From solo
Generates privacy policies and terms of service tailored to project stack, features, and data handling. Audits data practices for GDPR, CCPA, app store compliance.
npx claudepluginhub fortunto2/solo-factory --plugin soloThis skill is limited to using the following tools:
Generate privacy policy and terms of service tailored to the project's stack, features, and data handling. Aligned with manifesto privacy-first principles (`templates/principles/manifest.md`): on-device processing, local storage, no accounts when possible, user owns their data.
Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.
Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.
Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.
Generate privacy policy and terms of service tailored to the project's stack, features, and data handling. Aligned with manifesto privacy-first principles (templates/principles/manifest.md): on-device processing, local storage, no accounts when possible, user owns their data.
Disclaimer: Generated documents are templates, not legal advice. Review with a lawyer before publishing, especially for regulated industries (health, finance, children).
Parse project from $ARGUMENTS.
docs/prd.md — features, ICP, data handlingCLAUDE.md — stack, services usedtemplates/stacks/{stack}.yaml if availableData audit — determine what data the product collects:
Scan PRD and codebase config for:
| Data Type | Collected? | Stored Where | Purpose |
|---|---|---|---|
| Email/name | — | Local / Supabase | Account |
| Usage analytics | — | PostHog (EU) | Product improvement |
| Payment info | — | Stripe (not stored locally) | Billing |
| User content | — | On-device / local DB | Core feature |
| Location | — | — | — |
| Device info | — | — | — |
| Cookies | — | — | — |
| Third-party SDKs | — | — | — |
For each "yes": note the legal basis (consent, legitimate interest, contract).
Manifest alignment check:
Detect applicable regulations:
| Regulation | Applies When | Key Requirements |
|---|---|---|
| GDPR | EU users or EU-based business | Consent, right to access/delete/port, DPA with processors |
| CCPA/CPRA | California users, >$25M revenue or >100K consumers | Right to know/delete/opt-out, "Do Not Sell" |
| App Store | iOS app | Privacy nutrition labels, ATT framework |
| Play Store | Android app | Data safety section, deletion policy |
| COPPA | Users under 13 | Parental consent (flag if ICP includes children) |
Most solo projects: GDPR + App Store/Play Store is sufficient.
Generate Privacy Policy:
Structure (adapt to product):
# Privacy Policy
**Last updated:** {YYYY-MM-DD}
**Effective date:** {YYYY-MM-DD}
## What we collect
{table from step 2 — only "yes" rows, in plain language}
## How we use it
{purpose for each data type — be specific, not "to improve our services"}
## Where data is stored
{local device / specific cloud service + region}
{for offline-first apps: "Your data stays on your device. We cannot access it."}
## Third-party services
{list each service: PostHog (EU), Stripe, Supabase — with links to their privacy policies}
## Your rights
- **Access:** request a copy of your data
- **Delete:** delete your account and all associated data
- **Export:** download your data in {format}
- **Opt-out:** disable analytics in app settings
## Data retention
{how long data is kept, what triggers deletion}
## Children
{if product is not for children under 13: "This product is not intended for children under 13."}
## Changes
We may update this policy. Changes will be posted here with an updated date.
## Contact
{email address for privacy questions}
Rules:
Generate Terms of Service:
Structure:
# Terms of Service
**Last updated:** {YYYY-MM-DD}
## What this is
{product name} is {one-line description}. By using it, you agree to these terms.
## Your account
{if accounts exist: account rules. If no accounts: "No account is required."}
## Your data
You own your data. We do not claim any rights to content you create.
{for offline-first: "Your data is stored on your device. We have no access to it."}
## Acceptable use
Do not use {product} to: {short list of prohibited uses relevant to the product}
## Payments
{if paid: pricing, refund policy, billing terms}
{manifest alignment: "No hidden fees. What you see is what you pay."}
{if one-time purchase: "One-time purchase. No recurring charges."}
{if subscription: explain what justifies the recurring cost}
## Availability
We aim to keep {product} available but cannot guarantee 100% uptime.
{for offline-first: "Core features work without internet connection."}
## Limitation of liability
{standard limitation clause — product provided "as is"}
## Changes
We may update these terms. Continued use after changes means acceptance.
## Contact
{email}
Generate App Store privacy labels (if iOS or Android):
iOS (App Store Connect):
Android (Play Store):
Write legal documents:
legal/privacy-policy.md — privacy policylegal/terms-of-service.md — terms of servicelegal/app-store-privacy.md — app store labels (if mobile)legal/ directory in project root if neededOutput summary:
Cause: Third-party SDKs (analytics, crash reporting) collect data automatically. Fix: Audit all SDKs in package.json/Podfile/build.gradle. List each one in the privacy policy.
Cause: Sync, backup, or auth requires cloud. Fix: Be explicit: "Core features work offline. Optional sync requires {service}." List exactly what syncs.
Cause: No privacy policy URL in app metadata. Fix: Host privacy-policy.md as a web page (GitHub Pages, project website, or static hosting). Add URL to App Store Connect / Play Console.