Each rating sits in one of these four bands. We resist the temptation to add more tiers — the discipline of a forced choice is the point.
Data stays local. Best class.
Runs entirely on the user's own hardware. No cloud required. User holds keys and physical custody. The privacy posture is verifiable by an end user (packet capture, open source, signed builds). Examples: GrapheneOS, Ollama, KeePassXC, YubiKey, self-hosted Nextcloud.
Use when nothing the operator does (or stops doing) can degrade privacy, because the user controls the substrate.
Cloud-hosted but privacy-by-design.
Operates from someone else's servers but with structural protections — end-to-end encryption, zero-knowledge architecture, no behavioral profiling, transparent operator. Trustworthy as long as the operator remains trustworthy. Examples: Signal, ProtonMail, DuckDuckGo, Mullvad VPN, Bitwarden.
Use when the design is sound but the user is still depending on a third party to honor their privacy commitments.
Mitigable with configuration. Default unsafe.
The default configuration leaks data, profiles users, or shares with third parties — but a knowledgeable user can manually configure the product to a safer posture. Verification by the end user is limited. Examples: ChatGPT Plus with training opt-out, macOS with iCloud, Windows 11 with telemetry disabled.
Use when the product is useful but requires deliberate, ongoing user effort to remain private.
Active surveillance. Unsafe at any setting.
The business model depends on data extraction, the platform has been subject to regulator action or documented breaches, and no user configuration can make it safe. Privacy hostility is structural. Examples: TikTok, Temu, Replika, Perplexity AI.
Use when the only safe configuration is "do not use this product."