AS
← Work
PrivacyGuard

PrivacyGuard

A UX research and concept design project exploring how non-expert users understand, review and act on digital privacy settings.

2024UX ResearchSurvey, Interview, Figma
UX ResearchExperience DesignMobile Concept

PrivacyGuard began as a UX research project about digital privacy, but the central issue quickly became broader than privacy policies alone. The research showed that users can care deeply about protecting their personal information while still avoiding privacy settings, because the experience feels fragmented, technical and risky. Through survey research, interview and shadowing, the project explores how low-confidence users try to understand privacy controls and where the experience breaks down.

The problem

Privacy controls are often fragmented across apps, device settings and account menus. For users who are not confident with technical language, the challenge is not only finding the right setting: it is understanding what each option means, what might happen after changing it and whether the action is safe. Many users leave defaults unchanged, rely on others for help or abandon the task entirely.

Research approach

The research combined several methods to move beyond asking whether users care about privacy and instead examine what happens when they try to manage it in real contexts.

Research method overview showing six methods: secondary research, survey (n=28), focused interview, shadowing, empathy & persona synthesis and journey & experience mapping.
Six methods combined to move beyond attitudes and examine real behaviour in context.

What the survey showed

The survey showed that privacy review is often reactive rather than routine. The strongest signal was not only that settings are hard to find: users struggle to understand what each setting means and what consequences a change may have.

Survey insights showing review frequency, difficulty ratings, top privacy concerns and most-requested features from 28 respondents.
Survey findings (n=28): privacy review is rare and reactive; users need clarity, not just access.

Interview and shadowing

The interview and shadowing sessions made the problem concrete. The primary user, Esra, a pharmacist in her late 50s with basic technology confidence, cared about privacy and personal-data safety, but consistently struggled with technical terminology, hidden settings and uncertainty about whether her actions were correct. She represents a broader group of users who are engaged with digital life but not confident when privacy controls become technical.

During shadowing, Esra completed nine real privacy tasks across apps and device settings. The observation revealed patterns that reported attitudes alone would not have captured.

Shadowing task breakdown table showing five privacy tasks, observed behaviour, UX breakdowns and design opportunities for each.
Five real tasks, observed in context: showing where and how confidence breaks down in practice.

Experience mapping

The research was synthesized into an experience map tracing Esra's journey from initial awareness through continued use. The map tracks her thoughts, emotional experience and ideas for improvement at each stage, making visible where confidence builds and where it consistently breaks down.

Experience map for Esra Yılmaz showing thoughts, emotional curve and improvement ideas across eight stages from Initial Awareness to Continued Use.
Esra's experience mapped across eight stages: where the journey flows and where it breaks.

Key insights

Privacy management breaks down in three connected places: discovery, comprehension and confidence. Users may not know where a setting lives, may not understand what it means once they find it and may still feel unsure after making a change. Each layer requires a different design response.

01
Concern does not automatically become action
Users may care about privacy but do not consistently review or update settings. Privacy action often depends on prompts, incidents or external reminders.
02
The hardest part is understanding consequences
Users do not only struggle to find settings. They struggle to understand what each setting does and what might happen if they change it.
03
Privacy controls are fragmented across systems
The shadowing sessions showed the user moving between apps, device settings, work apps, health apps and e-commerce settings without a clear mental map of where control lives.
04
Language and terminology are accessibility barriers
Technical or foreign terms created confusion and avoidance. Plain-language privacy communication is central to whether a non-expert user can act.
05
Users need reassurance after taking action
Even after making changes, the user was unsure whether her privacy had actually improved. Confirmation and status feedback are largely absent from real privacy experiences.

From research to requirements

The research was translated into UX requirements for a guided privacy-management experience. Each finding maps to a specific design response in the concept.

From research to requirements diagram mapping six key insights to UX requirements and PrivacyGuard concept solutions.
Each research finding maps to a UX requirement and a concrete design response in the concept.

Concept direction

PrivacyGuard responds to the research by creating a guided privacy-management flow. Instead of expecting users to search through each app manually, the concept creates a central starting point where users can review recent data access, run a privacy check, understand plain-language recommendations and save progress over time.

Concept flow diagram showing eight stages from risk trigger through dashboard, privacy check, view findings, understand recommendation, take action, confirm result and review later.
The concept flow: from privacy concern to guided action, with confirmation and follow-up built in.

Service design framework

The concept was mapped against user goals, opportunities and touchpoints across six stages: Discovery, Navigation, Privacy Check, Archive, Call Out and Contribute. The framework shows how each stage creates opportunity to reduce friction, build confidence and extend the experience beyond the individual user into shared awareness.

Service blueprint showing user goals, opportunities and touchpoints across six stages: Discovery, Navigation, Privacy Check, Archive, Call Out and Contribute.
User goals, design opportunities and touchpoints mapped across the full service arc.

Storyboard

A storyboard traces the concept from Esra's perspective across eight scenes: opening the app, reviewing her dashboard, running a privacy check, receiving an alert, reviewing her report, adjusting settings, sharing insights with her community and archiving the report for future reference.

Eight-panel storyboard showing Esra using the PrivacyGuard app from opening through running a privacy check, receiving alerts, reviewing reports and archiving.
Eight scenes following Esra through the full PrivacyGuard experience.

Reflection

This project reframed digital privacy as an interaction-design problem. The research showed that users need more than access to settings: they need understandable explanations, visible consequences and reassurance after action. The strongest lesson was the gap between concern and action: privacy is not solved by more information alone. It is improved by reducing the effort and uncertainty of each individual decision.

The project was conducted in an academic context with a limited survey sample and one deeply observed primary user. Its value is in identifying UX barriers and translating them into a grounded concept direction; a production version would require broader validation and real permission-scanning infrastructure.