(888) 683-6576 | info@ascensionstrategy.solutions
← Back to Ascension Strategy Solutions
Privacy Toolkit by Ascension Strategy Free Assessment

How We Evaluate Tools

Not all "privacy" tools are created equal. Here's how we separate genuine privacy protection from marketing buzzwords.

🔓

Open Source

Weight: High

Open source means the code is publicly available for anyone to inspect, audit, and verify. This is the gold standard for security tools because you don't have to trust — you can verify.

What we look for:

  • Source code published on GitHub, GitLab, or similar
  • Active development and community review
  • Clear licensing (GPL, MIT, Apache, etc.)
  • Both client AND server code (for services)
Note: Some excellent tools are not open source. We still list them if they have other strong trust indicators, but we prefer and highlight open source options.
🔒

End-to-End Encryption

Weight: High

End-to-end encryption (E2EE) means data is encrypted on your device before it leaves, and only the intended recipient can decrypt it. The service provider cannot read your data.

What we look for:

  • Encryption happens client-side
  • Keys are never transmitted to the server
  • Provider has no technical ability to access content
  • Published encryption protocols (not proprietary black boxes)
Beware: "Encrypted" doesn't always mean E2EE. Some services encrypt data in transit or at rest, but still have access to your content.
👁️‍🗨️

Zero Knowledge Architecture

Weight: High

Zero knowledge means the service is designed so the provider knows nothing about your data — not even metadata. Even if compelled by law enforcement, they have nothing meaningful to hand over.

What we look for:

  • No access to encryption keys
  • Minimal metadata collection
  • Anonymous or pseudonymous accounts possible
  • No data mining or profiling
🌍

Jurisdiction

Weight: Medium

Where a company is legally based determines what laws they must follow, what government requests they must comply with, and what privacy protections apply to your data.

What we look for:

  • Favorable: Switzerland, Iceland, Germany, EU (GDPR)
  • Neutral: Most countries with rule of law
  • Concerning: Five Eyes countries (US, UK, Canada, Australia, New Zealand) — not disqualifying, but we note it
Context matters: Jurisdiction is less important if a service is truly zero-knowledge. If they can't access your data, it doesn't matter who asks.

Independent Audits

Weight: Medium

Third-party security audits provide independent verification that a service's security claims hold up under scrutiny. Reputable companies publish their audit results.

What we look for:

  • Regular audits by reputable firms (Cure53, Trail of Bits, etc.)
  • Published audit reports (not just "we were audited")
  • Evidence that findings were addressed
  • Bug bounty programs for ongoing security testing
💰

Business Model

Weight: Medium

How a company makes money affects their incentives. If you're not paying, you might be the product. We prefer clear, sustainable business models that don't rely on selling user data.

What we look for:

  • Good: Paid subscriptions, one-time purchases, donations
  • Acceptable: Freemium with clear upgrade path
  • Concerning: "Free" with no obvious revenue source
  • Bad: Ad-supported, data monetization
📜

Track Record

Weight: Medium

How has the company behaved over time? Have they had security incidents? How did they respond? Have they made questionable decisions about user privacy?

What we look for:

  • History of transparent communication
  • Responsible handling of security incidents
  • Consistency between marketing claims and actual practices
  • No history of selling out to less privacy-focused companies
👥

Practical Usability

Weight: Medium

The most secure tool in the world is useless if your team won't use it. We consider whether tools are practical for real organizations with varying technical capabilities.

What we look for:

  • Reasonable learning curve
  • Good documentation and support
  • Cross-platform availability
  • Works with common workflows
  • Appropriate for nonprofit budgets

What "Lisa's Pick" Means

Tools marked as "Lisa's Pick" are our strongest recommendations. These are tools that:

  • Score highly across multiple evaluation criteria
  • We use ourselves or deploy for clients
  • Have proven reliable in real-world use
  • Offer good value for mission-driven organizations

Whether a tool is a "Lisa's Pick" has nothing to do with whether we have an affiliate relationship. Some of our top picks (like Mullvad and Signal) don't pay us anything.

Our Limitations

We try to be thorough, but we're not perfect. Here's what we can't do:

  • We can't audit every line of code ourselves
  • We can't verify every privacy claim with certainty
  • We can't predict future changes in company policy or ownership
  • We can't guarantee any tool is 100% secure

Our evaluations represent our best assessment based on publicly available information, published audits, our professional experience, and hands-on testing. When we're uncertain about something, we say so.

Updates and Corrections

Privacy tools and their companies change. We periodically review our listings and update them as needed. If you notice something outdated or incorrect, please let us know at info@ascensionstrategy.solutions.

Need Help Implementing These Tools?

Our security assessments identify gaps and guide you to the right solutions. Get a personalized roadmap for your organization.

Take the Free Assessment Book a Discovery Call