eualternative.eu privacy policy — score 94/100 (low risk)
Último análisis
El contenido del informe (resumen, hallazgos, citas) se generó en inglés y no está localizado.
Nineties Engineering OÜ · eualternative.eu
Detalles del informe
low riesgoNineties Engineering OÜ's website EU Alternative is a model of privacy-by-design, collecting almost no personal data, avoiding all tracking, and keeping everything hosted exclusively in the EU.
Nineties Engineering OÜ's website EU Alternative is a model of privacy-by-design, collecting almost no personal data, avoiding all tracking, and keeping everything hosted exclusively in the EU.
Evaluación por categoría
Desglose de la política en las principales áreas de cumplimiento. Bueno = sólido, regular = mixto, deficiente = preocupante.
Collection is strictly limited to voluntary contact form submissions and anonymous aggregated statistics, backed by an explicit no-logs policy and no tracking cookies.
The policy is written in plain language and clearly identifies the controller, purposes, legal bases, and user rights, though it lacks specifics on cookie names and exact retention days.
Only Plausible Analytics is disclosed as a third party for anonymous statistics, with no advertising trackers or data sales, but an explicit Article 28 DPA is not confirmed.
The policy explicitly states exclusive EU hosting and affirms that personal data is not transferred to third countries outside the EU/EEA.
The policy is entirely silent on whether user data is used for AI or model training, leaving users unable to verify this practice despite the otherwise minimal data collection.
All major GDPR rights are clearly listed with specific articles cited, and contact details for both the controller and the Estonian supervisory authority are provided.
Hallazgos clave
Cláusulas destacadas, problemas o buenas prácticas detectadas (críticos primero)
Vague retention periods
Retention periods for contact form messages are vague, stating they are kept only 'as long as needed to handle your enquiry and any related follow-up,' without specifying a concrete maximum timeframe or automatic deletion schedule.
Missing DPA confirmation
While Plausible Analytics is described as GDPR-compliant, the policy does not explicitly confirm whether a written Data Processing Agreement under Article 28 GDPR has been concluded with them.
Silent on AI training
The policy is completely silent on whether user data—particularly contact form submissions—is ever used for AI or machine-learning model training.
Unspecified spam cookies
The strictly necessary cookies used for spam protection on the contact form are mentioned but lack specifics on their name, provider, duration, or the exact data they process.
No server logs
The website explicitly states that servers are configured to not log any information, which is an exceptional privacy-by-design measure that eliminates a common source of personal data leakage.
Resumen para el usuario
Nineties Engineering OÜ's website EU Alternative is a model of privacy-by-design, collecting almost no personal data, avoiding all tracking, and keeping everything hosted exclusively in the EU.
Postura de cumplimiento
strong
Transferencias en la UE
EU-only hosting with no third-country transfers described.
Señales detectadas
Datos y prácticas específicas identificadas en el texto
Fragmentos de evidencia
Citas directas de la política que respaldan estos hallazgos
Server logs: our servers are configured to not log any information.
Contact form messages are kept for as long as needed to handle your enquiry and any related follow-up, and then deleted.
We use Plausible Analytics, a GDPR- and ePrivacy-compliant tool that does not use cookies and does not collect IP addresses.
This website is hosted exclusively on servers located within the European Union. Personal data processed in connection with this website is not transferred to third countries outside the EU/EEA.
The only cookies that may be set are strictly necessary cookies on the contact form, used solely to help protect the form against spam and abuse.
Ausente o poco claro
- No mention of AI or machine-learning model training practices or an opt-out mechanism.
- No specific retention schedule or automatic deletion timeframe for contact form personal data.
- No explicit confirmation of an Article 28 GDPR Data Processing Agreement with Plausible Analytics.
- No details on the spam protection cookie provider, cookie names, or expiration periods.
- No information on data backup practices, locations, or retention.
- No description of personal data breach notification procedures.
Preguntas que hacer
- What is the maximum retention period for contact form submissions, and is deletion performed automatically after a fixed number of days?
- Is a written Data Processing Agreement under Article 28 GDPR in place with Plausible Analytics?
- What specific spam protection cookies are set on the contact form, who provides them, and what is their expiration period?
- Are contact form submissions or any other user data ever used to train AI or machine-learning models?
- Are backups of contact form data created, and if so, where are they stored and for how long?
Compartir este análisis
Cualquiera con este enlace puede ver el resultado anterior.
Creado por DentroChat
Chat de IA 100 % europeo para todos
Chatea con la IA, trabaja con archivos, genera imágenes y busca en la web. Los datos permanecen en Europa.