---
title: General Criteria
description: A list of general priorities we consider for all submissions to Privacy Guides.
---

Below are some general priorities we consider for all submissions to Privacy Guides. Each category will have additional requirements for inclusion.

- **Security**: Tools should follow security best practices wherever applicable.
- **Source Availability**: Open-source projects are generally preferred over equivalent proprietary alternatives.
- **Cross-Platform Availability**: We typically prefer recommendations to be cross-platform to avoid vendor lock-in.
- **Active Development**: The tools that we recommend should be actively developed. Unmaintained projects will be removed in most cases.
- **Usability**: Tools should be accessible to most computer users. An overly technical background should not be required.
- **Documentation**: Tools should have clear and extensive documentation for use.

## Financial Disclosure

We do not make money from recommending certain products, we do not use affiliate links, and we do not provide special consideration to project donors.

## Developer Self-Submissions

We have these requirements in regard to developers which wish to submit their project or software for consideration.

- Must undergo our [self-submission process](https://discuss.privacyguides.net/t/about-the-project-showcase-category/114) as a way to engage with our community, address any potential concerns, and elicit any feedback that can help improve your project.

- Must disclose affiliation, i.e. your position within the project being submitted.

- Must have a security whitepaper if it is a project that involves the handling of sensitive information like a messenger, password manager, encrypted cloud storage, etc.
    - Regarding third party audit status, we want to know if you have undergone one, or have requested one. If possible please mention who will be conducting the audit.

- Must explain what the project brings to the table in regard to privacy.
    - What new problem(s), if any, does it solve?
    - Why should anyone use it over the alternatives?

- Must state what the exact threat model is with their project.
    - It should be clear to potential users what the project can provide, and what it cannot. Ideally, a developer should be able to identify what [common threat(s)](../basics/common-threats.md) their project protects against.