March 12, 2014

Lookout Open Sourced Its “Private Parts,” You Should, Too

Goodbye, terrible, jargon-filled, tiny-font legalese we like to call a privacy policy. Today, we’re launching Private Parts, an open-sourced, customizable toolkit to help developers implement visual, user-friendly privacy policies. And yes, you can use it today.

Instead of a mystifying wall of text, we wanted to create broad industry change and transform privacy policies into a clear, simple design that uses visual cues to allow users to understand how an app collects and shares their data.

To make it as easy as possible for developers around the world, we open sourced the code, which can be easily accessed on Github. In order to create a visual privacy policy with our code, it only requires five simple steps and in less than an hour, developers can have a customized visual privacy policy format installed and running on any of their apps. Any developer can customize the content, look and feel of their own privacy policy from a single JSON file using our toolkit.

privateparts_branded

Our Private Parts toolkit (and your Private Parts if you implement our code) allows developers to create a visual and easy to scroll through privacy policy. The policy includes an icon for each category of information that is collected, the reason for their collection, the entities with whom such information may be shared and the reason for sharing. To date, Lookout has several app developers testing out the toolkit, including money management app Level. “Design can bring clarity and transparency to privacy policies — all for the benefit of the user,” said Robert Suarez, the VP of Design at Level. “Lookout’s short-form privacy policy fits with Level’s own design principles and we look forward to integrating it into our service.”

The idea for our visual privacy policy came out of a collaboration with the National Telecommunications & Information Agency (NTIA), which wrote a code of conduct on mobile application transparency. In July, we adopted the code of conduct and updated our own privacy policy. We continually iterated to transform it into a beautifully designed product. The response from users was overwhelmingly positive, sparking the question: what if we shared this new visual privacy policy format so that other companies could transform their privacy policies too?

It’s clear privacy policies, as we know them, were written for lawyers (like me), not real people.

We want to change the way developers design privacy policies and the way consumers digest them. As a security company dedicated to helping users feel safe on mobile, we believe that you shouldn’t have to trade your privacy for convenience. Everyone with a smartphone has the right to know exactly what kind of information an app has access to and with whom it is shared.

We hope developers everywhere will leverage our Private Parts toolkit so we can transform privacy policies and empower our end users together as an industry.

*Thanks to those who contributed to this project. A big shoutout to our cross-functional team who made this project a success: Valerie Chao, Jesse Gortarez, Bruno Bergher, Morgan Eisler, Dana Palmie, Alicia DiVittorio, Derek Halliday, Steve Regester, Deepti Rohatgi, Irene Liu, Neta Hamou, and Ric Velez

Our privacy policy wasn’t made overnight. Learn how we researched, iterated and finally open sourced our privacy policy to developers everywhere:



4 comments
  1. Swapnil says:

    I am curious to know if the permission interface can have the ability to disable a particular permission that is not desired by the user, using Privacy Parts.

  2. Has anyone considered extending this to cover websites as well as apps – may need different language around allowing third parties to collect data via the site – and responsibility for that.

  3. Meghan Kelly says:

    This privacy policy can actually work on any device, web or app! It’s also customizable so you can add your own language around your own policies.

  4. Meghan Kelly says:

    Unfortunately, you can’t disable elements within the privacy policy. It acts more as a way for companies to communicate to its users and customers what it does with your data.

Leave a comment