dentro.chat privacy policy — score 97/100 (low risk)

Viimeksi analysoitu 26 April 2026

Tämä raportti on yli 28 päivää vanha. Se näyttää viimeksi tallennetun analyysin tälle käytännölle — päivitä hakeaksesi live-sivun uudelleen ja päivittääksesi pistemäärän.

Raportin sisältö (yhteenveto, havainnot, lainaukset) on luotu englanniksi eikä sitä ole lokalisoitu.

97tietosuojapisteet

Raportin tiedot

low riski

One of the strongest privacy policies in the AI chat space — fully EU-hosted, transparent subprocessor list, no AI training on user data, and no US-based providers.

DentroChat's privacy policy is exceptionally transparent and privacy-oriented. The company publishes a detailed subprocessor list naming every provider, their purpose, and location. All 10 third-party subprocessors are based in the EU or Switzerland (EU adequacy decision). Infrastructure is self-hosted on Hetzner in Germany with encrypted backups on Scaleway in France. AI processing is handled by Mistral (France), Nebius (Netherlands), and Infomaniak (Switzerland). User data is explicitly never used for model training. Payment processing goes through Mollie (Netherlands) with no card data stored on DentroChat servers. Analytics use self-hosted Plausible without cookies. Retention periods are clearly defined per data category, and all GDPR rights are described with actionable instructions.

Viimeksi analysoitu26 April 2026

LähdeURL

Pituus14,836 merkkiä

Kategoria-arviointi

Käytännön jakautuminen keskeisille vaatimustenmukaisuusalueille. Hyvä = vahva, kohtalainen = ristiriitainen, heikko = huolestuttava.

Data Minimizationgood

Collects only what is functionally necessary: account info, chat content, and basic technical data. No tracking cookies, no advertising identifiers.

Transparencygood

Publishes a full subprocessor list with provider names, purposes, and locations. Clearly states legal bases, retention periods, and data flows.

Third-party Sharinggood

10 named subprocessors, all in EU or Switzerland. No sharing for marketing or advertising. Self-hosts analytics, auth, deployment, and observability.

International Transfersgood

Zero transfers outside EU/EEA or adequacy countries. No US-based subprocessors. Switzerland covered by adequacy decision.

AI/Model Traininggood

Explicitly states user data is not used for AI model training. AI providers process data solely to generate responses and do not retain it.

User Rightsgood

All GDPR rights (access, rectification, erasure, restriction, portability, objection) clearly described with practical steps and contact info.

Keskeiset havainnot

Huomionarvoiset ehdot, ongelmat tai hyvät käytännöt (kriittiset ensin)

Info

Fully EU-based infrastructure

All servers hosted on Hetzner in Germany. Encrypted backups on Scaleway in France. No infrastructure outside the EU/EEA or adequacy-decision countries.

Info

No US subprocessors

The policy and subprocessor list explicitly confirm zero US-based providers. All 10 third-party subprocessors are in Germany, France, Netherlands, Finland, or Switzerland.

Info

No AI training on user data

User conversations are explicitly not used to train AI models. AI providers (Mistral, Nebius, Infomaniak) process data solely to generate responses and do not retain it.

Info

Self-hosted critical services

Analytics (Plausible), authentication (Better Auth), LLM observability (Phoenix), and deployment (Coolify) are all self-hosted on own infrastructure in Germany — no data leaves to third parties for these functions.

Info

Cookie-free analytics

Uses self-hosted Plausible Analytics which does not use cookies and does not collect personal data, eliminating the need for a cookie consent banner.

Info

Clear data retention periods

Each data category has a specific retention policy: chat history until deletion, account data deleted within 30 days of closure, invoices 7 years per Estonian law, analytics aggregated and anonymised.

Yhteenveto käyttäjälle

This is one of the strongest privacy policies you will find for an AI chat service. Every subprocessor is named with their exact location. Data stays in Europe, is never used for training, and the company self-hosts critical infrastructure like analytics and authentication in Germany. Very few AI services offer this level of transparency.

Vaatimustenmukaisuusasento

Excellent EU compliance posture. EU/EEA and adequacy-country-only infrastructure, explicit no-training commitment, clearly stated legal bases under GDPR Art. 6, published subprocessor list with 30-day advance notice for changes, and self-hosted analytics without cookies or personal data collection.

EU-siirrot

No transfers outside the EU/EEA or adequacy-decision countries. All subprocessors are in Germany, France, Netherlands, Finland, or Switzerland. The policy explicitly states: 'Your data never leaves the EU/EEA or countries with adequacy decisions.' Switzerland is covered by an EU adequacy decision.

Havaitut signaalit

Tekstistä tunnistetut erityiset tiedot ja käytännöt

Kerätyt tiedot

NameEmail addressPassword (hashed)Account creation dateUser preferencesChat messagesAI responsesUploaded filesGenerated imagesWeb search queriesVoice input (transcribed, not stored)TimestampsFeature usageBrowser typeDevice type

Käsittelyn tarkoitukset

Service deliveryAccount managementPayment processingProduct improvement (anonymous analytics)Legal complianceSupport and communication

Jakaminen kolmansille osapuolille

Mistral AI (France) — AI chatNebius B.V. (Netherlands) — AI chatInfomaniak SA (Switzerland) — AI chatBlack Forest Labs (Germany) — image generationLinkup (France) — web searchMollie B.V. (Netherlands) — paymentsLettermint (Netherlands) — emailsMigadu (Switzerland) — business emailHetzner (Germany) — hostingScaleway (France) — encrypted backups

Tekoäly / Mallin koulutus

Explicitly does not train on user dataAI providers do not retain data for training

Todisteiden otteet

Suorat lainaukset käytännöstä näiden havaintojen tueksi

We do not use any US-based subprocessors.

We do not sell your data. We do not use your chat conversations to train AI models. We do not share your data with third parties for their own marketing purposes.

Your data never leaves the EU/EEA or countries with adequacy decisions.

All AI providers are located within the EU. These providers process your data solely to generate a response and do not retain your data for training purposes.

We use self-hosted Plausible Analytics on both dentro.chat and app.dentro.chat. Plausible does not use cookies and does not collect personal data.

We will update this page when we add or remove subprocessors. If we add a subprocessor that materially changes how your data is processed, we will notify you via email at least 30 days in advance.

All data encrypted in transit using TLS 1.3. Data encrypted at rest on our servers. Encrypted backups stored separately from primary data.

Kysyttävät kysymykset

How often are encrypted backups tested for successful restoration?
Is there a formal incident response plan, and what is the notification timeline in case of a data breach?
Are subprocessor DPAs (Data Processing Agreements) available for review upon request?
What specific measures are in place to prevent unauthorized employee access to production chat data?

Tämän analyysin tuottaa tekoäly, eikä se ole oikeudellista neuvontaa. Kysy aina pätevältä juristilta vaatimustenmukaisuuspäätöksiin.

Jaa tämä analyysi

Kuka tahansa, jolla on tämä linkki, voi nähdä yllä olevan tuloksen.

DentroChatin rakentama

100 % eurooppalainen tekoälychat kaikille

Keskustele tekoälyn kanssa, käsittele tiedostoja, luo kuvia ja hae verkosta. Tiedot pysyvät Euroopassa.

EU:ssa isännöity infrastruktuuriTeksti, tiedostot, kuvat ja verkkohakuNopea-, Ajattelu- ja Luova-tilatTietosuoja ensin oletuksenaTiedot eivät poistu Euroopasta

Kokeile ilmaiseksi →