dentro.chat privacy policy — score 97/100 (low risk)

Zadnja analiza 26 April 2026

Ovaj izvještaj stariji je od 28 dana. Prikazuje zadnju spremljenu analizu za ovu politiku — osvježite da ponovno dohvatite live stranicu i ažurirate rezultat.

Sadržaj izvješća (sažetak, nalazi, citati) generiran je na engleskom i nije lokaliziran.

97ocjena privatnosti

Detalji izvještaja

low rizik

One of the strongest privacy policies in the AI chat space — fully EU-hosted, transparent subprocessor list, no AI training on user data, and no US-based providers.

DentroChat's privacy policy is exceptionally transparent and privacy-oriented. The company publishes a detailed subprocessor list naming every provider, their purpose, and location. All 10 third-party subprocessors are based in the EU or Switzerland (EU adequacy decision). Infrastructure is self-hosted on Hetzner in Germany with encrypted backups on Scaleway in France. AI processing is handled by Mistral (France), Nebius (Netherlands), and Infomaniak (Switzerland). User data is explicitly never used for model training. Payment processing goes through Mollie (Netherlands) with no card data stored on DentroChat servers. Analytics use self-hosted Plausible without cookies. Retention periods are clearly defined per data category, and all GDPR rights are described with actionable instructions.

Zadnja analiza26 April 2026

IzvorURL

Duljina14,836 znakova

Procjena po kategorijama

Razrada politike po ključnim područjima usklađenosti. Dobro = snažno, umjereno = mješovito, loše = zabrinjavajuće.

Data Minimizationgood

Collects only what is functionally necessary: account info, chat content, and basic technical data. No tracking cookies, no advertising identifiers.

Transparencygood

Publishes a full subprocessor list with provider names, purposes, and locations. Clearly states legal bases, retention periods, and data flows.

Third-party Sharinggood

10 named subprocessors, all in EU or Switzerland. No sharing for marketing or advertising. Self-hosts analytics, auth, deployment, and observability.

International Transfersgood

Zero transfers outside EU/EEA or adequacy countries. No US-based subprocessors. Switzerland covered by adequacy decision.

AI/Model Traininggood

Explicitly states user data is not used for AI model training. AI providers process data solely to generate responses and do not retain it.

User Rightsgood

All GDPR rights (access, rectification, erasure, restriction, portability, objection) clearly described with practical steps and contact info.

Ključni nalazi

Značajne klauzule, problemi ili dobre prakse (kritično prvo)

Info

Fully EU-based infrastructure

All servers hosted on Hetzner in Germany. Encrypted backups on Scaleway in France. No infrastructure outside the EU/EEA or adequacy-decision countries.

Info

No US subprocessors

The policy and subprocessor list explicitly confirm zero US-based providers. All 10 third-party subprocessors are in Germany, France, Netherlands, Finland, or Switzerland.

Info

No AI training on user data

User conversations are explicitly not used to train AI models. AI providers (Mistral, Nebius, Infomaniak) process data solely to generate responses and do not retain it.

Info

Self-hosted critical services

Analytics (Plausible), authentication (Better Auth), LLM observability (Phoenix), and deployment (Coolify) are all self-hosted on own infrastructure in Germany — no data leaves to third parties for these functions.

Info

Cookie-free analytics

Uses self-hosted Plausible Analytics which does not use cookies and does not collect personal data, eliminating the need for a cookie consent banner.

Info

Clear data retention periods

Each data category has a specific retention policy: chat history until deletion, account data deleted within 30 days of closure, invoices 7 years per Estonian law, analytics aggregated and anonymised.

Sažetak za korisnika

This is one of the strongest privacy policies you will find for an AI chat service. Every subprocessor is named with their exact location. Data stays in Europe, is never used for training, and the company self-hosts critical infrastructure like analytics and authentication in Germany. Very few AI services offer this level of transparency.

Stav usklađenosti

Excellent EU compliance posture. EU/EEA and adequacy-country-only infrastructure, explicit no-training commitment, clearly stated legal bases under GDPR Art. 6, published subprocessor list with 30-day advance notice for changes, and self-hosted analytics without cookies or personal data collection.

EU prijenosi

No transfers outside the EU/EEA or adequacy-decision countries. All subprocessors are in Germany, France, Netherlands, Finland, or Switzerland. The policy explicitly states: 'Your data never leaves the EU/EEA or countries with adequacy decisions.' Switzerland is covered by an EU adequacy decision.

Otkriveni signali

Specifični podaci i prakse utvrđene u tekstu

Prikupljeni podaci

NameEmail addressPassword (hashed)Account creation dateUser preferencesChat messagesAI responsesUploaded filesGenerated imagesWeb search queriesVoice input (transcribed, not stored)TimestampsFeature usageBrowser typeDevice type

Svrhe obrade

Service deliveryAccount managementPayment processingProduct improvement (anonymous analytics)Legal complianceSupport and communication

Dijeljenje s trećim stranama

Mistral AI (France) — AI chatNebius B.V. (Netherlands) — AI chatInfomaniak SA (Switzerland) — AI chatBlack Forest Labs (Germany) — image generationLinkup (France) — web searchMollie B.V. (Netherlands) — paymentsLettermint (Netherlands) — emailsMigadu (Switzerland) — business emailHetzner (Germany) — hostingScaleway (France) — encrypted backups

AI / Treniranje modela

Explicitly does not train on user dataAI providers do not retain data for training

Dokazni isječci

Izravni citati iz politike koji podupiru ove nalaze

We do not use any US-based subprocessors.

We do not sell your data. We do not use your chat conversations to train AI models. We do not share your data with third parties for their own marketing purposes.

Your data never leaves the EU/EEA or countries with adequacy decisions.

All AI providers are located within the EU. These providers process your data solely to generate a response and do not retain your data for training purposes.

We use self-hosted Plausible Analytics on both dentro.chat and app.dentro.chat. Plausible does not use cookies and does not collect personal data.

We will update this page when we add or remove subprocessors. If we add a subprocessor that materially changes how your data is processed, we will notify you via email at least 30 days in advance.

All data encrypted in transit using TLS 1.3. Data encrypted at rest on our servers. Encrypted backups stored separately from primary data.

Pitanja za postaviti

How often are encrypted backups tested for successful restoration?
Is there a formal incident response plan, and what is the notification timeline in case of a data breach?
Are subprocessor DPAs (Data Processing Agreements) available for review upon request?
What specific measures are in place to prevent unauthorized employee access to production chat data?

Ovu analizu generira AI i ne predstavlja pravni savjet. Uvijek se posavjetujte s kvalificiranim pravnikom za odluke o usklađenosti s GDPR-om.

Podijeli ovu analizu

Svatko s ovom poveznicom može vidjeti rezultat iznad.

Izradio DentroChat

100 % europski AI chat za sve

Razgovarajte s AI-jem, radite s datotekama, generirajte slike i pretražujte web. Podaci ostaju u Europi.

Infrastruktura hostirana u EUTekst, datoteke, slike i web pretraživanjeBrzi, Razmišljajući i Kreativni načiniPrivatnost na prvom mjestuNijedan podatak ne napušta Europu

Isprobaj besplatno →