peerpush.com privacy policy — score 55/100 (medium risk)

Τελευταία ανάλυση 18 June 2026

Το περιεχόμενο της αναφοράς (περίληψη, ευρήματα, αποσπάσματα) δημιουργήθηκε στα αγγλικά και δεν έχει μεταφραστεί.

55βαθμολογία απορρήτου

PeerPush · peerpush.com

Λεπτομέρειες αναφοράς

medium κίνδυνος

PeerPush has strong anonymization practices for its public analytics but falls short on GDPR basics by failing to disclose legal bases, lacking an EU representative, and using vague language around international data transfers.

The policy reflects a product-focused approach to privacy, particularly excelling in its 'Signals' feature which implements k-anonymity and PII stripping. However, it reads more like a US-centric policy than a GDPR-compliant one. It completely omits the legal bases for processing, fails to mention Standard Contractual Clauses or other transfer mechanisms, and provides an incomplete catalog of user rights. The children's privacy section relies on the COPPA standard (13 years) rather than the GDPR standard (16 years).

Τελευταία ανάλυση18 June 2026

ΠηγήURL

Μήκος8,711 χαρακτήρες

Αξιολόγηση ανά κατηγορία

Ανάλυση της πολιτικής σε βασικούς τομείς συμμόρφωσης. Καλό = ισχυρό, μέτριο = μικτό, κακό = ανησυχητικό.

Data Minimizationgood

Collects primarily necessary data for the service and explicitly avoids third-party advertising cookies or tracking pixels.

Transparencyfair

Clearly explains the 'Boost' system and 'Signals' analytics, but completely omits the legal bases for processing as required by GDPR.

Third-party Sharinggood

Sharing is limited to essential service providers (hosting, auth, email) and public user-generated content, with no ad-tech sharing.

International Transferspoor

Mentions transfers occur but provides zero specifics on the destination countries or the legal safeguards and mechanisms used.

AI/Model Trainingfair

The policy is silent on whether user data is used to train PeerPush's own AI models, though it details how AI agent traffic is tracked in analytics.

User Rightspoor

Omits key GDPR rights (portability, objection, restriction), provides no formal process or timeline for requests, and lacks an EU representative contact.

Βασικά ευρήματα

Σημαντικές ρήτρες, ζητήματα ή θετικές πρακτικές (κρίσιμα πρώτα)

Κρίσιμο

Missing Legal Bases for Processing

The policy details what data is collected and how it is used, but completely fails to state the legal basis for processing (such as consent, contract performance, or legitimate interest) as required by GDPR Article 13(1)(c).

Κρίσιμο

Vague International Transfer Mechanisms

Section 10 states that data may be transferred internationally and that 'appropriate safeguards' are in place, but it does not specify the actual legal mechanism (e.g., Standard Contractual Clauses, adequacy decisions) or the destination countries, leaving EU users uninformed.

Κρίσιμο

Incomplete User Rights Catalog

Section 7 lists access and deletion but omits other mandatory GDPR rights, specifically the right to restrict processing, the right to data portability, and the right to object. It also fails to provide a clear timeline or dedicated contact method for exercising these rights.

Προειδοποίηση

US-Centric Children's Privacy Standard

Section 11 sets the age threshold at 13, aligning with US COPPA rules, but disregards the GDPR standard which generally requires parental consent for children under 16 (or 13-16 depending on the member state).

Info

Strong Anonymization in Public Analytics

Section 9 outlines robust privacy-preserving measures for the 'Signals' feature, including k-anonymity (hiding rows with fewer than 5 visitors), automated PII stripping from search queries, and daily rotation of anonymous identifiers.

Περίληψη για τον χρήστη

Your data is generally safe from ad trackers and public exposure thanks to clever anonymization, but you lack the full suite of GDPR protections, and your data might leave the EU without robust legal safeguards.

Στάση συμμόρφωσης

Partial compliance. Strong on data minimization for analytics and security, but fundamentally deficient in GDPR transparency requirements (legal basis, transfer mechanisms, full rights catalog, DPO/Representative).

Μεταφορές ΕΕ

Inadequate. The policy admits data may be transferred internationally but fails to name the destination countries or the legal mechanisms (like SCCs or adequacy decisions) used to protect the data, violating GDPR Articles 13(1)(f) and 46.

Εντοπισμένα σήματα

Συγκεκριμένα δεδομένα και πρακτικές που εντοπίστηκαν στο κείμενο

Δεδομένα που συλλέγονται

Email addressNameProfile imageUsernameProduct informationIP addressesClick tracking dataProduct interaction dataSearch queriesDevice and browser informationGoogle account IDOAuth tokens

Σκοποί επεξεργασίας

Service provision and account managementPeerPush Boost system and fraud preventionPlatform improvement and analyticsCommunication and authentication

Κοινοποίηση σε τρίτους

Public user profiles and product submissionsGoogle OAuth for authenticationEmail service providersCloud storage providersHosting and infrastructure providers

Διεθνείς μεταφορές

Data may be transferred outside the country of residenceNo specific destination countries namedNo specific legal transfer mechanisms (e.g., SCCs) named

AI / Εκπαίδευση μοντέλων

Policy is silent on using user data for internal AI model trainingTracks how AI systems discover products for public analytics

Αποσπάσματα αποδείξεων

Απευθείας αποσπάσματα από την πολιτική που υποστηρίζουν αυτά τα ευρήματα

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

We never publish a row backed by fewer than 5 distinct visitors. Below that floor, the row is hidden.

Product submissions: Retained indefinitely once published

Λείπει ή ασαφές

Legal bases for processing (consent, contract, legitimate interest)
Specific international transfer mechanisms (SCCs, BCRs, adequacy)
EU representative designation
Data Protection Officer (DPO) contact details
Right to object, restrict processing, and data portability
Retention periods for click tracking and IP address data

Ερωτήσεις προς υποβολή

What specific legal mechanisms (e.g., Standard Contractual Clauses) do you rely on for international data transfers outside the EEA?
What is the legal basis (consent, legitimate interest, contract) for processing IP addresses and click tracking data for the Boost system?
How can EU users exercise their right to data portability and the right to object to processing, which are missing from your policy?
Who acts as your EU representative under GDPR Article 27, given that you process EU user data?
What is the specific retention period for raw click tracking data and IP addresses used in fraud prevention?

Αυτή η ανάλυση δημιουργείται από AI και δεν αποτελεί νομική συμβουλή. Συμβουλευτείτε πάντα εξειδικευμένο νομικό για αποφάσεις συμμόρφωσης GDPR.

Κοινοποίηση αυτής της ανάλυσης

Οποιοσδήποτε με αυτόν τον σύνδεσμο μπορεί να δει το αποτέλεσμα παραπάνω.

Δημιουργήθηκε από το DentroChat

100% ευρωπαϊκό AI chat για όλους

Συνομιλήστε με AI, εργαστείτε με αρχεία, δημιουργήστε εικόνες και αναζητήστε στο διαδίκτυο. Τα δεδομένα παραμένουν στην Ευρώπη.

Υποδομή φιλοξενούμενη στην ΕΕΚείμενο, αρχεία, εικόνες και αναζήτηση webΛειτουργίες Γρήγορη, Σκέψη και ΔημιουργικήΠροτεραιότητα στην ιδιωτικότηταΚανένα δεδομένο δεν φεύγει από την Ευρώπη

Δοκιμή δωρεάν →