the problem
Every app you've ever signed up for has a Terms & Conditions and a Privacy Policy. Nobody reads them. Not because people are lazy — because they're forty pages of legal prose written by lawyers to protect corporations, not to inform users. The average T&C is longer than The Great Gatsby.
But those documents matter. They're where you find out the app sells your data to third parties, that you've agreed to binding arbitration, that they can delete your account without notice. The information is there. It's just buried.
I wanted to fix that.
what it does
FinePrint is a Chrome extension that sits quietly in your browser. When you land on a page with Terms & Conditions or a Privacy Policy, it detects it automatically — no button pressing, no copy-pasting. You click the extension, and you get a plain-English summary and a security score.
Green means broadly standard. Red means you should probably read this one.
The whole thing runs in a few seconds.
building it
The core is simple: detect the policy text, send it to an LLM, get a structured summary back. But simple cores tend to have complicated edges.
The first hard part was detection. T&C pages don't follow a standard format. Some are long scrolling pages, some are hidden in iframes, some load dynamically via JavaScript. I ended up using a combination of URL pattern matching and DOM heuristics — if the page title contains "terms" or "privacy" and the body has enough dense legal-looking text, it's probably a policy.
The second hard part was the prompt. Getting an LLM to produce a consistently structured summary — not a blob of text, but something with clear sections, a score, and specific red flags — required more iteration than I expected. The model is capable, but it needs to know exactly what you want, in what format, with examples.
design decisions
I wanted FinePrint to feel like a tool that respects you. Most browser extensions are visually chaotic — too many options, too much chrome, constantly trying to justify their own existence. FinePrint does one thing. The UI reflects that.
The security score is colour-coded but not dramatic. I didn't want it to feel like a threat-detection dashboard. The goal was information, not anxiety. You should come away knowing something, not feeling something.
what i'd do differently
I'd nail the scoring rubric earlier. What makes a policy "risky" evolved a lot during development, and some of that instability leaked into early versions of the score. The criteria should be locked before you build the UI around them.
I'd also add a backend sooner. Right now the API key lives in the extension, which isn't ideal for distribution. A proper backend with rate limiting and caching would make it more robust — and cheaper.
what it taught me
The biggest thing I took away from FinePrint is how much the framing of information matters. The same privacy policy, summarised poorly, reads as a wall of disclaimers. Summarised well, it reads as a clear picture of a relationship between you and a company.
People don't want raw information. They want clarity. That's the real design problem — not the interface, not the model, but the question of what shape the truth needs to take to be actually useful.