Project:
PolicyIQ
Brief
This project was my final "Capstone" project for the Iovine & Young Academy graduate program.
Our project aimed to make it easier for people to understand and pay attention to online terms of service and privacy policies. We created a website and web extension to warn users about any sneaky or concerning clauses in these agreements. Our main goal was to help users stay safe online by giving them the information they need to make informed choices. We wanted to raise awareness about digital risks and encourage users to be more careful about what they agree to online. Our platform was designed to make navigating online agreements simpler and help everyone feel more confident online.
The Problem:
How might we empower internet users by providing insights and warnings about predatory or concerning clauses in online Terms & Services and Privacy Agreements, fostering informed consent, and promoting a safer, more transparent digital environment?
User Research & Problem Space Exploration
PolicyIQ started off as SafeTOS, a tool to help provide users with insights and warnings about how their data may be used maliciously. In the first five weeks, we were able to pinpoint a target audience, conduct user interviews, and developed technical and product roadmaps to help guide us through the next 10 weeks.
Over the course of this project, we conducted 2 rounds of user interviews, one round of user testing, as well as general user research online. Our first round of users interviews was focused on understanding user's overall privacy concerns and their interactions with Privacy policies. From these 30 interviewees, we gleaned that online privacy concerned most of these users fairly often, and yet 85% of them rarely or never read or reviewed privacy policies or terms of service before agreeing to them. These interviews led us to reach a hypothesis, that we would subsequently test with more interviews and research.
​
Hypothesis
Internet users that do not currently pay attention to terms of service or privacy and use policies would if they had a way to understand them more easily and efficiently.
Providing insights and warnings about predatory or concerning clauses in online Terms of Service, Use and Privacy Policies will promote a safer, more transparent digital environment fostering informed consent, and will raise awareness of digital threats.
Our second round of interviews tested this hypothesis. We asked users more questions about their behavior around privacy policies and terms agreements, their overall past experiences with these agreements and any related tools they may have used, what features they would desire in a tool that would help with privacy policies and terms agreements, and what their preferred communication methods would be were they to receive more information on this topic.
​
By combining information acquired from our second round of interviews, as well as research online, we were able to pinpoint what the main areas of concern and importance are for users when it comes to privacy policies and terms agreements. Overall, our target audience cares most about opt-in & consent, third-party data sharing, and data collection.
​
Leveraging the use of artificial general intelligence (AGI) we were able to reduce our research time by using Bard, Claude, and ChatGPT to help us understand the structures of privacy policies and user data agreements across multiple industries. Using this information we began brainstorming on a rating scale that could take into consideration the lack of a unified or standard format for privacy policies.
Rating Scale & Criteria
30pts
Opt In & Consent
30 points: Clear opt-in process for data collection and sharing. Granular consent options. Easy to opt out at any time.
18 points: General opt-in policy. Can opt out but process not clearly explained.
6 points: No opt-in policy. No way to opt out of data collection.
30pts
Data Sharing With 3rd Parties
30 points: No data sharing with 3rd parties without explicit opt-in consent
18 points: Limited data sharing with vague disclosures
6 points: Extensive data sharing with no oversight or consent
20pts
Data Collection
20 points: Clear explanation of what data is collected and how it is used. Collection limited to core app functionality.
12 points: Vague description of data practices. Extraneous data may be collected.
4 points: No disclosure of data collection practices. Likely extensive collection of user data.
20pts
Other/Miscellaneous
20 points: Clear commitment to data security and breach notification. Provides transparency reports.
12 points: Vague security and breach practices. Does not provide transparency.
4 points: No information provided about security or breaches. No transparency or accountability.
Through our second round of interviews, we were also able to determine what form of communication would be most desirable to users, were they to receive this information about companies’s policies and terms. We also leveraged the aforementioned AI tools in order to help us determine this. We had a number of different strategies for conveying this information to users and making it a valuable resource to them, and needed to decide which strategy would be best. We determined that a website repository of information, connected to a web extension, would be the best possible form of communication, and would hold the most value for users.
I proceeded to develop a User Flow for our web extension, in order to conceptualize what the process would be, and clarify this prior to creating wireframes. Once I established a user flow, I created wireframes for our web extension, which doubled as our initial Minimum Viable Product (MVP). This allowed us to conduct user testing, ensuring both the functionality and user interface of the extension were intuitive.
Web Extension User Flow
Wireframes/MVP
User Testing Results
We received positive responses to our user testing with our MVP. We received little feedback, because users found the extension intuitive and user-friendly. One aspect we did learn of the need for was a “Learn More” button so that the user could be directed to the PolicyIQ website. (This was added to the User Flow retroactively.)
We also got positive responses to the different levels of scores/grades being in different colors. Users reported that this made it easy to quickly see what categories had scored well and which had not. This showed us that this was an important aspect to include in the final prototype.
Site Plan
Website Design
When designing the website, our primary focus was to convey a sense of technology and security through our design style. We chose a color palette that strikes a balance between approachability and the futuristic aura we aimed for. We also knew that we wanted to incorporate glass morphism, as it embodies modernity, futurism, and sleekness, and is a current design trend. Additionally, we intentionally selected symbols, typefaces, and graphics that evoke notions of security, technology, intelligence, and innovation. (Embedded Figma prototypes may take a minute to load.)
Home Page
Rated Policies
How It Works
Our Policy
Log In
Account Creation
Web Extension
Click through an example of how the web extension would work if you were to use it on the Bumble website.
​
