There's multiple techniques that can be employed to determine the strength of a software privacy policy. Obviously you can read it, but there's also browser extensions which rate how strong a privacy policy is. The problem with most privacy policies is that they are a wall-of-text (long) that begin with the usual "we value your privacy" statement, then spend the next 38 paragraphs telling you about all the data they collect, who they share it with, and how they aren't responsible for what the 3rd parties do with that data.
What is required of a privacy policy depends on what the software does. Some have to be lengthy and some are far more lengthy than they need to be.
The first indicator of the solidity and trustworthiness of a privacy policy has nothing to do with the policy. If the source code of the software isn't available, then neither the software nor its privacy policy can be trusted. Using any Microsuck software are we?
The developers of the open source Stylus add-on for the open source Firefox web browser have written a privacy policy that i think is a stellar example of what a solid one ought to look like:
Unlike other similar extensions, we don't find you to be all that interesting. Your questionable browsing history should remain between you and the NSA. Stylus collects nothing. Period.
It doesn't get any simpler or more concrete than that. Keep that in mind the next time you run across a privacy policy page that has a scroll bar.