Methodology · version 2

How HecTec Labs rates privacy and sovereignty.

Every rating on this site rolls off a deliberate four-tier rubric and a seven-question decision rubric. No tracker pixels. No vendor money. No marketing-team review. Our ratings disagree with vendor positioning when the facts disagree. We do not rate the AI tools we use ourselves.

Last updated · 7 June 2026·v2 · 4-tier rubric

The four tiers

Each rating sits in one of these four bands. We resist the temptation to add more tiers — the discipline of a forced choice is the point.

🔵

Sovereign

Tier

Data stays local. Best class.

Runs entirely on the user's own hardware. No cloud required. User holds keys and physical custody. The privacy posture is verifiable by an end user (packet capture, open source, signed builds). Examples: GrapheneOS, Ollama, KeePassXC, YubiKey, self-hosted Nextcloud.

Use when nothing the operator does (or stops doing) can degrade privacy, because the user controls the substrate.

🟢

Clear

Tier

Cloud-hosted but privacy-by-design.

Operates from someone else's servers but with structural protections — end-to-end encryption, zero-knowledge architecture, no behavioral profiling, transparent operator. Trustworthy as long as the operator remains trustworthy. Examples: Signal, ProtonMail, DuckDuckGo, Mullvad VPN, Bitwarden.

Use when the design is sound but the user is still depending on a third party to honor their privacy commitments.

🟡

Warning

Tier

Mitigable with configuration. Default unsafe.

The default configuration leaks data, profiles users, or shares with third parties — but a knowledgeable user can manually configure the product to a safer posture. Verification by the end user is limited. Examples: ChatGPT Plus with training opt-out, macOS with iCloud, Windows 11 with telemetry disabled.

Use when the product is useful but requires deliberate, ongoing user effort to remain private.

🔴

Critical

Tier

Active surveillance. Unsafe at any setting.

The business model depends on data extraction, the platform has been subject to regulator action or documented breaches, and no user configuration can make it safe. Privacy hostility is structural. Examples: TikTok, Temu, Replika, Perplexity AI.

Use when the only safe configuration is "do not use this product."

The seven questions

For every item we rate, we answer these seven questions explicitly. The tier falls out of the answers. Disagreements between researchers are resolved by re-answering the questions, not by debating the tier.

  1. Question 1

    Who physically holds the data?

    User's own hardware (sovereign candidate) · vendor cloud, encrypted at rest (clear or warning) · third-party broker or shared analytics network (critical).

  2. Question 2

    Does the operator train, profile, or run ML on user data without explicit per-use consent?

    Yes by default (critical or warning) · No (clear or sovereign possible). "Buried in the privacy policy" counts as yes for grading purposes.

  3. Question 3

    Has a regulator (FTC, EU DPA, state AG) taken action in the past 36 months?

    A $10M+ fine or active investigation pushes to critical. A smaller fine or warning letter pushes to warning. No action permits clear or sovereign.

  4. Question 4

    Is the privacy posture independently verifiable?

    Yes, by an end user via open source and packet capture (sovereign candidate) · Yes, by a third-party auditor only (clear) · No, "trust us" (warning or critical).

  5. Question 5

    What is the business model?

    Ad sales or data brokerage (critical) · User pays for the product (clear or sovereign possible) · Open source, non-profit, or hardware sale (sovereign possible) · "Free" with hidden data extraction (critical).

  6. Question 6

    Is the default configuration safe?

    Safe out of the box (clear or sovereign) · Safe only after user configuration (warning) · Unsafe regardless of configuration (critical).

  7. Question 7

    What is the cloud dependency?

    Mandatory cloud connection to function (cannot be sovereign — maximum clear) · Optional cloud, works offline (sovereign candidate) · Fully local with no network (sovereign).

Decision logic

  • · ANY answer pushing toward critical caps the tier at warning, regardless of other answers.
  • · Cloud-dependent products cannot achieve sovereign — maximum is clear.
  • · Local-first AND verifiable AND clean business model is required for sovereign.
  • · When the answer to any question is unverifiable, the tier moves one step more conservative.
  • · Methodology v1 used only two tiers (Sovereign / Critical). Existing v1 ratings will be re-graded under v2 as a deliberate corpus update — announced openly, not silently revised.

Editorial principles

  • We do not rate tools we use ourselves. HecTec Labs research uses Claude, Gemini, ChatGPT, and Cursor. We will not rate these products because we cannot guarantee independence. This is a permanent editorial line, not a temporary one.
  • No tracker pixels, no marketing analytics. The site you are reading right now has no ad-tracking, no email pixels, no behavioral analytics. We measure outcomes (citations, customer feedback) by hand.
  • No vendor money. HecTec Labs is a 501(c)(3) research arm of HecTec.ai. We do not accept payment for ratings, do not accept "sponsored reviews," and do not offer paid removal of unfavorable ratings.
  • Primary sources required. Every rating cites at least two independent, reputable sources — regulator press releases, court filings, peer-reviewed research, vendor documentation, or established news outlets. No Wikipedia, no SEO content farms, no AI-generated text as a citation.
  • Right of reply. Vendors who believe a rating is factually incorrect may contact us with documented corrections. We update ratings when the facts change. We do not soften ratings to settle disputes.

Browse the full archive of ratings at sovereignware.org/ratings. Read recent beacon doctrine at hectec.org/doctrine. Methodology corrections may be filed via HecTec Labs ecosystem channels at hectec.org.