<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Disha Maurya</title>
    <description>The latest articles on DEV Community by Disha Maurya (@disha_maurya_a56ca064b9ae).</description>
    <link>https://dev.to/disha_maurya_a56ca064b9ae</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4018780%2F71092a9f-ff41-4d43-ad59-b198ed44a22c.jpg</url>
      <title>DEV Community: Disha Maurya</title>
      <link>https://dev.to/disha_maurya_a56ca064b9ae</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/disha_maurya_a56ca064b9ae"/>
    <language>en</language>
    <item>
      <title>I Built an AI That Reads Terms of Service So You Don't Have To Building PrivacyGuardian AI for HACKHAZARDS '26</title>
      <dc:creator>Disha Maurya</dc:creator>
      <pubDate>Tue, 07 Jul 2026 05:37:28 +0000</pubDate>
      <link>https://dev.to/disha_maurya_a56ca064b9ae/i-built-an-ai-that-reads-terms-of-service-so-you-dont-have-to-building-privacyguardian-ai-for-1f5k</link>
      <guid>https://dev.to/disha_maurya_a56ca064b9ae/i-built-an-ai-that-reads-terms-of-service-so-you-dont-have-to-building-privacyguardian-ai-for-1f5k</guid>
      <description>&lt;p&gt;The problem&lt;/p&gt;

&lt;p&gt;Nobody reads Terms of Service or Privacy Policies. Not because we don't care about our data — because they're deliberately long, dense, and written in legal language designed to discourage exactly the kind of scrutiny that would make us think twice before clicking "I agree."&lt;/p&gt;

&lt;p&gt;Existing tools that try to solve this, like ToS;DR, rely on human volunteers manually reviewing documents. That means they only cover a small number of major companies, and reviews take weeks. Everything else — the smaller apps, the niche services, the new startup you just signed up for — goes completely unreviewed.&lt;/p&gt;

&lt;p&gt;I wanted to build something that could do this instantly, for any document, not just the top 50 companies.&lt;/p&gt;

&lt;p&gt;What I built&lt;/p&gt;

&lt;p&gt;PrivacyGuardian AI takes any Terms of Service, Privacy Policy, or EULA — pasted in or uploaded — and returns:&lt;/p&gt;

&lt;p&gt;A Privacy Health Score (0-100) based on a documented, consistent scoring rubric&lt;br&gt;
A plain-English breakdown of what data is collected and why&lt;br&gt;
Flagged risky clauses (forced arbitration, perpetual content licenses, mandatory AI training, liability waivers) with a real-world explanation of what each one actually means for the user&lt;br&gt;
A Compare Two Policies mode that puts two competing services side by side and tells you which one is actually more privacy-respecting&lt;br&gt;
A grounded chat assistant so you can ask follow-up questions about the specific document you just analyzed&lt;br&gt;
A downloadable PDF report&lt;/p&gt;

&lt;p&gt;Tech stack&lt;/p&gt;

&lt;p&gt;Google AI Studio + Gemini for the core analysis engine, using structured JSON output (via responseSchema) so results render reliably as UI components instead of unpredictable free text&lt;br&gt;
React for the frontend, built and iterated inside AI Studio's Build feature&lt;br&gt;
jsPDF for client-side PDF generation, so reports can be exported and shared without needing a backend document service&lt;/p&gt;

&lt;p&gt;The part that actually mattered: the scoring rubric&lt;/p&gt;

&lt;p&gt;Early versions of this project had a subtle but serious problem: the privacy score, the risk level badge, and the final recommendation were all being generated somewhat independently by the model. That meant I'd occasionally get a report where the score said "65" but the recommendation said "Not Recommended" — internally contradictory, and exactly the kind of inconsistency that destroys trust in a tool whose entire value proposition is trust.&lt;/p&gt;

&lt;p&gt;The fix was to stop letting the model freely decide all three values separately. Instead, I defined an explicit five-tier rubric:&lt;/p&gt;

&lt;p&gt;ScoreRisk LevelRecommendation85-100SafeSafe to Accept65-84LowSafe to Accept45-64MediumProceed with Caution25-44HighNot Recommended0-24CriticalNot Recommended&lt;/p&gt;

&lt;p&gt;Then I built a single shared function that every part of the app — the score gauge, the badges, the exported PDF, the preset demo cards — pulls from. One source of truth, everywhere. The model only decides the score; everything else is derived deterministically. That one change eliminated an entire category of bugs at once.&lt;/p&gt;

&lt;p&gt;Other real bugs I hit (and what they taught me)&lt;/p&gt;

&lt;p&gt;Preset labels lying about real output. I had demo documents pre-labeled "Moderate Risk" that, when actually analyzed, returned Critical-level results. The label and the substance had drifted apart because I'd changed the badge text without re-verifying the actual document content still matched. Lesson: never trust a label — always re-run the real analysis after any change.&lt;/p&gt;

&lt;p&gt;Silent JSON parsing failures. When I moved to lazy-loading detailed sections (to speed up Compare mode), two specific sections started throwing Unexpected token '&amp;lt;'... is not valid JSON — meaning the frontend was receiving an HTML error page instead of JSON from a broken endpoint. It's a good reminder that "the build succeeded" and "the feature actually works when clicked" are two very different claims, and only manual testing catches the gap.&lt;/p&gt;

&lt;p&gt;Compare mode was too slow. Running two full document analyses sequentially, then a third synthesis call, added up fast. Switching to Promise.all so both documents analyze in parallel, plus trimming the initial payload to only what's needed for the comparison view, cut the wait meaningfully.&lt;/p&gt;

&lt;p&gt;No real document should score a perfect 100. Even the best privacy policy has some standard legal boilerplate. Capping the maximum score at 98 was a small change, but it made the tool feel more honestly calibrated rather than defaulting to an unrealistic "perfect" score.&lt;/p&gt;

&lt;p&gt;What I'd build next&lt;/p&gt;

&lt;p&gt;A browser extension that offers to analyze whatever site's ToS you're currently on, rather than requiring you to remember to open the app&lt;br&gt;
RAG-based retrieval over long documents instead of prompt-stuffing the whole text, for better accuracy on very long policies&lt;br&gt;
A "what changed" diff feature — re-analyzing a policy you've seen before and highlighting what's new&lt;/p&gt;

&lt;p&gt;Closing thought&lt;/p&gt;

&lt;p&gt;The most useful part of this build wasn't the initial prompt-to-app generation — it was the second half: catching the places where the AI's own summary of "I fixed it" didn't match what actually rendered on screen. Building with AI tools moves fast, but verifying what they build is still very much a human job.&lt;/p&gt;

&lt;p&gt;Built solo for HACKHAZARDS '26, organized by NAMESPACE. Track: Trust, Identity &amp;amp; Security.&lt;strong&gt;__&lt;/strong&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>nlp</category>
      <category>privacy</category>
      <category>showdev</category>
    </item>
  </channel>
</rss>
