{"title":"Privacy Apps","description":"\u003cp\u003eFocused browser apps for the assessments and registers you run every week — DSARs, PIAs, transfer and interest assessments, retention, AI-vendor reviews, data mapping, and code scanning. Cloud sync built in; nothing leaves your control.\u003c\/p\u003e","products":[{"product_id":"dsar-command-center","title":"DSAR Command Center","description":"\u003cp\u003e\u003cstrong\u003e\u003ca href=\"\/pages\/demos#dsar-command-center\"\u003e▶ Try the live demo\u003c\/a\u003e\u003c\/strong\u003e — interactive, in your browser, nothing to install.\u003c\/p\u003e\u003cp\u003eMiss a DSAR deadline and it's not just embarrassing — it's reportable. DSAR Command Center tracks every data subject request from intake to closure, with deadline math built in for GDPR (one month, with lawful extensions), UK GDPR, and CCPA\/CPRA (45 days plus extension).\u003c\/p\u003e\u003cp\u003e\u003cstrong\u003eWhat you get:\u003c\/strong\u003e\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eIntake log with requester identity-verification checklist\u003c\/li\u003e\n\u003cli\u003eAutomatic due-date calculation, including extension tracking\u003c\/li\u003e\n\u003cli\u003eStatus board: received, verifying, searching, reviewing, delivered, closed\u003c\/li\u003e\n\u003cli\u003eExportable closure record for your accountability file\u003c\/li\u003e\n\u003c\/ul\u003e\u003cp\u003eRuns entirely in your browser. Request data never leaves your machine — which means using the tracker doesn't itself create a processing headache.\u003c\/p\u003e\u003cp\u003e\u003cem\u003eInstant download · Unlimited users in your organization · Free updates to your version\u003c\/em\u003e\u003c\/p\u003e","brand":"PrivOptic","offers":[{"title":"Default Title","offer_id":44188893249639,"sku":"PO-DSAR-01","price":79.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0677\/7788\/8359\/files\/privoptic-dsar_1.png?v=1783446483"},{"product_id":"pia-builder","title":"PIA Builder","description":"\u003cp\u003e\u003cstrong\u003e\u003ca href=\"\/pages\/demos#pia-builder\"\u003e▶ Try the live demo\u003c\/a\u003e\u003c\/strong\u003e — interactive, in your browser, nothing to install.\u003c\/p\u003e\u003cp\u003eThe hardest part of a privacy impact assessment isn't the analysis — it's getting a non-privacy stakeholder to give you usable answers. PIA Builder walks project owners through plain-language screening questions, flags when a full assessment is triggered, scores risk consistently, and exports a clean report your leadership will actually read.\u003c\/p\u003e\u003cp\u003e\u003cstrong\u003eWhat you get:\u003c\/strong\u003e\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eThreshold screening with jurisdiction triggers (GDPR Art. 35, US state laws, DPDP)\u003c\/li\u003e\n\u003cli\u003eStructured risk scoring with likelihood and severity scales\u003c\/li\u003e\n\u003cli\u003eRemediation tracker separating confirmed gaps from open items\u003c\/li\u003e\n\u003cli\u003eOne-click export for review and sign-off\u003c\/li\u003e\n\u003c\/ul\u003e\u003cp\u003e\u003cem\u003eInstant download · Unlimited users in your organization · Free updates to your version\u003c\/em\u003e\u003c\/p\u003e","brand":"PrivOptic","offers":[{"title":"Default Title","offer_id":44188893315175,"sku":"PO-PIA-01","price":99.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0677\/7788\/8359\/files\/privoptic-pia_1.png?v=1783446465"},{"product_id":"hipaa-compliance-suite","title":"HIPAA Compliance Suite","description":"\u003cp\u003e\u003cstrong\u003e\u003ca href=\"\/pages\/demos#hipaa-compliance-suite\"\u003e▶ Try the live demo\u003c\/a\u003e\u003c\/strong\u003e — interactive, in your browser, nothing to install.\u003c\/p\u003e\u003cp\u003eFour focused modules for covered entities and business associates, in one self-contained app. When an incident hits at 4:47 p.m. on a Friday, \"which deadlines apply\" is not a research project you have time for.\u003c\/p\u003e\u003cp\u003e\u003cstrong\u003eWhat you get:\u003c\/strong\u003e\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003e\n\u003cstrong\u003eBreach Risk Assessment\u003c\/strong\u003e — the §164.402 four-factor analysis with every notification clock generated automatically: individuals ≤60 days, HHS, media, and the under-500 annual log\u003c\/li\u003e\n\u003cli\u003e\n\u003cstrong\u003eBAA Manager\u003c\/strong\u003e — flags the gap most inventories miss: PHI that flowed before the BAA was executed\u003c\/li\u003e\n\u003cli\u003e\n\u003cstrong\u003eSecurity Rule Self-Assessment\u003c\/strong\u003e — 19 key safeguards across Administrative, Physical, and Technical, with live coverage scoring\u003c\/li\u003e\n\u003cli\u003e\n\u003cstrong\u003eRegulatory Watch\u003c\/strong\u003e — pulls HIPAA rulemaking straight from the Federal Register's public API; no vendor, no key, self-sustaining\u003c\/li\u003e\n\u003c\/ul\u003e\u003cp\u003ePlus outbound webhooks (Slack, Teams, Power Automate, Zapier), documented JSON export, and AES-256 encrypted backups. Data-minimal by design — case IDs, never patient names.\u003c\/p\u003e\u003cp\u003e\u003cem\u003eInstant download · Unlimited users in your organization · Free updates to your version\u003c\/em\u003e\u003c\/p\u003e","brand":"PrivOptic","offers":[{"title":"Default Title","offer_id":44188931063911,"sku":"PO-HIPAA-01","price":89.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0677\/7788\/8359\/files\/privoptic-hipaa_1.png?v=1783446274"},{"product_id":"ai-vendor-review-kit-ai-tool-privacy-reviews-app-github-sharepoint-aws-azure-sync","title":"AI Vendor Review Kit — AI Tool Privacy Reviews (App + GitHub \/ SharePoint \/ AWS \/ Azure Sync)","description":"\u003cp style=\"padding:12px 16px;background:#eef7fa;border-left:4px solid #1FA9C9;border-radius:6px;margin-bottom:16px\"\u003e\u003cstrong\u003e▶ Try it first:\u003c\/strong\u003e \u003ca href=\"\/pages\/aikit-demo\"\u003eOpen the free interactive demo\u003c\/a\u003e — run the AI review analyzer on a sample tool and see the obligations it triggers.\u003c\/p\u003e\u003cp\u003eEvery AI tool that touches your data, reviewed the same defensible way. A single-file app with a five-question \u003cstrong\u003eAI Review Analyzer\u003c\/strong\u003e that maps each tool to its obligations — DPIA triggers, no-training clauses, Art. 22\/ADMT exposure, agentic-access controls, transfer checks — plus an AI vendor register with 5×5 risk scoring and a contract clause library for your negotiated language.\u003c\/p\u003e\u003cp\u003e\u003cstrong\u003ePlug-and-play sync:\u003c\/strong\u003e push timestamped backups to GitHub, SharePoint (Power Automate), AWS Lambda\/S3, Azure Functions, Cloudflare Workers, or Google Apps Script — copy-paste backends for all six are included. No install, no subscription, unlimited users in your org. Built by a practitioner who reviews AI vendors for a living. Not legal advice.\u003c\/p\u003e","brand":"PrivOptic","offers":[{"title":"Default Title","offer_id":44210458329191,"sku":"PO-AIKIT-001","price":199.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0677\/7788\/8359\/files\/privoptic-aikit-product.png?v=1783631601"},{"product_id":"transfer-impact-assessment-tia-builder-edpb-six-step-tool-app-cloud-sync","title":"Transfer Impact Assessment (TIA) Builder — EDPB Six-Step Tool (App + Cloud Sync)","description":"\u003cp style=\"padding:12px 16px;background:#eef7fa;border-left:4px solid #1FA9C9;border-radius:6px;margin-bottom:16px\"\u003e\u003cstrong\u003e▶ Try it first:\u003c\/strong\u003e \u003ca href=\"\/pages\/tia-demo\"\u003eOpen the free interactive demo\u003c\/a\u003e — change the destination and safeguards and watch the transfer outcome update.\u003c\/p\u003e\u003cp\u003eThe EDPB six-step transfer impact assessment as a guided tool. Five questions per transfer — destination, Article 46 tool, destination-law analysis, data sensitivity, supplementary measures — produce your outcome and documentation obligations, including the DPF, FISA 702, China PIPL, and India analyses regulators expect to see. A transfer register with 5×5 risk scoring and re-evaluation dates keeps the whole program on file.\u003c\/p\u003e\u003cp\u003e\u003cstrong\u003ePlug-and-play sync\u003c\/strong\u003e to GitHub, SharePoint, AWS, Azure, Cloudflare, or Google Apps Script — copy-paste backends included. Single HTML file; no install, unlimited users in your org. Not legal advice.\u003c\/p\u003e","brand":"PrivOptic","offers":[{"title":"Default Title","offer_id":44210458427495,"sku":"PO-TIA-001","price":149.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0677\/7788\/8359\/files\/privoptic-tia-product.png?v=1783631571"},{"product_id":"lia-builder-legitimate-interests-assessment-tool-app-cloud-sync","title":"LIA Builder — Legitimate Interests Assessment Tool (App + Cloud Sync)","description":"\u003cp style=\"padding:12px 16px;background:#eef7fa;border-left:4px solid #1FA9C9;border-radius:6px;margin-bottom:16px\"\u003e\u003cstrong\u003e▶ Try it first:\u003c\/strong\u003e \u003ca href=\"\/pages\/lia-demo\"\u003eOpen the free interactive demo\u003c\/a\u003e — run the three-part test on a sample activity and see whether it passes.\u003c\/p\u003e\u003cp\u003eLegitimate-interests assessments with the three-part test actually applied, not asserted. Purpose → necessity → balancing, with the factors regulators check: reasonable expectations, worst realistic impact, safeguards, opt-out mechanics. Each analysis produces a documented outcome (pass \/ conditional \/ fail — alternative basis, with UK DUAA recognised-LI noted where claimed) and lands in an LIA register with review dates.\u003c\/p\u003e\u003cp\u003e\u003cstrong\u003ePlug-and-play sync\u003c\/strong\u003e to GitHub, SharePoint, AWS, Azure, Cloudflare, or Google Apps Script — copy-paste backends included. Single HTML file; unlimited users in your org. Not legal advice.\u003c\/p\u003e","brand":"PrivOptic","offers":[{"title":"Default Title","offer_id":44210458493031,"sku":"PO-LIA-001","price":129.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0677\/7788\/8359\/files\/privoptic-lia-product.png?v=1783631549"},{"product_id":"records-retention-schedule-builder-schedule-legal-holds-disposal-log-app-cloud-sync","title":"Records Retention Schedule Builder — Schedule, Legal Holds \u0026 Disposal Log (App + Cloud Sync)","description":"\u003cp style=\"padding:12px 16px;background:#eef7fa;border-left:4px solid #1FA9C9;border-radius:6px;margin-bottom:16px\"\u003e\u003cstrong\u003e▶ Try it first:\u003c\/strong\u003e \u003ca href=\"\/pages\/retention-demo\"\u003eOpen the free interactive demo\u003c\/a\u003e — browse a sample retention schedule with defensible periods and disposal methods.\u003c\/p\u003e\u003cp\u003eOne schedule, defensible periods, disposal you can evidence. A retention schedule register (record class, jurisdiction, period, trigger, legal basis, disposal method, owner) with CSV export for sign-off, a legal-holds register that suspends disposal until counsel releases in writing, and a disposal log — the half of retention audits actually test.\u003c\/p\u003e\u003cp\u003e\u003cstrong\u003ePlug-and-play sync\u003c\/strong\u003e to GitHub, SharePoint, AWS, Azure, Cloudflare, or Google Apps Script — copy-paste backends included. Single HTML file; unlimited users in your org. Not legal advice.\u003c\/p\u003e","brand":"PrivOptic","offers":[{"title":"Default Title","offer_id":44210458558567,"sku":"PO-RET-001","price":99.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0677\/7788\/8359\/files\/privoptic-retention-product.png?v=1783631492"},{"product_id":"data-inventory-mapping-builder-systems-flows-one-click-ropa-app-any-infrastructure-sync","title":"Data Inventory \u0026 Mapping Builder — Systems, Flows \u0026 One-Click RoPA (App + Any-Infrastructure Sync)","description":"\u003cp\u003e\u003cstrong\u003eYou cannot defend, disclose, or delete what you haven't mapped.\u003c\/strong\u003e Every obligation in your program — notices, DSARs, transfers, retention, breach scoping — starts with knowing what data you hold, where it lives, and where it moves. This is the tool that holds that answer, built the way lean teams actually work.\u003c\/p\u003e\n\u003cp style=\"background:#E4F5FA;border:1px solid #1FA9C9;border-radius:10px;padding:12px 16px;font-size:15px\"\u003e\u003cstrong\u003e👉 \u003ca href=\"\/pages\/data-inventory-demo\"\u003eTry the live demo\u003c\/a\u003e\u003c\/strong\u003e — build a sample inventory, watch the flow map flag a cross-border transfer in red, and generate the Article 30 RoPA. Runs in your browser; nothing to install.\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eEnterprise data-inventory outcomes, nothing to deploy.\u003c\/strong\u003e The heavyweight discovery platforms earn their keep at 50,000 employees. Below that, they're a six-month implementation for a problem a practitioner can map in an afternoon — with the right structure. This is that structure, in a single file that runs in any browser, on any infrastructure, including air-gapped.\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eWhat's inside:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cstrong\u003eSystems registry\u003c\/strong\u003e — every place personal data lives, with owner, hosting, location, data categories (special-category flagged), subjects, purpose, lawful basis, and retention. Seed dozens at once by pasting a CSV from your CMDB, SSO app list, or finance's SaaS ledger.\u003c\/li\u003e\n\u003cli\u003e\n\u003cstrong\u003eLive data flow map\u003c\/strong\u003e — systems as nodes, flows as edges, drawn automatically as you work. Flows that leave the organization render dashed; \u003cstrong\u003ecross-border flows with no transfer mechanism render red\u003c\/strong\u003e. Your posture, visible at a glance.\u003c\/li\u003e\n\u003cli\u003e\n\u003cstrong\u003eGap engine\u003c\/strong\u003e — special-category data without a lawful basis, systems without retention or an owner, transfers without safeguards: surfaced automatically, worded the way you'd write the finding yourself.\u003c\/li\u003e\n\u003cli\u003e\n\u003cstrong\u003eOne-click RoPA\u003c\/strong\u003e — the Article 30 register generates live from the inventory, so it can't drift out of date. Print to PDF or export CSV for your GRC tool. The register is a view over the map — the way it should have worked all along.\u003c\/li\u003e\n\u003cli\u003e\n\u003cstrong\u003eAny-infrastructure sync\u003c\/strong\u003e — autosaves in the browser; exports\/imports the full inventory as one JSON file; and pushes or pulls to \u003cem\u003eany\u003c\/em\u003e HTTPS endpoint you already run — GitHub, SharePoint, S3, Google Apps Script, or your own server. No connectors to buy, no PrivOptic infrastructure involved, because there is none.\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFits the rest of your program:\u003c\/strong\u003e flows flagged red hand off to the Transfer Impact Assessment Builder; retention gaps hand off to the Records Retention Schedule Builder; vendor recipients hand off to the Vendor Risk Scorecard. This is the hub the other tools spoke into.\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eYour data never touches ours:\u003c\/strong\u003e the app runs entirely client-side with no telemetry, no account, and no license server. Nothing you enter is transmitted to PrivOptic.\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eLicense:\u003c\/strong\u003e one organization, unlimited users, perpetual. Rebrand and adapt it internally — that's what it's for.\u003c\/p\u003e\n\u003cp\u003e\u003cem\u003eTooling for privacy operations — categories, bases, and mechanisms are planning defaults to verify against your facts and counsel. Not legal advice.\u003c\/em\u003e\u003c\/p\u003e","brand":"PrivOptic","offers":[{"title":"App + any-infrastructure sync","offer_id":44219269840999,"sku":null,"price":199.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0677\/7788\/8359\/files\/data-inventory-hero.svg?v=1783714724"},{"product_id":"code-privacy-scanner-pii-in-code-log-leak-detection-browser-ci-sarif-export","title":"Code Privacy Scanner — PII-in-Code \u0026 Log-Leak Detection (Browser + CI, SARIF Export)","description":"\u003cp\u003e\u003cstrong\u003eThe cheapest place to fix a privacy problem is in the pull request.\u003c\/strong\u003e By the time PII is flowing through production logs, it's an incident with a notification clock. This scanner catches it while it's still a code review comment.\u003c\/p\u003e\n\u003cp style=\"background:#E4F5FA;border:1px solid #1FA9C9;border-radius:10px;padding:12px 16px;font-size:15px\"\u003e\u003cstrong\u003e👉 \u003ca href=\"\/pages\/code-privacy-scanner-demo\"\u003eTry the live demo\u003c\/a\u003e\u003c\/strong\u003e — scan a sample file, watch PII-in-logs and log-leaks flag by severity, then flip on strict mode and see the CI merge-gate react. Runs in your browser; nothing to install.\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003ePrivacy findings, not another secrets scanner.\u003c\/strong\u003e Secrets detection is table stakes (and included) — the point is what security tools don't look for: \u003cem\u003ePII flowing into logging calls\u003c\/em\u003e, real-looking identifiers hardcoded in fixtures and seed data (with Luhn validation on card numbers), sensitive field names in schemas and models, identity data riding in URL query strings, and direct identifiers passed to analytics and telemetry calls. Every finding carries a data-category tag and a one-line remediation written the way a practitioner would write the review comment.\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eOne engine, runs anywhere your code lives:\u003c\/strong\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cstrong\u003eBrowser\u003c\/strong\u003e — open one file, drop a repo folder on it, read findings. Your code never leaves the machine: no upload, no account, no telemetry. The scan a privacy officer can run without a DevOps ticket.\u003c\/li\u003e\n\u003cli\u003e\n\u003cstrong\u003eCI, zero dependencies\u003c\/strong\u003e — a single Node script (no npm install) that runs identically in GitHub Actions, Azure Pipelines, AWS CodeBuild, GitLab CI, Jenkins, or a laptop — including air-gapped. Severity-based exit codes gate merges; copy-paste pipeline snippets for all four major platforms are included.\u003c\/li\u003e\n\u003cli\u003e\n\u003cstrong\u003eSARIF export\u003c\/strong\u003e — findings appear natively in GitHub's code-scanning tab and Azure DevOps with no integration work. JSON and CSV too.\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003e\u003cstrong\u003eTuned for adoption, switchable for audits.\u003c\/strong\u003e Precise mode (default) keeps CI gates quiet: placeholder emails and non-Luhn digit runs are suppressed, and findings in test\/fixture paths downgrade one severity notch — reported, annotated, not blocking. Strict mode reports everything and adds phone and IP rules. A documented JSON rulepack ships alongside.\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eFeeds your inventory:\u003c\/strong\u003e data-category tags on findings are discovery input for the Data Inventory \u0026amp; Mapping Builder — if the code logs it, a system processes it, and it belongs on your map.\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eHonesty clause:\u003c\/strong\u003e this is heuristic static analysis. It will flag a fixture that's fine and miss a leak routed through three helper functions. It finds the cheap 80% so your judgment goes where it's needed — it complements security tooling, and it is not a compliance guarantee.\u003c\/p\u003e\n\u003cp\u003e\u003cstrong\u003eLicense:\u003c\/strong\u003e one organization, unlimited users, perpetual. Internal customization permitted — the engine is plain, readable JavaScript.\u003c\/p\u003e\n\u003cp\u003e\u003cem\u003eTooling for privacy operations, not legal advice.\u003c\/em\u003e\u003c\/p\u003e","brand":"PrivOptic","offers":[{"title":"Browser + CI bundle","offer_id":44219276722279,"sku":null,"price":199.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0677\/7788\/8359\/files\/code-privacy-scanner-hero.png?v=1783714758"}],"url":"https:\/\/privoptic.com\/collections\/privacy-apps.oembed","provider":"PrivOptic","version":"1.0","type":"link"}