qdrant.tech privacy policy — score 65/100 (medium risk)
Τελευταία ανάλυση
Αυτή η αναφορά είναι πάνω από 28 ημέρες παλιά. Εμφανίζει την τελευταία αποθηκευμένη ανάλυση για αυτή την πολιτική — ανανεώστε για να ξαναλάβετε τη live σελίδα και να ενημερώσετε τη βαθμολογία.
Το περιεχόμενο της αναφοράς (περίληψη, ευρήματα, αποσπάσματα) δημιουργήθηκε στα αγγλικά και δεν έχει μεταφραστεί.
Λεπτομέρειες αναφοράς
medium κίνδυνοςQdrant’s policy leans heavily on legitimate‑interest and US third‑party transfers, gives consent options for newsletters, but lacks clear limits on data collection and any mention of AI model training, making it only moderately privacy‑friendly.
The privacy policy provides the required legal bases and lists many processors, but it often relies on legitimate interest for core website functions, gives vague retention periods, and does not disclose whether user data is used to train AI models. International transfers are covered by SCCs and the EU‑US Data Privacy Framework, yet the reliance on US providers remains a risk. User rights are described, but practical mechanisms (e.g., easy withdrawal of consent, DPO contact process) are not detailed.
Αξιολόγηση ανά κατηγορία
Ανάλυση της πολιτικής σε βασικούς τομείς συμμόρφωσης. Καλό = ισχυρό, μέτριο = μικτό, κακό = ανησυχητικό.
The policy does not specify limits on the amount of data collected; it lists many data points (IP, browser details, usage logs) collected by default.
Legal bases are listed, but the description of processing purposes is generic and does not detail profiling or AI model training.
Numerous third parties (HubSpot, Segment, Google Analytics, Mixpanel, Stripe, Netlify) are used, many based outside the EEA, with reliance on SCCs.
Transfers are covered by SCCs and the EU‑US Data Privacy Framework, but the policy lacks per‑processor risk assessments.
No mention of whether personal data is used to train Qdrant’s AI models or how users can opt‑out.
Rights are enumerated (access, rectification, erasure, portability, objection) and contact details for the DPO are provided.
Βασικά ευρήματα
Σημαντικές ρήτρες, ζητήματα ή θετικές πρακτικές (κρίσιμα πρώτα)
No disclosure of AI or model‑training usage
The policy never mentions whether personal data collected via the website or cloud service is used to train or improve Qdrant’s AI models, leaving a significant transparency gap.
Extensive reliance on legitimate interest for core website functions
The policy states that IP address, browser details, and other log data are processed on the basis of Art. 6(1)(f) GDPR as a legitimate interest, without offering a clear opt‑out mechanism for users.
Broad international data transfers to US providers
Multiple US‑based processors (HubSpot, Segment, Google Analytics, Mixpanel, OneTrust, Netlify) are used, with transfers justified by standard contractual clauses or the EU‑US Data Privacy Framework, but the policy does not disclose specific safeguards per processor.
Vague data retention periods for many categories
While log files are deleted after 14 days and IPs after 90 days, other data (e.g., newsletter contacts, customer accounts) have no explicit retention schedule, relying on “as long as necessary” language.
Consent management for newsletters is described, but the revocation process is unclear
The policy says consent can be revoked by clicking a link or emailing, but does not specify how quickly the revocation is processed or whether it automatically stops all marketing communications.
Περίληψη για τον χρήστη
Your data may be shared with many US‑based services (e.g., HubSpot, Google Analytics, Mixpanel) under standard contractual clauses; you can object to direct marketing, but the policy does not clearly explain how your data might be used for AI training or profiling beyond marketing.
Στάση συμμόρφωσης
Mixed – the policy meets many formal GDPR requirements (legal bases, rights, DPO contact) but falls short on transparency about data minimisation, purpose limitation, and AI usage.
Μεταφορές ΕΕ
Transfers to the US are justified by SCCs and the EU‑US Data Privacy Framework, but the policy does not provide detailed safeguards for each processor, nor does it offer an easy way for data subjects to object to such transfers.
Εντοπισμένα σήματα
Συγκεκριμένα δεδομένα και πρακτικές που εντοπίστηκαν στο κείμενο
Αποσπάσματα αποδείξεων
Απευθείας αποσπάσματα από την πολιτική που υποστηρίζουν αυτά τα ευρήματα
During the informative use of the website, ... we collect the personal data that the browser transmits to our server ... This is our legitimate interest, so that the legal basis is Art. 6 para. 1 s. 1 lit. f GDPR.
We use HubSpot to manage leads ... The provider processes usage data ... in the EU. The legal basis for the processing is Art. 6 para. 1 s. 1 lit. f GDPR.
We use Google Analytics for analytics. ... The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. The processing is based on consent.
Data subjects have the following rights ... Right of access, Right to correction or deletion, Right to limit processing, Right to object ...
The legal basis for the transfer to a country outside the EEA are standard contractual clauses. The security of the data transferred ... is guaranteed by standard data protection clauses (Art. 46 para. 2 lit. c GDPR).
Λείπει ή ασαφές
- Explicit statement on whether personal data is used for AI model training or improvement
- Detailed retention periods for non‑log data (e.g., newsletter contacts, customer accounts)
- Clear opt‑out mechanism for legitimate‑interest processing of website logs
- Information on profiling beyond direct marketing
Ερωτήσεις προς υποβολή
- Do you use any of the collected personal data (including log data) to train or improve Qdrant’s AI models, and if so, can users opt‑out?
- What specific safeguards (technical or contractual) are in place for each US‑based processor beyond the generic SCCs?
- How is consent for analytics (Google Analytics, Mixpanel, etc.) obtained and recorded, and can users withdraw it easily?
- Can you provide a detailed retention schedule for each data category (e.g., newsletter subscribers, customer accounts, payment data)?
- Is there a mechanism for users to object to the legitimate‑interest processing of website logs, and how is that request handled?
Κοινοποίηση αυτής της ανάλυσης
Οποιοσδήποτε με αυτόν τον σύνδεσμο μπορεί να δει το αποτέλεσμα παραπάνω.
Δημιουργήθηκε από το DentroChat
100% ευρωπαϊκό AI chat για όλους
Συνομιλήστε με AI, εργαστείτε με αρχεία, δημιουργήστε εικόνες και αναζητήστε στο διαδίκτυο. Τα δεδομένα παραμένουν στην Ευρώπη.