dentro.chat privacy policy — score 97/100 (low risk)

Ultima analiză 26 April 2026

Acest raport are mai mult de 28 de zile. Afișează ultima analiză salvată pentru această politică — actualizează pentru a reîncărca pagina live și a reînnoi scorul.

Conținutul raportului (rezumat, constatări, citate) a fost generat în engleză și nu este localizat.

97scor de confidențialitate

Detalii raport

low risc

One of the strongest privacy policies in the AI chat space — fully EU-hosted, transparent subprocessor list, no AI training on user data, and no US-based providers.

DentroChat's privacy policy is exceptionally transparent and privacy-oriented. The company publishes a detailed subprocessor list naming every provider, their purpose, and location. All 10 third-party subprocessors are based in the EU or Switzerland (EU adequacy decision). Infrastructure is self-hosted on Hetzner in Germany with encrypted backups on Scaleway in France. AI processing is handled by Mistral (France), Nebius (Netherlands), and Infomaniak (Switzerland). User data is explicitly never used for model training. Payment processing goes through Mollie (Netherlands) with no card data stored on DentroChat servers. Analytics use self-hosted Plausible without cookies. Retention periods are clearly defined per data category, and all GDPR rights are described with actionable instructions.

Ultima analiză26 April 2026

SursăURL

Lungime14,836 caractere

Evaluare pe categorii

Defalcare a politicii pe domenii cheie de conformitate. Bun = solid, rezonabil = mixt, slab = îngrijorător.

Data Minimizationgood

Collects only what is functionally necessary: account info, chat content, and basic technical data. No tracking cookies, no advertising identifiers.

Transparencygood

Publishes a full subprocessor list with provider names, purposes, and locations. Clearly states legal bases, retention periods, and data flows.

Third-party Sharinggood

10 named subprocessors, all in EU or Switzerland. No sharing for marketing or advertising. Self-hosts analytics, auth, deployment, and observability.

International Transfersgood

Zero transfers outside EU/EEA or adequacy countries. No US-based subprocessors. Switzerland covered by adequacy decision.

AI/Model Traininggood

Explicitly states user data is not used for AI model training. AI providers process data solely to generate responses and do not retain it.

User Rightsgood

All GDPR rights (access, rectification, erasure, restriction, portability, objection) clearly described with practical steps and contact info.

Constatări cheie

Clauze notabile, probleme sau practici pozitive identificate (critice primele)

Info

Fully EU-based infrastructure

All servers hosted on Hetzner in Germany. Encrypted backups on Scaleway in France. No infrastructure outside the EU/EEA or adequacy-decision countries.

Info

No US subprocessors

The policy and subprocessor list explicitly confirm zero US-based providers. All 10 third-party subprocessors are in Germany, France, Netherlands, Finland, or Switzerland.

Info

No AI training on user data

User conversations are explicitly not used to train AI models. AI providers (Mistral, Nebius, Infomaniak) process data solely to generate responses and do not retain it.

Info

Self-hosted critical services

Analytics (Plausible), authentication (Better Auth), LLM observability (Phoenix), and deployment (Coolify) are all self-hosted on own infrastructure in Germany — no data leaves to third parties for these functions.

Info

Cookie-free analytics

Uses self-hosted Plausible Analytics which does not use cookies and does not collect personal data, eliminating the need for a cookie consent banner.

Info

Clear data retention periods

Each data category has a specific retention policy: chat history until deletion, account data deleted within 30 days of closure, invoices 7 years per Estonian law, analytics aggregated and anonymised.

Rezumat pentru utilizator

This is one of the strongest privacy policies you will find for an AI chat service. Every subprocessor is named with their exact location. Data stays in Europe, is never used for training, and the company self-hosts critical infrastructure like analytics and authentication in Germany. Very few AI services offer this level of transparency.

Postură de conformitate

Excellent EU compliance posture. EU/EEA and adequacy-country-only infrastructure, explicit no-training commitment, clearly stated legal bases under GDPR Art. 6, published subprocessor list with 30-day advance notice for changes, and self-hosted analytics without cookies or personal data collection.

Transferuri UE

No transfers outside the EU/EEA or adequacy-decision countries. All subprocessors are in Germany, France, Netherlands, Finland, or Switzerland. The policy explicitly states: 'Your data never leaves the EU/EEA or countries with adequacy decisions.' Switzerland is covered by an EU adequacy decision.

Semnale detectate

Date și practici specifice identificate în text

Date colectate

NameEmail addressPassword (hashed)Account creation dateUser preferencesChat messagesAI responsesUploaded filesGenerated imagesWeb search queriesVoice input (transcribed, not stored)TimestampsFeature usageBrowser typeDevice type

Scopuri de prelucrare

Service deliveryAccount managementPayment processingProduct improvement (anonymous analytics)Legal complianceSupport and communication

Partajare cu terți

Mistral AI (France) — AI chatNebius B.V. (Netherlands) — AI chatInfomaniak SA (Switzerland) — AI chatBlack Forest Labs (Germany) — image generationLinkup (France) — web searchMollie B.V. (Netherlands) — paymentsLettermint (Netherlands) — emailsMigadu (Switzerland) — business emailHetzner (Germany) — hostingScaleway (France) — encrypted backups

AI / Antrenare modele

Explicitly does not train on user dataAI providers do not retain data for training

Fragmente probatorii

Citate directe din politică care susțin aceste constatări

We do not use any US-based subprocessors.

We do not sell your data. We do not use your chat conversations to train AI models. We do not share your data with third parties for their own marketing purposes.

Your data never leaves the EU/EEA or countries with adequacy decisions.

All AI providers are located within the EU. These providers process your data solely to generate a response and do not retain your data for training purposes.

We use self-hosted Plausible Analytics on both dentro.chat and app.dentro.chat. Plausible does not use cookies and does not collect personal data.

We will update this page when we add or remove subprocessors. If we add a subprocessor that materially changes how your data is processed, we will notify you via email at least 30 days in advance.

All data encrypted in transit using TLS 1.3. Data encrypted at rest on our servers. Encrypted backups stored separately from primary data.

Întrebări de pus

How often are encrypted backups tested for successful restoration?
Is there a formal incident response plan, and what is the notification timeline in case of a data breach?
Are subprocessor DPAs (Data Processing Agreements) available for review upon request?
What specific measures are in place to prevent unauthorized employee access to production chat data?

Această analiză este generată de AI și nu constituie consultanță juridică. Consultă întotdeauna un profesionist juridic calificat pentru decizii de conformitate GDPR.

Distribuie această analiză

Oricine are acest link poate vedea rezultatul de mai sus.

Creat de DentroChat

Chat AI 100% european pentru toți

Discută cu AI, lucrează cu fișiere, generează imagini și caută pe web. Datele rămân în Europa.

Infrastructură găzduită în UEText, fișiere, imagini și căutare webModuri Rapid, Gândire și CreativConfidențialitate în primul rândNicio dată nu părăsește Europa

Încearcă gratuit →