qdrant.tech privacy policy — score 65/100 (medium risk)
Zadnja analiza
Ovaj izvještaj stariji je od 28 dana. Prikazuje zadnju spremljenu analizu za ovu politiku — osvježite da ponovno dohvatite live stranicu i ažurirate rezultat.
Sadržaj izvješća (sažetak, nalazi, citati) generiran je na engleskom i nije lokaliziran.
Detalji izvještaja
medium rizikQdrant’s policy leans heavily on legitimate‑interest and US third‑party transfers, gives consent options for newsletters, but lacks clear limits on data collection and any mention of AI model training, making it only moderately privacy‑friendly.
The privacy policy provides the required legal bases and lists many processors, but it often relies on legitimate interest for core website functions, gives vague retention periods, and does not disclose whether user data is used to train AI models. International transfers are covered by SCCs and the EU‑US Data Privacy Framework, yet the reliance on US providers remains a risk. User rights are described, but practical mechanisms (e.g., easy withdrawal of consent, DPO contact process) are not detailed.
Procjena po kategorijama
Razrada politike po ključnim područjima usklađenosti. Dobro = snažno, umjereno = mješovito, loše = zabrinjavajuće.
The policy does not specify limits on the amount of data collected; it lists many data points (IP, browser details, usage logs) collected by default.
Legal bases are listed, but the description of processing purposes is generic and does not detail profiling or AI model training.
Numerous third parties (HubSpot, Segment, Google Analytics, Mixpanel, Stripe, Netlify) are used, many based outside the EEA, with reliance on SCCs.
Transfers are covered by SCCs and the EU‑US Data Privacy Framework, but the policy lacks per‑processor risk assessments.
No mention of whether personal data is used to train Qdrant’s AI models or how users can opt‑out.
Rights are enumerated (access, rectification, erasure, portability, objection) and contact details for the DPO are provided.
Ključni nalazi
Značajne klauzule, problemi ili dobre prakse (kritično prvo)
No disclosure of AI or model‑training usage
The policy never mentions whether personal data collected via the website or cloud service is used to train or improve Qdrant’s AI models, leaving a significant transparency gap.
Extensive reliance on legitimate interest for core website functions
The policy states that IP address, browser details, and other log data are processed on the basis of Art. 6(1)(f) GDPR as a legitimate interest, without offering a clear opt‑out mechanism for users.
Broad international data transfers to US providers
Multiple US‑based processors (HubSpot, Segment, Google Analytics, Mixpanel, OneTrust, Netlify) are used, with transfers justified by standard contractual clauses or the EU‑US Data Privacy Framework, but the policy does not disclose specific safeguards per processor.
Vague data retention periods for many categories
While log files are deleted after 14 days and IPs after 90 days, other data (e.g., newsletter contacts, customer accounts) have no explicit retention schedule, relying on “as long as necessary” language.
Consent management for newsletters is described, but the revocation process is unclear
The policy says consent can be revoked by clicking a link or emailing, but does not specify how quickly the revocation is processed or whether it automatically stops all marketing communications.
Sažetak za korisnika
Your data may be shared with many US‑based services (e.g., HubSpot, Google Analytics, Mixpanel) under standard contractual clauses; you can object to direct marketing, but the policy does not clearly explain how your data might be used for AI training or profiling beyond marketing.
Stav usklađenosti
Mixed – the policy meets many formal GDPR requirements (legal bases, rights, DPO contact) but falls short on transparency about data minimisation, purpose limitation, and AI usage.
EU prijenosi
Transfers to the US are justified by SCCs and the EU‑US Data Privacy Framework, but the policy does not provide detailed safeguards for each processor, nor does it offer an easy way for data subjects to object to such transfers.
Otkriveni signali
Specifični podaci i prakse utvrđene u tekstu
Dokazni isječci
Izravni citati iz politike koji podupiru ove nalaze
During the informative use of the website, ... we collect the personal data that the browser transmits to our server ... This is our legitimate interest, so that the legal basis is Art. 6 para. 1 s. 1 lit. f GDPR.
We use HubSpot to manage leads ... The provider processes usage data ... in the EU. The legal basis for the processing is Art. 6 para. 1 s. 1 lit. f GDPR.
We use Google Analytics for analytics. ... The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. The processing is based on consent.
Data subjects have the following rights ... Right of access, Right to correction or deletion, Right to limit processing, Right to object ...
The legal basis for the transfer to a country outside the EEA are standard contractual clauses. The security of the data transferred ... is guaranteed by standard data protection clauses (Art. 46 para. 2 lit. c GDPR).
Nedostaje ili nije jasno
- Explicit statement on whether personal data is used for AI model training or improvement
- Detailed retention periods for non‑log data (e.g., newsletter contacts, customer accounts)
- Clear opt‑out mechanism for legitimate‑interest processing of website logs
- Information on profiling beyond direct marketing
Pitanja za postaviti
- Do you use any of the collected personal data (including log data) to train or improve Qdrant’s AI models, and if so, can users opt‑out?
- What specific safeguards (technical or contractual) are in place for each US‑based processor beyond the generic SCCs?
- How is consent for analytics (Google Analytics, Mixpanel, etc.) obtained and recorded, and can users withdraw it easily?
- Can you provide a detailed retention schedule for each data category (e.g., newsletter subscribers, customer accounts, payment data)?
- Is there a mechanism for users to object to the legitimate‑interest processing of website logs, and how is that request handled?
Podijeli ovu analizu
Svatko s ovom poveznicom može vidjeti rezultat iznad.
Izradio DentroChat
100 % europski AI chat za sve
Razgovarajte s AI-jem, radite s datotekama, generirajte slike i pretražujte web. Podaci ostaju u Europi.