startpage.com privacy policy — score 90/100 (low risk)
Zuletzt analysiert
Der Berichtsinhalt (Zusammenfassung, Befunde, Zitate) wurde auf Englisch erstellt und ist nicht lokalisiert.
Startpage (Surfboard Holding BV) · startpage.com
Berichtsdetails
low RisikoStartpage offers exceptional privacy by design, collecting virtually no personal data and explicitly rejecting tracking, profiling, and search logging, though minor data flows to third-party ad and analytics providers exist.
Startpage's privacy policy is remarkably user-centric and strongly aligned with GDPR principles, primarily because its business model does not rely on personal data collection. The policy explicitly states that IP addresses and search queries are not recorded, and tracking cookies are not used. The company operates under Dutch and EU jurisdiction, providing robust legal protections against surveillance. However, there are minor gaps regarding the specifics of data shared with Google AdSense for click fraud prevention and the lack of explicit mention of international data transfer mechanisms for their third-party tools (Amplitude, Sentry). Overall, the policy is highly transparent and sets a high standard for privacy-friendly search.
Kategoriebewertung
Aufschlüsselung der Richtlinie nach zentralen Compliance-Bereichen. Gut = stark, mittel = gemischt, schlecht = bedenklich.
The policy explicitly states no collection of IP addresses, search queries, or tracking cookies, limiting data to only what is strictly necessary for service functionality.
The document is exceptionally clear and plain-spoken about what is and is not collected, avoiding legal jargon while clearly defining its privacy standards.
While no personal data is shared, integration with Google AdSense, Sentry, and Amplitude means some system data flows to third parties, though it is claimed to be anonymized.
The company is based in the EU, but using US-based processors like Google AdSense and Amplitude likely involves data transfers, which are not explicitly addressed with legal transfer mechanisms.
The policy makes no mention of AI training, and given the strict no-recording and no-profiling stance, user data is functionally excluded from being used for this purpose.
The policy explicitly mentions GDPR compliance, the right to be forgotten, and the right to lodge a complaint with the Dutch Data Protection Authority.
Wichtigste Befunde
Bemerkenswerte Klauseln, Probleme oder positive Praktiken (kritische zuerst)
Third-Party Data Sharing for Ad Fraud Prevention
While ads are strictly non-personalized, the policy admits that 'some non-identifying system information is shared' with platforms like Google AdSense to prevent click fraud. The exact nature of this data is undefined, creating a minor transparency gap regarding what Google receives.
Silence on International Data Transfer Mechanisms
The policy mentions using Google AdSense, Sentry, and Amplitude (all US-based entities), but fails to mention the legal mechanisms (such as Standard Contractual Clauses) used to lawfully transfer data to these third parties under GDPR Chapter V.
Strong Data Minimization & Anonymization by Design
The policy explicitly states that IP addresses and search queries are not recorded, and tracking cookies are not used. This architectural decision limits the attack surface for data breaches and government requests, as they cannot hand over data they do not possess.
App Analytics Mitigation via Proxying
The mobile browser app uses Amplitude for product analytics, but Startpage proxies the data through its own servers to strip personally identifying information before it reaches Amplitude. This is a strong privacy-preserving engineering practice.
IP Address Exception for Abuse Prevention
The policy contains a notable exception where IP addresses are temporarily registered and blocked to mitigate automated robotic abuse. While necessary for security, this technically involves processing an IP address (which is personal data under GDPR), even if it is not stored long-term.
Fazit für Nutzer
You can use Startpage with high confidence that your searches and browsing habits are not being tracked, profiled, or stored by the search engine itself.
Compliance-Posture
Strongly compliant. The policy explicitly embraces GDPR principles, operates from the EU, and designs its systems around data minimization and anonymity.
EU-Übermittlungen
The company is based in the Netherlands, but uses US-based services like Google AdSense, Sentry, and Amplitude. The policy lacks explicit mention of Standard Contractual Clauses (SCCs) or other Chapter V GDPR transfer mechanisms for these third-party flows, though it claims data is anonymized or stripped of PII before transmission.
Erkannte Signale
Konkrete Datenpunkte und Praktiken im Text identifiziert
Textbelege
Direkte Zitate aus der Richtlinie, die diese Befunde stützen
We don’t record your IP address... The only exception is for automated search requests (robots) that rapidly submit more queries to our servers than any normal human would.
When you search, your query is automatically stripped of unnecessary metadata including your IP address and other identifying information. We send the anonymized search query to our search and content providers...
In order to enable the prevention of click fraud, some non-identifying system information is shared, but because we never share personal information... the ads we display are not connected to any individual user.
Product event analytics are powered by a service called Amplitude, and when this service is being used, data is proxied through servers managed by Startpage to ensure that personally identifying data is stripped before making its way to the service.
Fehlend oder unklar
- No explicit mention of legal bases for processing under GDPR Article 6
- No mention of data retention periods for the IP blocklist or crash reports
- No mention of international data transfer safeguards (SCCs, Data Privacy Framework) for US third parties
- No specific details on what constitutes 'non-identifying system information' shared with Google AdSense
Fragen zum Nachfragen
- What specific 'non-identifying system information' is shared with Google AdSense for click fraud prevention, and is there any risk of re-identification by Google?
- How long are IP addresses retained for the automated search request (robot) blocking exception before they are deleted?
- Does the Sentry crash reporting service receive any device identifiers that could indirectly identify a user, despite the claim of no PII?
- What legal mechanisms (e.g., Standard Contractual Clauses) are in place to ensure GDPR-compliant data transfers to US-based third parties like Amplitude and Sentry?
Diese Analyse teilen
Jeder mit diesem Link kann das Ergebnis oben einsehen.
Entwickelt von DentroChat
100 % europäischer KI-Chat für alle
Chatte mit KI, arbeite mit Dateien, generiere Bilder und suche im Web. Daten bleiben in Europa.