DEV Community

No one reads privacy policies. So I built 6 AI Agents to do it for me.

We all know the drill: you sign up for a new service, a massive wall of legal text pops up, and you instantly scroll to the bottom and click "I Accept." As developers, we know exactly how much data is being harvested, yet we still don't have the time to read through 40 pages of legal jargon.

For the Microsoft Agents League Hackathon (Reasoning Agents Track) in collaboration with Microsoft Foundry, I decided to build a solution. Meet TrustGuard AI - a multi-agent system that doesn't just summarize privacy policies, but uses sequential reasoning to decode real-world risks, hunt down dark patterns, and benchmark sites against tech giants. Here is a breakdown of how I built it and the architecture behind the agents. πŸš€

Summarization vs. Reasoning

The problem with most LLM-based legal tools is that they just summarize. But summarizing a terrible privacy clause just gives you a shorter terrible privacy clause. I wanted the AI to reason.

Using Azure AI Foundry (GPT-5.4), TrustGuard AI runs a sequential pipeline where each agent has a specific job, passing context to the next to build a comprehensive risk profile.

The 6-Agent Pipeline

The core of TrustGuard is an orchestration of 6 specialized agents:

  • πŸ” Extractor: Scrapes and parses every clause (data collection, sharing, retention, user rights).
  • βš–οΈ Legal Reasoner: Takes the extracted text and infers real-world implications. What happens to the user if this company gets breached?
  • πŸ•΅οΈ Dark Patterns Detector: Looks for manipulative UX/legal tactics-forced consent, vague language, and obstruction.
  • πŸ“– Readability Analyzer: Combines traditional algorithms (Flesch-Kincaid) with AI grading to score how intentionally convoluted the policy is.
  • 🧾 Rights Auditor: Audits compliance across 7 fundamental user rights (access, deletion, etc.) and evaluates the friction involved in exercising them.
  • πŸ“Š Comparator (Policy DNAβ„’): Benchmarks the analyzed policy against 8 major platforms.

The Coolest Tech Features

Policy DNAβ„’ Benchmark: Instead of an arbitrary score, the Comparator agent gives relative metrics (e.g., "This site is 23% riskier than TikTok").

Silent Update Detection: Companies change policies quietly. I implemented a Change Tracker that uses SHA-256 diffing between visits to flag silent updates.

Global Compliance: Simultaneously checks the text against 6 major legal frameworks (GDPR, CCPA, PDPA, PIPEDA, LGPD, DPDPA).

The Tech Stack

  • AI & LLM: Azure AI Foundry Β· GPT-5.4
  • Backend: Python Β· Flask Β· fpdf2 (for generating reports)
  • Frontend: Vanilla JS Β· HTML/CSS
  • Scraping & NLP: BeautifulSoup4 Β· requests Β· Local Flesch-Kincaid logic

Run it locally

I've open-sourced the project under the PolyForm Noncommercial License for the community to study, modify, and play around with. You can get it running in a couple of minutes:

# 1. Clone the repo
git clone https://github.com/YOUR_USERNAME/trustguard-ai.git
cd trustguard-ai

# 2. Setup virtual environment
python -m venv venv && source venv/bin/activate
# Windows: venv\Scripts\activate
pip install -r requirements.txt

# 3. Configure environment variables
cp .env.example .env
# Open .env and add your Azure Foundry credentials (AZURE_ENDPOINT, AZURE_API_KEY, DEPLOYMENT_NAME)

# 4. Run the Flask app
python app.py

Open http://localhost:5000 and throw your favorite (or least favorite) website's privacy policy at it!

Let's Discuss!

Building multi-agent pipelines requires a lot of tweaking when it comes to context window management and prompt hand-offs between agents. If you've built similar sequential pipelines, I'd love to hear how you handle agent-to-agent communication!

πŸ“Ί Demo Video: Check it in the repo

πŸ’» GitHub Repo: https://github.com/AbdaullahAG/Trustguard_AI

Would love to hear your technical feedback in the comments! πŸ‘‡

Comments

No comments yet. Start the discussion.