qdrant.tech privacy policy — score 65/100 (medium risk)
Ultima analiză
Acest raport are mai mult de 28 de zile. Afișează ultima analiză salvată pentru această politică — actualizează pentru a reîncărca pagina live și a reînnoi scorul.
Conținutul raportului (rezumat, constatări, citate) a fost generat în engleză și nu este localizat.
Detalii raport
medium riscQdrant’s policy leans heavily on legitimate‑interest and US third‑party transfers, gives consent options for newsletters, but lacks clear limits on data collection and any mention of AI model training, making it only moderately privacy‑friendly.
The privacy policy provides the required legal bases and lists many processors, but it often relies on legitimate interest for core website functions, gives vague retention periods, and does not disclose whether user data is used to train AI models. International transfers are covered by SCCs and the EU‑US Data Privacy Framework, yet the reliance on US providers remains a risk. User rights are described, but practical mechanisms (e.g., easy withdrawal of consent, DPO contact process) are not detailed.
Evaluare pe categorii
Defalcare a politicii pe domenii cheie de conformitate. Bun = solid, rezonabil = mixt, slab = îngrijorător.
The policy does not specify limits on the amount of data collected; it lists many data points (IP, browser details, usage logs) collected by default.
Legal bases are listed, but the description of processing purposes is generic and does not detail profiling or AI model training.
Numerous third parties (HubSpot, Segment, Google Analytics, Mixpanel, Stripe, Netlify) are used, many based outside the EEA, with reliance on SCCs.
Transfers are covered by SCCs and the EU‑US Data Privacy Framework, but the policy lacks per‑processor risk assessments.
No mention of whether personal data is used to train Qdrant’s AI models or how users can opt‑out.
Rights are enumerated (access, rectification, erasure, portability, objection) and contact details for the DPO are provided.
Constatări cheie
Clauze notabile, probleme sau practici pozitive identificate (critice primele)
No disclosure of AI or model‑training usage
The policy never mentions whether personal data collected via the website or cloud service is used to train or improve Qdrant’s AI models, leaving a significant transparency gap.
Extensive reliance on legitimate interest for core website functions
The policy states that IP address, browser details, and other log data are processed on the basis of Art. 6(1)(f) GDPR as a legitimate interest, without offering a clear opt‑out mechanism for users.
Broad international data transfers to US providers
Multiple US‑based processors (HubSpot, Segment, Google Analytics, Mixpanel, OneTrust, Netlify) are used, with transfers justified by standard contractual clauses or the EU‑US Data Privacy Framework, but the policy does not disclose specific safeguards per processor.
Vague data retention periods for many categories
While log files are deleted after 14 days and IPs after 90 days, other data (e.g., newsletter contacts, customer accounts) have no explicit retention schedule, relying on “as long as necessary” language.
Consent management for newsletters is described, but the revocation process is unclear
The policy says consent can be revoked by clicking a link or emailing, but does not specify how quickly the revocation is processed or whether it automatically stops all marketing communications.
Rezumat pentru utilizator
Your data may be shared with many US‑based services (e.g., HubSpot, Google Analytics, Mixpanel) under standard contractual clauses; you can object to direct marketing, but the policy does not clearly explain how your data might be used for AI training or profiling beyond marketing.
Postură de conformitate
Mixed – the policy meets many formal GDPR requirements (legal bases, rights, DPO contact) but falls short on transparency about data minimisation, purpose limitation, and AI usage.
Transferuri UE
Transfers to the US are justified by SCCs and the EU‑US Data Privacy Framework, but the policy does not provide detailed safeguards for each processor, nor does it offer an easy way for data subjects to object to such transfers.
Semnale detectate
Date și practici specifice identificate în text
Fragmente probatorii
Citate directe din politică care susțin aceste constatări
During the informative use of the website, ... we collect the personal data that the browser transmits to our server ... This is our legitimate interest, so that the legal basis is Art. 6 para. 1 s. 1 lit. f GDPR.
We use HubSpot to manage leads ... The provider processes usage data ... in the EU. The legal basis for the processing is Art. 6 para. 1 s. 1 lit. f GDPR.
We use Google Analytics for analytics. ... The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. The processing is based on consent.
Data subjects have the following rights ... Right of access, Right to correction or deletion, Right to limit processing, Right to object ...
The legal basis for the transfer to a country outside the EEA are standard contractual clauses. The security of the data transferred ... is guaranteed by standard data protection clauses (Art. 46 para. 2 lit. c GDPR).
Lipsă sau neclar
- Explicit statement on whether personal data is used for AI model training or improvement
- Detailed retention periods for non‑log data (e.g., newsletter contacts, customer accounts)
- Clear opt‑out mechanism for legitimate‑interest processing of website logs
- Information on profiling beyond direct marketing
Întrebări de pus
- Do you use any of the collected personal data (including log data) to train or improve Qdrant’s AI models, and if so, can users opt‑out?
- What specific safeguards (technical or contractual) are in place for each US‑based processor beyond the generic SCCs?
- How is consent for analytics (Google Analytics, Mixpanel, etc.) obtained and recorded, and can users withdraw it easily?
- Can you provide a detailed retention schedule for each data category (e.g., newsletter subscribers, customer accounts, payment data)?
- Is there a mechanism for users to object to the legitimate‑interest processing of website logs, and how is that request handled?
Distribuie această analiză
Oricine are acest link poate vedea rezultatul de mai sus.
Creat de DentroChat
Chat AI 100% european pentru toți
Discută cu AI, lucrează cu fișiere, generează imagini și caută pe web. Datele rămân în Europa.