1. What user data is absolutely necessary for our service to be fully functional?
2. Which data do we consider as mandatory for our business?
3. Can we group user data according to low/medium/high priority?
4. When are the right time and place in the UI to get high priority permissions?
5. Can we gradually request more user permissions when we need them?
6. Can we never prompt native permission requests automatically (often dismissed)?
7. Are all permission requests prompted manually by the user ('Turn on location,' etc.)?
8. Do we ask for permissions only if we are likely to get them?
9. Do we show install app prompts only when we are likely to get a yes?
10. For every permission request, do we explain why we need it and what value it provides?
11. What third parties do we use, and what data do they collect?
12. How can we influence, restrict, and track the data they collect?
13. Do we ask for only what we absolutely need to know (by default)?
14. Do we collect optional data only if we have a permission for it?
15. Can we set up a centralized privacy hub with an overview of all a user's data?
16. Is it easy to adjust privacy settings (revoke consent, modify permissions)?
17. Can customers extract and delete their personal data?
18. Can customers be irrevocably forgotten (third-parties, backups)?
19. Do we provide a friendly TL;DR version/summary of our privacy policy?
20. Do we have a solution for cookies/privacy policy in place?
21. Do we have a clear picture of our obligation regarding data protection legislation?
22. What impact does an install app prompt have on the conversion in the funnel?
23. What impact does a newsletter box pop-up have on the conversion in the funnel?
24. What impact does a chat window pop-up have on the conversion in the funnel?
25. Did we measure the impact of 'gray' patterns on costs in marketing/support?
26. Can we measure conversion without pop-ups/app prompts on a slow weekend?
27. Do we also measure time-to-repeat-purchase, time-to-share, lifetime value?
28. How many popular, representative user stories do we have in our app?
29. What are the customer's main success moments in our app?
30. How do we drive customers towards these success moments?
31. How many taps/clicks are required to accomplish the first success moment?
32. Does our UI pass the 'banana test' (replace all words with 'banana')?
33. Can we avoid first-look tours, wizards, and slideshows?
34. Can we make use of empty states and just-in-time hints instead?
35. Have we defined any useful templates (example content) for users to get started with?
36. Can customers customize a template to fit their needs best?
36. When asking for title, do we provide a way out ('Human!')?
37. Does the site/app work properly with popular ad/tracking blockers?
37. When asking for gender, do we provide a way out ('I'd rather not say')?
38. Do we group cookies and explain how each group helps us?
38. When asking for age, do we provide a way out ('Forever young!')?
39. Do we allow customers to reject entire groups and also individual services?
39. When asking for a phone number, do we provide a way out ('Optional')?
40. Can we avoid blocking out the entire page with a cookie consent?
40. Do we really need birth date, or do we need age confirmation or day of birth?
41. Can we avoid setting any non-functional cookies on critical landing pages?
41. Should we allow customers to choose the frequency of notifications?
42. Do we know the impact of enabling users to reject all cookies quickly?
42. If we anticipate a high volume of notifications, can users snooze/pause them (24h)?
43. Do we give customers good reasons to submit valid data (phone number, email)?
43. What's the key data we need to initiate a sign-up/free trial? (email/phone/zip code)
44. Do we provide info-tooltips for every piece of data we are collecting?
44. Did we consider the offboarding experience (what happens to user data)?