dentro.chat privacy policy — score 97/100 (low risk)

Última análise 26 April 2026

Este relatório tem mais de 28 dias. Mostra a última análise guardada para esta política — atualize para voltar a obter a página em direto e renovar a pontuação.

O conteúdo do relatório (resumo, conclusões, citações) foi gerado em inglês e não está localizado.

97pontuação de privacidade

Detalhes do relatório

low risco

One of the strongest privacy policies in the AI chat space — fully EU-hosted, transparent subprocessor list, no AI training on user data, and no US-based providers.

DentroChat's privacy policy is exceptionally transparent and privacy-oriented. The company publishes a detailed subprocessor list naming every provider, their purpose, and location. All 10 third-party subprocessors are based in the EU or Switzerland (EU adequacy decision). Infrastructure is self-hosted on Hetzner in Germany with encrypted backups on Scaleway in France. AI processing is handled by Mistral (France), Nebius (Netherlands), and Infomaniak (Switzerland). User data is explicitly never used for model training. Payment processing goes through Mollie (Netherlands) with no card data stored on DentroChat servers. Analytics use self-hosted Plausible without cookies. Retention periods are clearly defined per data category, and all GDPR rights are described with actionable instructions.

Última análise26 April 2026

FonteURL

Comprimento14,836 caracteres

Avaliação por categoria

Repartição da política pelas principais áreas de conformidade. Bom = sólido, razoável = misto, fraco = preocupante.

Data Minimizationgood

Collects only what is functionally necessary: account info, chat content, and basic technical data. No tracking cookies, no advertising identifiers.

Transparencygood

Publishes a full subprocessor list with provider names, purposes, and locations. Clearly states legal bases, retention periods, and data flows.

Third-party Sharinggood

10 named subprocessors, all in EU or Switzerland. No sharing for marketing or advertising. Self-hosts analytics, auth, deployment, and observability.

International Transfersgood

Zero transfers outside EU/EEA or adequacy countries. No US-based subprocessors. Switzerland covered by adequacy decision.

AI/Model Traininggood

Explicitly states user data is not used for AI model training. AI providers process data solely to generate responses and do not retain it.

User Rightsgood

All GDPR rights (access, rectification, erasure, restriction, portability, objection) clearly described with practical steps and contact info.

Conclusões principais

Cláusulas relevantes, problemas ou boas práticas identificadas (críticas primeiro)

Info

Fully EU-based infrastructure

All servers hosted on Hetzner in Germany. Encrypted backups on Scaleway in France. No infrastructure outside the EU/EEA or adequacy-decision countries.

Info

No US subprocessors

The policy and subprocessor list explicitly confirm zero US-based providers. All 10 third-party subprocessors are in Germany, France, Netherlands, Finland, or Switzerland.

Info

No AI training on user data

User conversations are explicitly not used to train AI models. AI providers (Mistral, Nebius, Infomaniak) process data solely to generate responses and do not retain it.

Info

Self-hosted critical services

Analytics (Plausible), authentication (Better Auth), LLM observability (Phoenix), and deployment (Coolify) are all self-hosted on own infrastructure in Germany — no data leaves to third parties for these functions.

Info

Cookie-free analytics

Uses self-hosted Plausible Analytics which does not use cookies and does not collect personal data, eliminating the need for a cookie consent banner.

Info

Clear data retention periods

Each data category has a specific retention policy: chat history until deletion, account data deleted within 30 days of closure, invoices 7 years per Estonian law, analytics aggregated and anonymised.

Resumo para o utilizador

This is one of the strongest privacy policies you will find for an AI chat service. Every subprocessor is named with their exact location. Data stays in Europe, is never used for training, and the company self-hosts critical infrastructure like analytics and authentication in Germany. Very few AI services offer this level of transparency.

Postura de conformidade

Excellent EU compliance posture. EU/EEA and adequacy-country-only infrastructure, explicit no-training commitment, clearly stated legal bases under GDPR Art. 6, published subprocessor list with 30-day advance notice for changes, and self-hosted analytics without cookies or personal data collection.

Transferências UE

No transfers outside the EU/EEA or adequacy-decision countries. All subprocessors are in Germany, France, Netherlands, Finland, or Switzerland. The policy explicitly states: 'Your data never leaves the EU/EEA or countries with adequacy decisions.' Switzerland is covered by an EU adequacy decision.

Sinais detetados

Dados e práticas específicas identificadas no texto

Dados recolhidos

NameEmail addressPassword (hashed)Account creation dateUser preferencesChat messagesAI responsesUploaded filesGenerated imagesWeb search queriesVoice input (transcribed, not stored)TimestampsFeature usageBrowser typeDevice type

Finalidades do tratamento

Service deliveryAccount managementPayment processingProduct improvement (anonymous analytics)Legal complianceSupport and communication

Partilha com terceiros

Mistral AI (France) — AI chatNebius B.V. (Netherlands) — AI chatInfomaniak SA (Switzerland) — AI chatBlack Forest Labs (Germany) — image generationLinkup (France) — web searchMollie B.V. (Netherlands) — paymentsLettermint (Netherlands) — emailsMigadu (Switzerland) — business emailHetzner (Germany) — hostingScaleway (France) — encrypted backups

IA / Treino de modelos

Explicitly does not train on user dataAI providers do not retain data for training

Fragmentos de evidência

Citações diretas da política que suportam estas conclusões

We do not use any US-based subprocessors.

We do not sell your data. We do not use your chat conversations to train AI models. We do not share your data with third parties for their own marketing purposes.

Your data never leaves the EU/EEA or countries with adequacy decisions.

All AI providers are located within the EU. These providers process your data solely to generate a response and do not retain your data for training purposes.

We use self-hosted Plausible Analytics on both dentro.chat and app.dentro.chat. Plausible does not use cookies and does not collect personal data.

We will update this page when we add or remove subprocessors. If we add a subprocessor that materially changes how your data is processed, we will notify you via email at least 30 days in advance.

All data encrypted in transit using TLS 1.3. Data encrypted at rest on our servers. Encrypted backups stored separately from primary data.

Perguntas a fazer

How often are encrypted backups tested for successful restoration?
Is there a formal incident response plan, and what is the notification timeline in case of a data breach?
Are subprocessor DPAs (Data Processing Agreements) available for review upon request?
What specific measures are in place to prevent unauthorized employee access to production chat data?

Esta análise é gerada por IA e não constitui aconselhamento jurídico. Consulte sempre um profissional jurídico qualificado para decisões de conformidade com o RGPD.

Partilhar esta análise

Qualquer pessoa com esta ligação pode ver o resultado acima.

Criado pela DentroChat

Chat de IA 100% europeu para todos

Converse com IA, trabalhe com ficheiros, gere imagens e pesquise na web. Os dados permanecem na Europa.

Infraestrutura alojada na UETexto, ficheiros, imagens e pesquisa webModos Rápido, Reflexão e CriativoPrivacidade em primeiro lugarNenhum dado sai da Europa

Experimentar grátis →