I spent the last few months building TrustScan - a free privacy and security toolkit with 5 tools. No accounts, no tracking, no data stored. Here's what I built, the tech decisions I made, and what I learned.
What It Does
TrustScan has 5 free tools:
- Privacy Policy Simplifier - paste any privacy policy URL, get an AI-powered risk report with red flags, data collection breakdown, and a downloadable PDF
- Website Privacy Audit - scan any URL for HTTPS, security headers, trackers, cookie consent, and privacy policy presence
- Privacy Law Checker - answer 7 questions, find out which of 30+ privacy laws apply to your business
- PDF Metadata Stripper - deep scan and strip hidden metadata from PDFs, 100% client-side
- AI Training Opt-Out Hub - opt-out links for 30+ AI platforms in one place
Tech Stack
- Next.js 14 with App Router and TypeScript
- Tailwind CSS for styling with a custom dark/light theme system
- Groq API (free tier) for the Privacy Policy Simplifier AI analysis
- pdf-lib for client-side PDF metadata stripping
- jsPDF for generating branded PDF reports
- Netlify for deployment
- JSON-LD structured data on every page for SEO
Key Architecture Decision: Client-Side First
The biggest design decision was making the PDF Metadata Stripper run entirely in the browser. Most "free" PDF tools upload your file to a server, process it, and send it back. That's a privacy risk - you're trusting a random server with your sensitive documents.
With pdf-lib, the entire stripping process happens in your browser tab. Zero network requests. You can verify this yourself by opening DevTools while using the tool.
This became a genuine differentiator. Users in the privacy community immediately noticed and appreciated it.
AI Without Breaking the Bank
The Privacy Policy Simplifier needed an LLM to analyze policies. I started with Anthropic's API, then tried Google's Gemini free tier. Problem: Gemini's free tier is blocked in the EU, and I'm based in Finland.
Switched to Groq (free tier, uses Llama models). It's fast, works globally, and the free tier is generous enough for a tool like this. The prompt engineering was the real challenge - getting consistent structured JSON output (company name, risk level, data collected, third parties, etc.) took many iterations.
SEO Strategy That's Starting to Work
Every tool page has:
- 10-15 targeted keywords in metadata
- JSON-LD structured data (WebApplication + FAQPage + BreadcrumbList)
- 6 FAQ items with schema markup
- Open Graph and Twitter card meta tags
- Canonical URLs
I also wrote 12 blog posts targeting specific keywords like "how to remove metadata from PDF," "GDPR vs CCPA," and "best privacy policy summarizers." Each post links to a relevant tool, creating internal link loops.
The comparison posts ("Best Free PDF Metadata Removers" and "Best Free Privacy Policy Summarizers") are designed to capture "best X" searches where buying intent is high.
PDF Report Generation with jsPDF
The Privacy Policy Simplifier generates downloadable branded PDF reports. Built with jsPDF:
- Risk-colored header banner (green/amber/red based on score)
- Structured sections for data collected, third parties, rights, red flags
- Footer on every page with date, disclaimer, and branding
- Auto page breaks with footer preservation
One gotcha: splitTextToSize() calculates line wraps based on the current font size. If you set the font size after calling it, your text wrapping will be wrong. Set the font before measuring.
What I'd Do Differently
Start with SEO keyword research before naming tools. I called it "Privacy Policy Simplifier" but people search for "privacy policy summarizer." Same tool, wrong keyword. Had to fix this retroactively.
Build backlinks from day one. Great content with zero domain authority means Google won't rank you. I should have started directory submissions and community engagement alongside development, not after.
Ship fewer tools, promote more. 5 tools is a lot to maintain. I could have shipped 2-3 and spent the extra time on distribution.
What's Next
- Browser Extension Security Auditor (analyze extension permissions and risks)
- More comparison blog posts for SEO
- Backlink building through directories, Quora, and community engagement
If you work with privacy policies, PDFs, or compliance, give it a try at trustscan.dev. Everything is free. I'd love feedback from the dev community on the tools or the tech stack.
I'm a Wazuh Cybersecurity Ambassador and experienced Full Stack developer. TrustScan is my indie project built at the intersection of web development, AI, and privacy.
Top comments (0)