PrivacySentinel

Find risky data-collection patterns before store review, publisher review, legal review, or launch.

PrivacySentinel is a Unity Editor tool for teams that need a fast, practical first-pass privacy audit inside the Unity workflow they already use. It scans C# source files under Assets and can optionally include Packages, flags privacy-sensitive APIs and data-handling patterns, assigns severity levels, and gives you a review-ready findings list in one place.

For many Unity teams, privacy work starts too late — after an App Store question, a publisher checklist, a legal escalation, or a release blocker. PrivacySentinel helps you catch likely review points earlier, when the fixes are still cheap.

WHAT IT DOES

PrivacySentinel scans your Unity C# codebase for patterns commonly associated with privacy and disclosure review, including device identifiers, location, microphone, camera access, outbound requests, analytics references, ad-tech references, PlayerPrefs usage, permission requests, and general device metadata access. Teams can audit the main project code under Assets or expand the scan to include Packages when third-party SDK coverage matters.

Each finding is tagged with a severity level (Low, Medium, or High), a category, file path, line number, matched pattern, explanation, and code preview. Grouped summaries by severity and category make it easy to triage the most important issues first instead of searching blindly across a large project.

The tool runs directly in the Unity Editor and keeps the workflow simple: run a scan, review findings, suppress reviewed items, and export the audit as JSON, CSV, or Markdown for release checklists, compliance follow-up, publisher submission, or internal review.

CUSTOM RULES AND REVIEW WORKFLOW

PrivacySentinel is not limited to built-in patterns. You can define custom rules for your own SDK wrappers, analytics helpers, attribution providers, remote-config bridges, or internal data pipelines. Custom rules are stored in JSON and loaded automatically on future scans.

Reviewed findings can be suppressed instead of ignored. Suppressions are persisted with timestamped audit-trail data, reason text, and reviewer identity so teams can distinguish between new findings and previously reviewed ones. This keeps repeat audits usable as the project evolves.

WHY IT STANDS OUT

PrivacySentinel is designed specifically for Unity teams. It focuses on the APIs and workflows that matter during game submission and release preparation, rather than trying to be a generic enterprise compliance platform. It is local, fast, review-friendly, and easy to add to existing engineering and production checklists.

KEY FEATURES

- Unity-native privacy source audit for C# code under Assets
- Optional Packages scanning for broader SDK review coverage
- Severity-based findings with category, file path, line number, pattern, message, and code preview
- Grouped summaries by severity and category for fast triage
- Built-in detection for common privacy-sensitive APIs and patterns
- Custom rule system for project-specific SDKs and wrappers
- Custom rule enable/disable workflow without deleting rules
- Suppression workflow for reviewed findings
- Timestamped suppression audit trail with reason and reviewer tracking
- Findings tab, Custom Rules tab, and Suppressions tab in one Editor window
- JSON, CSV, and Markdown export for compliance review, release checklists, and publisher handoff
- No external services, accounts, or setup required

WHO IT IS FOR

Mobile developers preparing for App Store or Play Store submission. Free-to-play teams integrating ads, analytics, attribution, or remote config. Studios working with publishers that require pre-submission privacy review. Technical leads who want a practical compliance pass before code freeze.

WHAT IT DOES NOT DO

PrivacySentinel is not legal advice and is not a replacement for a privacy policy review, DPA review, or jurisdiction-specific legal analysis. It is an engineering audit tool that helps surface likely review points early.

COMPATIBILITY

Requires Unity 2021 LTS or later. Editor-only tool. No runtime dependencies and no external services required.

The current version scans `.cs` files under `Assets/` and can optionally include `Packages/`. It exports reports to `Assets/PrivacyAuditData/` in JSON, CSV, or Markdown format. It does not create prefabs, ScriptableObjects, scenes, or runtime objects.