Privacy settings

Problem Context

• Users may be controlling saved activity, search history, browsing history, location history, voice recordings, app and service activity, ad personalization, profile visibility, people and sharing, connected apps, device data permissions, diagnostic data, and data dashboard visibility.
• Privacy controls may live at account, device, app, browser, workspace, child account, product, region, or organization-policy scope.
• Some privacy data may be unavailable because the user is signed out, recently cleared data, turned off collection, is too young, is in an unsupported region, uses a managed account, or the product is legally restricted from displaying it.
• Privacy settings may need to hand off to consent prompts, cookie preferences, permission requests, data export, delete account, or privacy request workflows without pretending those are ordinary toggles.

Selection Rules

• Choose privacy settings when the user needs durable controls over ongoing data collection, saved activity, profile visibility, data sharing, personalization, app access, or device privacy permissions.
• Use settings management when privacy is one part of a broader configuration center and the main pattern is general persistent settings organization.
• Use preference center when the work is mainly communication, topics, language, marketing, consent purposes, or required messages across systems.
• Use consent prompt when a specific optional data use needs an affirmative opt-in moment before processing begins.
• Use permission request when an app asks for one runtime or platform capability in context.
• Use data export when the user is downloading or transferring a copy of data rather than changing future collection or exposure.
• Use delete account for account closure and associated data deletion requests, not ordinary privacy setting changes.
• Show account, device, app, product, workspace, region, and managed-organization scope before users change a privacy value.
• Show data categories, current effective value, last saved or synced time, source system, unavailable reason, and consequence of changing the setting.
• Provide high-privacy defaults and age-appropriate explanations for child or sensitive-data contexts where policy requires extra protection.

Required States

• Privacy settings overview with categories and current effective values.
• Saved activity, search history, browsing history, voice, media, or app/service activity controls state.
• Profile visibility and people-sharing state.
• Ad personalization, recommendations, diagnostics, or product improvement data-use state.
• Location, camera, microphone, contacts, photos, Bluetooth, local network, and device permission state.
• Connected app, third-party access, data sharing, or partner access state.
• Consent, cookie, notification, data export, and delete account handoff state with clear boundaries.
• Immediate apply, staged save, pending sync, saved, failed, reset, and restore previous state.
• Unavailable data, recently cleared, collection off, unsupported product, signed-out, region-restricted, too-young, or managed-policy state.
• Child account, high-privacy default, guardian-managed, enterprise-managed, and mobile compact states.

Interaction Contract

• Opening privacy settings shows authoritative current values, not blank defaults, marketing copy, or a privacy-policy-only page.
• Every control states what data, visibility, app access, product, device, or account scope it affects before activation.
• Immediate controls show applied, failed, pending sync, unavailable, and reverted states near the changed row.
• Controls owned by consent, cookies, platform permission, organization policy, child guardian, export, or delete workflows link to the owning flow and do not show false local success.
• Clearing or pausing data explains whether existing data is deleted, future collection stops, dashboard display changes, or only personalization use changes.
• Managed, unavailable, too-young, legal, region, or unsupported states explain why the user cannot see or change a value and what route remains.
• Reset or restore affects only the named privacy group and lists the controls that will change before confirmation.
• The page records successful privacy changes with category, scope, source, timestamp, and effective state where compliance or user trust requires it.

Implementation Checklist

• Inventory privacy controls by data category, source system, account/device/product scope, default value, legal basis, age policy, and owner.
• Map overlaps between privacy settings, consent records, cookie controls, platform permissions, notification preferences, data export, delete account, and privacy request workflows.
• Model current value, effective value, source of truth, last saved time, last synced time, unavailable reason, managed policy, and pending status for each row.
• Separate immediate apply controls from controls that require Save, reauthentication, guardian approval, device settings, or external sync.
• Show clear consequences for pause, clear, hide, share, revoke, reset, and personalization changes.
• Test signed out, multiple accounts, child account, managed account, region restriction, recent deletion, collection off, unavailable dashboard data, device permission mismatch, and mobile layout.
• Avoid collecting privacy-setting changes through analytics or session replay in a way that exposes sensitive choices.

Common Generated-UI Mistakes

• Replacing privacy settings with a privacy policy link or legal notice.
• Using one master privacy switch for unrelated collection, sharing, visibility, permissions, personalization, and retention controls.
• Showing a setting as enabled while the platform permission, organization policy, or source-of-truth system disagrees.
• Failing to explain why data cannot be displayed, cleared, changed, or exported.
• Mixing cookie consent, data export, delete account, and privacy settings into one ambiguous action.
• Resetting privacy controls broadly without naming affected data categories.
• Hiding child, region, legal, managed, or enterprise restrictions behind disabled controls.
• Claiming saved success before sync or policy enforcement completes.

Critique Questions

• What exact data category, app access, visibility, or personalization behavior does each privacy setting control?
• What scope owns the value: account, device, app, product, browser, organization, child account, or region?
• Is the displayed value the current effective value or only a local preference draft?
• What data remains collected, retained, visible, or shared after the user turns a control off?
• Where do consent, cookies, permissions, export, and account deletion handoffs begin and end?
• How does the UI explain unavailable dashboard data, recently cleared data, legal restrictions, or managed policy?
• What evidence proves a privacy change was applied, failed, pending, or reverted?