Start with safe defaults
Privacy decisions should not depend on perfect user behavior. Most people will keep default settings, so defaults need to be protective from day one.
What I look at first
- Data collection scope: only what is necessary
- Retention windows: short, explicit, and documented
- Sharing boundaries: opt-in by default
- Logging discipline: remove identifiers whenever possible
Shipping with confidence
A private-by-default system is not just policy text. It needs clear UI language, stable backend behavior, and a review process that catches regressions before release.