We developed a little tool that takes care of an initial and simple audit of your privacy rules: https://apicheck.ideable.co/
If you see issues there, you know you have work to do