About Actyra Open
Why This Exists
Privacy policies tell you what companies say they do. We show you what software actually does — proven by decompiling the binary and reading the code.
Existing tools like ToS;DR and PrivacySpy analyze policies. Nobody analyzes the actual executables. Until now.
Methodology
Every report follows the same process:
- Obtain the official installer from the vendor's website
- Decompile using Ghidra (NSA's open-source reverse engineering tool)
- Extract all strings, API calls, network endpoints, and data structures
- Trace data flows: what is collected, when, and where it's sent
- Compare actual behavior against the vendor's Terms of Service and Privacy Policy
- Grade using our public rubric (consent, minimization, transparency, security, policy adherence)
- Publish findings with code-level evidence
Grading Rubric
| Category | Weight | What We Measure |
|---|---|---|
| Consent | 25% | Does it collect data before user consent? |
| Data Minimization | 20% | How much data vs. what's actually needed? |
| Transparency | 20% | Does the UI disclose what's collected? |
| Security | 15% | Is collected data encrypted in transit? |
| Policy Adherence | 20% | Does the binary match the vendor's ToS/Privacy Policy? |
A (90-100) | B (80-89) | C (70-79) | D (60-69) | F (0-59)
Access Tiers
Public
Grades, summaries, and finding categories. No account needed.
Researcher
Full reports with code-level evidence, endpoint details, and GDPR analysis. Free account required.
Archive
Raw decompiled source code and Ghidra project files. By request.
API & MCP
All data is available programmatically:
- REST API at
api.actyra.com/api/v1/ - MCP server for AI agents:
@actyra/open-mcp