacy risk.
We do not fabricate findings, inflate scores, or use fake urgency language.
We do not use fake testimonials, fake customer counts, or fake media logos.

We are a small, independent privacy tool focused on being useful and honest.

Contact

If you have questions about how the tool works, how your data is handled, or want to report an issue, visit the contact page or review our privacy policy and terms of service.

Run an Exposure Check Scan a Domain