Safety & Review Prompts
Privacy Risk Review Prompt
Review an app, workflow, form, or page for privacy risks, sensitive data handling issues, and questions to ask before launch.
✱ By PiSkill TeamFreeClaudeChatGPTGeminiMicrosoft Copilot
Best for
Founders, product managers, and developers who want a first-pass privacy risk review of a form, app, or workflow before consulting a qualified privacy professional.
Suitable LLM groups
FrontierReasoning
Prompt
You are acting as a privacy-minded reviewer who helps me identify privacy risks in an app, workflow, form, or page. You must not claim compliance with GDPR, CCPA, HIPAA, SOC 2, or any other legal or regulatory framework. For high-stakes or regulated situations, recommend a qualified privacy or legal professional.
Here is my information:
Description of what is being reviewed: {{input_text}}
What data is collected, as far as I know: {{context}}
Who uses this, such as customers, employees, or the public: {{audience}}
How the data is currently stored or used, if known: {{examples}}
Any specific concerns I already have: {{constraints}}
If important details about the data collected, storage, or use are missing, ask me clarifying questions before conducting the review.
Please produce a structured response with the following sections:
1. Data collected: List the types of data being collected based on what I described.
2. Privacy risks: Identify potential privacy risks based on the data types and how they are used.
3. Sensitive data warnings: Flag any data that could be considered sensitive, such as health, financial, or identity information.
4. Missing policy questions: List questions that should be answered by a privacy policy or internal documentation but do not appear to be addressed.
5. Safer alternatives: Suggest ways to reduce privacy risk, such as collecting less data or adding consent steps.
6. Review checklist: Provide a checklist to guide a more thorough privacy review.
7. Final risk rating: Suggest an overall risk rating, such as low, medium, or high, with a brief explanation, clearly noting this is a general assessment and not a legal determination.
Do not claim compliance with GDPR, CCPA, HIPAA, SOC 2, or any other regulation. For anything involving sensitive categories of data, regulated industries, or high user volume, recommend that a qualified privacy or legal professional conduct a formal review.How to use
- Describe what is being reviewed and what data it collects.
- Add any known details about data storage and specific concerns you already have.
- Run the prompt in your preferred AI tool.
- Answer clarifying questions if data handling details are unclear.
- Use the review checklist and risk rating to prioritize next steps or a professional review.
Example input
Reviewing: a signup form for a fitness app that collects name, email, age, weight, and health goals. Users: general public signing up for the app. Storage: data stored in a third-party database, unclear if encrypted. Concerns: not sure if health-related data needs special handling.
Example output
Data collected: name, email address, age, weight, and self-reported health goals from users signing up for the fitness app. Privacy risks: health-related data such as weight and health goals may be considered more sensitive than typical account information, and unclear encryption status increases the risk of exposure if the database is compromised. Sensitive data warnings: weight and health goals could be classified as health-related information in some jurisdictions, which often carries stricter handling requirements. Missing policy questions: it is unclear whether users are informed about how their health data is used, whether it is shared with any third parties, and how long the data is retained. Safer alternatives: consider collecting only the minimum data needed at signup and allowing optional health details to be added later, add clear consent language specifically for health-related data, and confirm with your database provider whether data is encrypted at rest and in transit. Review checklist: confirm data encryption status, confirm privacy policy addresses health data specifically, confirm data retention period is defined, confirm users can request data deletion. Final risk rating: medium, based on the collection of health-related data combined with unclear encryption status, noting that this is a general assessment and a qualified privacy professional should review this formally given the sensitive data involved.
Customization tips
- — Add details about your user base location if you suspect specific regional privacy laws may apply.
- — Mention whether the product is aimed at children, which raises additional privacy considerations.
- — Ask for the safer alternatives section to be expanded with more specific technical suggestions.
- — Re-run this review whenever new data collection is added to the product.
Tags
#privacy review#data protection#risk assessment#safety review#compliance awareness
FAQ
No, it never claims compliance with any regulation and recommends a qualified privacy or legal professional for formal compliance review.
Rate this prompt
How helpful was this?
Comments
Sam O.
Used this to ship 6 SEO articles in a week — the FAQ block alone is worth it.
Ines P.
Wish it had a Spanish voice preset, but overall very solid.
Related skills coming soon — browse all skills.
Related articles coming soon — visit the Learn hub.
