To run this task you must have the following required information:

> Privacy policy text or URL

If you don't have all of this information, exit here and respond asking for any extra information you require, and instructions to run this task again with ALL required information.

---

You MUST use a todo list to complete these steps in order. Never move on to one step if you haven't completed the previous step. If you have multiple CONSECUTIVE read steps in a row, read them all at once (in parallel). Otherwise, do not read a file until you reach that step.

Add all steps to your todo list now and begin executing.

## Steps

1. [Read Legal Document Review Guide]: Read the documentation in: `skills/sauna/[skill_id]/references/legal.review.guide.md` (General methodology for checklist-based document analysis)

2. [Read Privacy Policy Checklist]: Read the documentation in: `skills/sauna/[skill_id]/references/legal.privacy.checklist.md` (Privacy-specific data practices criteria)

3. Analyze the privacy policy using the data lifecycle structure:

1. DATA COLLECTION - What personal/device data is collected? Excessive?
2. DATA USE - Primary vs secondary uses (marketing, AI training)?
3. DATA SHARING - Who gets data? Sold to third parties?
4. DATA RETENTION - How long kept? Deletion policy?
5. USER RIGHTS - Access, deletion, portability, opt-out?

Flag: 🔴 Selling data, AI training without consent, excessive collection
Flag: 🟡 Vague retention, broad secondary uses
Flag: 🟢 Strong user control, clear deletion process


4. Rate overall assessment:
- ✅ Privacy-friendly: Strong user rights, minimal collection, clear practices
- ⚠️ Typical: Standard practices, some areas to watch
- 🚨 Concerning: Broad collection/sharing, limited rights, unclear language

Provide key takeaways and recommendations.


5. Save structured analysis to `session/privacy-analysis.json`.
Present summary to user with overall assessment and top concerns.