Sovereign AI

⏱ About 15 min15 XP

Data Audit

A data audit is a systematic review of what personal information exists about you, where it lives, who holds it, and what is being done with it. Professionals inside companies conduct data audits to understand their organization's data landscape. In this lesson, you will conduct one on yourself — as an individual — to build a concrete, grounded picture of your actual data footprint. This is not a hypothetical exercise. Everything here is real and accessible to you right now.

Why Audit Your Own Data?

Most people have a vague sense that companies collect their data but no clear picture of what that actually looks like in practice. Vague awareness does not generate effective action. A concrete audit does. When you see, in a downloaded file, that a single platform has stored every search you made over the past three years, every video you watched, every ad you clicked, and every location you visited while using the app — that is different from reading that 'companies collect data.' It is specific. It is yours. It changes how you make decisions going forward. This lesson guides you through the audit. Work through each section as carefully as you can. The goal is not to feel overwhelmed — it is to feel informed, and then empowered.

You Are Your Own Best Privacy Auditor

No external consultant, privacy tool, or government agency can do this audit as effectively as you can, because you know which services you actually use. The most powerful privacy knowledge is specific and personal — not generic advice, but a clear map of your own landscape. That map is what this lesson builds.

Section 1: Account Inventory

The first step in any data audit is knowing what accounts exist. Most people have far more accounts than they remember creating — old game accounts, services they signed up for for one specific reason and never returned to, subscriptions from years ago. Start by listing every account you actively use: social media, streaming, gaming, email, school systems, shopping, and any apps that required a login. Then think back: are there services you signed up for and forgot? Old email addresses attached to accounts you no longer access? Each forgotten account is still a data repository — the company still holds whatever you gave them, often indefinitely.

Part 1 — Account Inventory

  1. Open a notebook or document. Create four columns: Service Name, Type (social/streaming/gaming/school/shopping/other), Last Used (approximately), Still Active?
  2. List every digital service or app you have an account with that you can remember. Aim for at least fifteen entries — most people will find twenty or more when they think carefully.
  3. For each entry: estimate when you last used it, and note whether you would consider it currently active.
  4. Mark any account you have not used in more than one year with an asterisk. These dormant accounts are data repositories you have likely forgotten about.
  5. Count your asterisked accounts. Write one sentence about what you want to do about them.

Section 2: Data Download

Most major platforms are required by law in various jurisdictions to provide you with a copy of your personal data on request. This is your right to access in action. The data download reveals exactly what the platform has collected — and seeing it concretely is often revelatory. Common platforms that offer data downloads include major social media networks, search engines with accounts, streaming services, and email providers. The download option is usually found in Settings, then Privacy or Account, and may be labeled Download your data, Request a copy of your data, or similar language. The download may be prepared instantly or may take up to 48 hours.

Part 2 — Data Download Deep Dive

  1. Choose one platform from your account inventory — ideally one you use often, since it will have the most data.
  2. Navigate to its privacy settings and find the data download option. Request your data export.
  3. While you wait for the download, predict: what categories of data do you think you will find? Write down five predictions.
  4. When the download arrives, open it and explore. What categories are present? Common categories include: search history, watch history, location history, ad interests assigned to you, connected apps, messages, and account activity logs.
  5. For each of your five predictions: was it there? Was it more or less extensive than you expected?
  6. Find the single most surprising category or data point in the download. Write three sentences about what it is, why it surprised you, and what it implies about what the platform knows about you.

Section 3: Permission and Tracker Audit

The third section of the audit looks at active data collection channels: app permissions on your device and trackers on the websites you visit. For app permissions, your phone's settings show a comprehensive list of which apps have access to which sensors and data: location, microphone, camera, contacts, photos, health data, and more. Many people find apps in this list they have forgotten about, still holding permissions they granted years ago. For web trackers, browser extensions like Privacy Badger or similar tools can show you, in real time, how many trackers are running on any given page. Visiting a news site and seeing forty or fifty trackers load is not unusual — and seeing that number concretely is different from being told 'websites track you.'

Part 3 — Permissions and Trackers

  1. Go to your phone's Settings, then Privacy or Permissions. Review the full list of app permissions.
  2. For location access: how many apps have always-on access? How many only when the app is open? List every app with always-on location access. For each, ask: Do I actually need this app to know where I am at all times?
  3. For microphone access: list every app with microphone access. For each, ask: Why would this app need my microphone?
  4. For camera access: repeat the same process.
  5. Count the total number of permission grants you have (each app-permission pair counts as one). Write this number down.
  6. Now: revoke at least five permissions that you cannot justify. Write which five you revoked and why.
  7. Finally: if you have access to a browser extension that shows trackers, install it and visit two different websites. Record how many trackers were present on each. Write one sentence about what this tells you about web tracking at scale.

Turning the Audit Into Action

A data audit is only valuable if it produces action. The final step is converting what you discovered into a prioritized list of changes. Not everything needs to change at once. Pick the three actions that would have the biggest impact on your data footprint based on what you actually found — not based on generic advice. For each action, be specific: not 'improve my privacy' but 'delete my account on [specific old service] by [specific date]' or 'revoke always-on location access from [specific app] today.' Specific, scheduled commitments are the difference between an audit that sits in a notebook and one that actually changes your digital life.

Part 4 — Audit to Action Plan

  1. Review everything you discovered in Parts 1 through 3.
  2. Identify your three highest-priority actions. For each one:
  3. - Write exactly what you will do (specific action, specific service or app)
  4. - Write when you will do it (today / this week / this month)
  5. - Write what data exposure that action reduces
  6. Share your action plan with a classmate or a trusted adult and ask them to hold you accountable.
  7. In three to five sentences, write a reflection: What was the most significant thing you learned about your own data footprint from this audit? How has your thinking about your data changed? What will you do differently starting today?

What is the purpose of requesting a data download from a platform?

Why are dormant accounts you no longer use still a privacy concern?

← Back to Sovereign AI