The Day-1 Privacy Audit
- Steven G.
- Nov 3
- 3 min read
Updated: Nov 5
Free 100-Point Checklist + Scoring System
By Steven Gray, Founder, GrayCloak – SG@GrayCloak.com
Why 87 % of Clients Are “Leaking” on Day 1
I’m Steven Gray. I run GrayCloak https://www.graycloak.com, a privacy and counter-blackmail firm. Every new client — CEO, whistleblower, or stalking victim — gets the same 100-point audit within 24 hours.
“In 2025, I audited 63 clients. The average Day-1 Privacy Score? 41/100. That’s a failing grade in a world where one leak can cost $1.2 M in extortion.”
This is the exact audit I run once you become a client.
No software. No subscriptions. Just statutory rights, commercially available tools, and common sense. Score yourself now.
Or email SG@GrayCloak.com — I’ll run it for you.
How to Use This Audit
Answer Yes / No to each item.
Tally your score (1 point per “Yes”).
Follow the action plan at the end.
Section 1: Digital Footprint (30 points)
# | Question | Yes = 1 |
1 | Have you opted out of Spokeo, Intelius, BeenVerified, and PeopleFinders in the last 90 days? | ☐ |
2 | Is your home address removed from Whitepages Premium? | ☐ |
3 | Do you use CCPA / GDPR deletion requests for every data broker? | ☐ |
4 | Are all old email addresses (AOL, Hotmail) set to auto-delete after 30 days? | ☐ |
5 | Have you exported + deleted inactive social accounts (MySpace, LinkedIn 2008)? | ☐ |
6 | Is your phone number unlinked from Facebook, X, and Instagram? | ☐ |
7 | Do you disable WebRTC in Chrome/Firefox? | ☐ |
8 | Is DNS over HTTPS (DoH) enabled system-wide? | ☐ |
9 | Do you use a reputable VPN (Mullvad, Proton) with audited no-logs? | ☐ |
10 | Is browser fingerprinting blocked (uBlock Origin + CanvasBlocker)? | ☐ |
11–20 | (Repeat for 10 oldest email inboxes) — Are they archived off-site and set to forward only? | ☐ x10 |
21–30 | (Repeat for 10 oldest social profiles) — Are they private, 2FA-enabled, and app permissions revoked? | ☐ x10 |
GrayCloak Standard: Clients score 28+/30 before we begin active removal.
Section 2: Identity & Access (25 points)
# | Question | Yes = 1 |
31 | Do you use a hardware security key (YubiKey) for email and banking? | ☐ |
32 | Is SMS 2FA disabled on all accounts? | ☐ |
33 | Do you have a carrier port-out PIN? | ☐ |
34 | Is your SSN last-4 frozen at Equifax, Experian, TransUnion? | ☐ |
35 | Do you use password manager (Bitwarden, 1Password) with unique 20+ char passwords? | ☐ |
36–45 | (One per critical account) — Gmail, bank, iCloud, etc. — all 2FA + unique password? | ☐ x10 |
46–55 | (One per device) — Phone, laptop, tablet — full-disk encryption + auto-lock <2 min? | ☐ x10 |
Section 3: Physical & Mail Privacy (20 points)
# | Question | Yes = 1 |
56 | Do you use a CMRA (Commercial Mail Receiving Agency) with USPS Form 1583? | ☐ |
57 | Is your home address removed from voter rolls (if allowable in your state)? | ☐ |
58 | Do you use package forwarding (Shipito, MyUS) for online shopping? | ☐ |
59 | Are utility bills paperless and mailed to CMRA? | ☐ |
60–75 | (One per recurring bill) — Phone, ISP, insurance — all billed to CMRA or virtual card? | ☐ x16 |
Section 4: Legal & Compliance (15 points)
# | Question | Yes = 1 |
76 | Do you have a privacy policy on personal sites (required for CCPA)? | ☐ |
77 | Are business entities (LLC, trust) filed with a registered agent (not home)? | ☐ |
78 | Have you filed IRS Form 8832 if using a privacy trust? | ☐ |
79–90 | (One per data broker opt-out) — Do you retain proof of submission (PDF, timestamp)? | ☐ x12 |
Section 5: Extortion Readiness (10 points)
# | Question | Yes = 1 |
91 | Do you have an IC3-ready evidence folder (screenshots, hashes, chat logs)? | ☐ |
92 | Is your lawyer on retainer for emergency TRO filings? | ☐ |
93–100 | (One per family member) — Do they know the 72-hour doxx protocol? | ☐ x8 |
Your Privacy Score
Range | Risk Level | Action |
0–39 | Critical | Immediate GrayCloak audit |
40–69 | High | 30-day cleanup plan |
70–89 | Moderate | Maintenance mode |
90–100 | Fortified | Annual re-audit |
FAQ
How long does the full audit take?
45–90 minutes if you have logins ready. We do it in under 2 hours with screen-share.
Do I need to hire GrayCloak to use this?
No. This is 100 % DIY-legal. But 94 % of clients hire us to execute the fixes.
What if I fail the audit?
We build a 30/60/90-day remediation plan — all using statutory rights and reputable vendors.
Ready for Your Audit?
Self-score above.
Email your score to SG@GrayCloak.com (mailto:SG@GrayCloak.com) — I’ll reply with your custom 30-day plan.
Or visit https://www.graycloak.com to book a Day-1 Audit.
Privacy isn’t a product.
It’s a protocol.
— Steven Gray, GrayCloak
Comments