Privacy policy reports

One of the strongest privacy policies in the AI chat space — fully EU-hosted, transparent subprocessor list, no AI training on user data, and no US-based providers.

Nineties Engineering OÜ's website EU Alternative is a model of privacy-by-design, collecting almost no personal data, avoiding all tracking, and keeping everything hosted exclusively in the EU.

eustella publishes a strongly EU-aligned privacy policy that explicitly bans AI training on user data and keeps all processing in the EU, but it is undermined by an internal contradiction over mandatory account fields and the unexplained absence of a Data Protection Officer.

Kolsetu generally respects EU privacy rules, but it over‑collects usage data, lacks a public DPO, and provides limited detail on some international transfers.

Langdock is a privacy-conscious EU-based AI platform that explicitly bans using your content to train AI models and keeps data in the EU, though it relies on some US sub-processors and has vague retention periods in places.

Fenritec generally respects EU privacy rules but lacks clear limits on data use for AI, proactive sub‑processor disclosure and detailed data‑minimisation statements.

Robotstxt generally respects EU privacy but lacks clear details on legal bases, third‑party processors and AI use.

The Senatskanzlei’s privacy notice mixes solid safeguards for basic logging but relies heavily on consent and US‑based third‑party services, leaving several GDPR gaps.

pCloud lets you choose EU or US storage but still shares extensive personal and usage data with many parties and lacks clear limits on AI training or US‑transfer safeguards.

Qdrant’s policy leans heavily on legitimate‑interest and US third‑party transfers, gives consent options for newsletters, but lacks clear limits on data collection and any mention of AI model training, making it only moderately privacy‑friendly.

Anthropic uses your AI conversations to train its models by default, though you can opt out, and your data is routinely transferred outside the EEA to the US under standard contractual clauses.

CAKE.com provides standard EU data rights and transfer safeguards but collects highly intrusive workplace surveillance data—like screenshots, background location, and app usage—on behalf of employers, who act as the data controllers for their employees.

Google collects a very wide range of personal data, shares it broadly, and uses it for AI training with limited opt‑out options, making its privacy stance mixed at best.