What Is a Privacy Score? How Companies Are Rated
A privacy score is a 0-100 rating that measures how well a company collects, shares, and manages your personal data. Here is how they work and why they matter.
Published April 9, 2026 in Privacy BasicsWhat Is a Privacy Score? How Companies Are Rated on Data Protection
TL;DR: A privacy score is a numerical rating (0-100) that measures how responsibly a company handles personal data. PrivacyFetch calculates privacy scores across five dimensions -- data collection, data sharing, tracking, transparency, and user rights -- and assigns letter grades from A+ to F. Higher scores mean better data practices.
What Is a Privacy Score?
A privacy score is a standardized rating that quantifies how well a company handles your personal data. It transforms dense legal documents -- privacy policies, terms of service, cookie disclosures -- into a single, comparable number.
Think of it like a credit score, but for corporate privacy practices. Instead of measuring financial risk, a privacy score measures data risk: how much personal information a company collects, who they share it with, how they track you, and what control they give you over your own data.
PrivacyFetch assigns every analyzed company a score from 0 to 100, along with a letter grade from A+ (excellent) to F (very poor). These scores are based on publicly observable signals, not company self-reporting.
Why Do Privacy Scores Matter?
Most people never read privacy policies. According to research, the average privacy policy takes 18 minutes to read. If you read every policy for every service you use, it would take roughly 76 work days per year.
Privacy scores solve this problem. They give you an instant, evidence-based snapshot of a company's data practices. Specifically, privacy scores help you:
- Make informed decisions -- Compare two competing services before signing up
- Identify red flags -- Spot companies that sell your data or use aggressive tracking
- Exercise your rights -- Know which companies make it easy (or hard) to delete your data
- Hold companies accountable -- Public scores create market pressure for better practices
For businesses, privacy scores matter because customers increasingly factor data practices into purchasing decisions. A poor privacy score is a competitive disadvantage.
How Does PrivacyFetch Calculate Privacy Scores?
PrivacyFetch uses a multi-stage automated pipeline to analyze company privacy practices. There is no human subjectivity involved. The process works in four steps:
- Policy scraping -- We discover and download a company's privacy policy, terms of service, and cookie policy
- Tracker detection -- We scan the company's website for 50+ known tracking scripts across six categories (advertising, analytics, social, functional, session recording, and necessary)
- AI-powered extraction -- We run 17 parallel analysis tasks against the policy text to extract structured data about collection practices, sharing partners, user rights, retention policies, and more
- Deterministic scoring -- We calculate the final score using fixed, documented rules with no randomness
The result is a repeatable, transparent score that anyone can verify against the source policies.
The 5 Dimensions of a Privacy Score
Every PrivacyFetch score is built from five weighted dimensions. Each dimension is scored independently from 0 to 100, then combined using the weights below.
| Dimension | Weight | What It Measures |
|---|---|---|
| Data Collection | 20% | What personal data is collected and how sensitive it is |
| Data Sharing | 25% | Who data is shared with and whether it is sold |
| Tracking | 20% | Tracking technologies, cookies, and user privacy controls |
| Transparency | 20% | Clarity, completeness, and honesty of policy disclosures |
| User Rights | 15% | Available rights, request channels, and deletion difficulty |
Data sharing carries the highest weight (25%) because third-party sharing is the single biggest factor in losing control of your personal information. Once your data leaves a company, you have very little ability to get it back.
Data Collection (20%)
This dimension starts at 100 and applies deductions based on the types of personal data a company collects. Sensitive data categories carry the heaviest penalties:
- Biometric data (fingerprints, face scans): -15 points
- Health data: -15 points
- Behavioral tracking data: -10 points
- Browsing history: -10 points
- Location data: -10 points
- Financial data: -5 points
- Each additional data type beyond 10: -5 points
A company that collects only an email and name will score much higher than one that collects biometrics, location, browsing history, and health data.
Data Sharing (25%)
This dimension measures who a company shares your data with and how. It starts at 100 and applies steep deductions for the most harmful practices:
- Sells personal data: -40 points
- Shares data with data brokers: -25 points
- Shares with advertisers: -20 points
- More than 5 advertising partners: -10 points
- More than 20 data sharing partners: -10 points
A company that sells your personal information to data brokers and shares with dozens of advertisers will land in the D or F range on this dimension alone.
Tracking (20%)
This dimension evaluates the tracking technologies deployed on a company's website. It also rewards companies that respect privacy signals:
Deductions:
- Each advertising tracker: -5 points (max -30)
- Session recording (Hotjar, FullStory, etc.): -15 points
- Browser fingerprinting: -15 points
- Excessive analytics trackers: -5 points
- Multiple social tracking widgets: -5 points
Bonuses:
- Supports Do Not Track (DNT): +5 points
- Supports Global Privacy Control (GPC): +5 points
Transparency (20%)
Unlike the other dimensions, transparency starts at 50 and earns points for good practices. A company must actively demonstrate transparency to score well:
Points earned:
- Privacy policy published: +15
- 4+ clear policy sections: +10
- Specific data retention periods stated: +5
- Subprocessor list published: +5
- Data Processing Agreement (DPA) available: +5
- Data purposes clearly stated: +5
- Readable policy length (under 6,000 words): +5
Points lost:
- Vague retention policy: -10
- Policy contradictions detected: -5 each
- Excessively long policy (over 10,000 words): -5
User Rights (15%)
This dimension also starts at 50 and measures what control you have over your own data:
Points earned:
- Each recognized right (access, deletion, correction, portability, opt-out, consent withdrawal, restrict processing, object processing): +5 each, up to +40
- Data request form available: +10
- Privacy email available: +5
- Appeals process supported: +5
- 3+ request channels: +5
Points lost:
- Difficult deletion process: -15
- Moderate deletion difficulty: -5
What Do Privacy Grades Mean?
PrivacyFetch converts the 0-100 score into letter grades for quick reference:
| Grade | Score Range | What It Means |
|---|---|---|
| A+ | 95-100 | Excellent -- minimal data collection, no selling, strong user controls |
| A | 90-94 | Excellent -- very strong privacy practices across all dimensions |
| A- | 85-89 | Excellent -- strong practices with minor areas for improvement |
| B+ | 80-84 | Good -- above-average practices, some tracking or sharing present |
| B | 75-79 | Good -- reasonable practices with room for improvement |
| B- | 70-74 | Good -- decent baseline with notable gaps |
| C+ | 65-69 | Acceptable -- average practices, several concerns identified |
| C | 60-64 | Acceptable -- meets minimum standards but lacks transparency |
| C- | 55-59 | Acceptable -- below average with multiple red flags |
| D | 40-54 | Poor -- significant data sharing, tracking, or transparency issues |
| F | 0-39 | Very Poor -- sells data, excessive tracking, difficult deletion |
Most companies fall in the B to C range. Truly excellent privacy practices (A grades) are rare because most business models involve some degree of data collection and third-party sharing.
How Is a Privacy Score Different from a Security Rating?
Privacy scores and security ratings measure different things:
| Privacy Score | Security Rating | |
|---|---|---|
| Focus | How data is collected, shared, and managed | How data is protected from breaches |
| Measures | Policy practices, tracking, transparency | Encryption, vulnerabilities, infrastructure |
| Source data | Privacy policies, website trackers, public disclosures | Network scans, certificate checks, breach records |
| Key question | "What do they do with my data?" | "Can hackers get my data?" |
A company can have strong security (encrypted servers, no breaches) but poor privacy practices (sells your data to advertisers). Both matter, but they answer different questions.
PrivacyFetch does factor in recent data breaches as a red flag, but the core score focuses on privacy practices, not security infrastructure.
Can Companies Influence Their Privacy Score?
No. PrivacyFetch scores cannot be purchased, sponsored, or influenced. The analysis is fully automated and based on publicly available information.
The only way a company can improve its score is by improving its actual privacy practices: collecting less data, sharing with fewer third parties, adding user controls, and being more transparent in its policies.
Companies can claim their profile to verify ownership, but claiming does not change the score.
How to Check a Company's Privacy Score
You can look up any company's privacy score on PrivacyFetch in seconds:
- Go to the PrivacyFetch directory
- Search for the company by name or domain
- View the overall score, letter grade, and dimension breakdown
- Check individual tabs for data sharing details, user rights, tracking, and more
You can also compare up to four companies side by side to see how they stack up across all five dimensions.
Key Takeaways
- A privacy score is a 0-100 rating that measures how responsibly a company handles personal data
- PrivacyFetch scores are calculated across five dimensions: data collection (20%), data sharing (25%), tracking (20%), transparency (20%), and user rights (15%)
- Grades range from A+ (excellent) to F (very poor), with most companies falling in the B-C range
- Scores are fully automated, transparent, and cannot be purchased or influenced
- You can check any company's score for free at privacyfetch.com/explore
This analysis is based on PrivacyFetch's automated privacy policy analysis. Check any company's privacy score