Privacy guide

How to read a privacy policy in 5 minutes.

A practical privacy policy reading guide for normal people: what to scan, what red flags matter, and what to ignore.

The simple answer

Do not read a privacy policy like a lawyer. Read it like a user trying to find five things: what data, why, who gets it, how long it stays, and how to delete it.

Most policies are long because they are written to cover the company, not to help you. Your job is to find the operational truth inside the legal fog.

What to check

1

Find the data collected section.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

2

Find sharing with third parties or service providers.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

3

Find marketing and advertising language.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

4

Find deletion and grievance contact details.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

5

Find policy update language.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

From our investigation

We read policies so you do not have to.

State of Privacy converted long policies into public findings because the useful part is not the legal decoration. The useful part is what the company says it can actually do.

What to do next

1

Search within the page for share, advertising, marketing, retain and delete.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

2

Screenshot important clauses before relying on them.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

3

Ask the company to explain unclear language.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

People also ask

What is a privacy policy?

It is a document explaining how a company collects, uses, shares, stores and protects personal data.

What is the most important section?

Data sharing and purpose language usually matter most because they explain where data can go.

Should I read the whole policy?

Usually no. Start with collection, sharing, retention, deletion and contact sections.

If you are a company

Check your own website.

How many trackers run on your pages? Does your privacy policy name them? Can you answer a data-rights email? If you don't know, we can help you find out.

Talk to Meridian Bridge Strategy →

Your right under Indian law

Mera data mera hai.

Your personal data belongs to you. Under DPDP, every company must tell you what they have and delete it if you ask. One email is all it takes.

Get the template email →

Read the full investigation.

We investigated 107 Indian company websites. The public report shows what we found.

Read the report Try the experience