scaleway.com privacy policy — score 55/100 (medium risk)
Sist analysert
Rapportinnholdet (sammendrag, funn, sitater) er generert på engelsk og er ikke lokalisert.
Scaleway SAS · scaleway.com
Rapportdetaljer
medium risikoScaleway talks a big game on European data sovereignty, but this marketing page provides zero actual privacy policy substance to back those claims up.
Scaleway positions itself as a sovereign European cloud and AI alternative to US hyperscalers, emphasizing data sovereignty, European regions, and open technology. However, the provided text is entirely a marketing landing page — it links to a Privacy Policy, Contracts, and Trust Center but includes none of their content. The sovereignty claims are promising but legally unverifiable from this material alone. The offering of AI/ML training infrastructure (including LLM training) without any disclosure about how customer data or model inputs are handled is a notable gap. The mention of 65+ worldwide points of presence also creates tension with the European sovereignty messaging.
Vurdering per kategori
Oppdeling av erklæringen på viktige compliance-områder. God = sterk, rimelig = blandet, dårlig = bekymringsfull.
No privacy policy content provided; impossible to assess what personal data Scaleway collects from its own customers or end users.
Marketing page makes strong sovereignty claims but provides no on-page legal definitions, data processing details, or policy substance.
No subprocessor list or DPA included; Scaleway's role as a cloud IaaS provider means customers control their own data, but Scaleway's own subprocessors are undisclosed here.
Four EU regions are highlighted, but 65+ worldwide PoPs are mentioned without clarification on whether customer data transits or resides outside the EU/EEA.
Scaleway offers GPU infrastructure for LLM training but is completely silent on whether customer data or AI workloads are accessed or used for Scaleway's own purposes.
No mention of GDPR rights (access, deletion, portability, objection) anywhere in the provided text; the linked Privacy Policy was not included.
Viktige funn
Bemerkelsesverdige klausuler, problemer eller gode praksiser (kritiske først)
AI/ML services offered with no data use disclosure
Scaleway provides GPU infrastructure for multi-node LLM training and AI workloads. The page is entirely silent on whether Scaleway accesses, inspects, or uses customer AI training data, model weights, or inference inputs for any purpose. For a cloud provider handling sensitive AI workloads, this is a critical gap.
No privacy policy or DPA content provided for review
The page links to a Privacy Policy, Cookie policy, Contracts page, and Trust Center, but none of these documents were included in the submitted text. Without these, it is impossible to assess data collection, retention, legal bases, subprocessors, or user rights.
Sovereignty claims lack legal substantiation
The page repeatedly asserts 'data sovereignty' and positions Scaleway as a European alternative to hyperscalers, but no DPA, data processing agreement, or legal definition of what 'sovereignty' means in Scaleway's contracts is provided. The claim 'we ensure the data sovereignty of our customers' is a marketing assertion without supporting legal text.
Worldwide PoPs create potential transfer risk
While 4 EU regions are emphasized, the page also references '65+ Points of presence worldwide.' No information is given about whether these PoPs process, cache, or store customer data, whether any fall outside the EU/EEA, or what transfer safeguards apply. This directly undermines the sovereignty narrative if data routes through non-EU nodes.
Shared Responsibility Model referenced but not detailed
The footer links to a 'Shared Responsibility Model' page, which is relevant for understanding data protection obligations between Scaleway and its customers, but its content is not provided. This is particularly important for IaaS/PaaS providers where the customer is typically the data controller.
Oppsummering for brukeren
Scaleway's European positioning is appealing if you need EU-hosted cloud, but you must review their actual Privacy Policy and DPA before trusting sovereignty claims — this page proves nothing concrete.
Compliance-stilling
Indeterminate. The marketing language aligns with EU values (sovereignty, transparency, renewable energy), but no privacy policy, DPA, subprocessor list, or data processing details are provided in the submitted text. Compliance posture cannot be verified.
EU-overføringer
Scaleway states it has 4 Multi-AZ cloud regions in Europe, which is positive. However, it also references 65+ points of presence worldwide, and no information is provided about whether data traverses or is stored outside the EU/EEA, nor whether Standard Contractual Clauses or other transfer mechanisms are in place for any non-EU infrastructure.
Oppdagede signaler
Spesifikke datapunkter og praksiser identifisert i teksten
Bevisutdrag
Direkte sitater fra erklæringen som støtter disse funnene
As a European alternative to hyperscalers, we ensure the data sovereignty of our customers.
4 Multi-AZ cloud regions in Europe
65+ Points of presence worldwide
We provide modern GPU-based infrastructures to enable multi-node training of LLMs and simple node training.
Dependency is the enemy of resilience. Customers want their data hosted by a regional provider. Gain sovereignty with our multi-cloud tools & infrastructure.
Mangler eller uklart
- Privacy Policy content
- Data Processing Agreement (DPA)
- Subprocessor list
- Data retention periods
- Legal bases for processing
- GDPR user rights procedures
- International data transfer safeguards
- AI training data usage policy
- Cookie and tracking details
- Data breach notification procedures
- Shared Responsibility Model details
Spørsmål å stille
- What legal definition of 'data sovereignty' does Scaleway commit to in its contracts — is it limited to data storage location, or does it include protection from foreign government access (e.g., US CLOUD Act)?
- Do any of the 65+ worldwide points of presence process, cache, or store customer data outside the EU/EEA, and if so, what transfer mechanisms are in place?
- Does Scaleway access, inspect, or use customer AI training data, model weights, or inference inputs for any purpose beyond providing the contracted service?
- What subprocessors does Scaleway use, and where are they located?
- How does Scaleway handle government or law enforcement data requests, particularly from non-EU jurisdictions?
- What are the data retention periods for account data, billing data, and infrastructure logs?
Del denne analysen
Alle med denne lenken kan se resultatet ovenfor.
Bygget av DentroChat
100 % europeisk AI-chat for alle
Chat med AI, jobb med filer, generer bilder og søk på nettet. Data forblir i Europa.