dentro.chat privacy policy — score 97/100 (low risk)

Senast analyserad 26 April 2026

Den här rapporten är äldre än 28 dagar. Den visar den senast sparade analysen för den här policyn — uppdatera för att hämta den live-sidan och förnya poängen.

Rapportinnehållet (sammanfattning, fynd, citat) genererades på engelska och är inte lokaliserat.

97integritetspoäng

Rapportdetaljer

low risk

One of the strongest privacy policies in the AI chat space — fully EU-hosted, transparent subprocessor list, no AI training on user data, and no US-based providers.

DentroChat's privacy policy is exceptionally transparent and privacy-oriented. The company publishes a detailed subprocessor list naming every provider, their purpose, and location. All 10 third-party subprocessors are based in the EU or Switzerland (EU adequacy decision). Infrastructure is self-hosted on Hetzner in Germany with encrypted backups on Scaleway in France. AI processing is handled by Mistral (France), Nebius (Netherlands), and Infomaniak (Switzerland). User data is explicitly never used for model training. Payment processing goes through Mollie (Netherlands) with no card data stored on DentroChat servers. Analytics use self-hosted Plausible without cookies. Retention periods are clearly defined per data category, and all GDPR rights are described with actionable instructions.

Senast analyserad26 April 2026

KällaURL

Längd14,836 tecken

Bedömning per kategori

Uppdelning av policyn över viktiga efterlevnadsområden. Bra = stark, rimlig = blandad, dålig = oroande.

Data Minimizationgood

Collects only what is functionally necessary: account info, chat content, and basic technical data. No tracking cookies, no advertising identifiers.

Transparencygood

Publishes a full subprocessor list with provider names, purposes, and locations. Clearly states legal bases, retention periods, and data flows.

Third-party Sharinggood

10 named subprocessors, all in EU or Switzerland. No sharing for marketing or advertising. Self-hosts analytics, auth, deployment, and observability.

International Transfersgood

Zero transfers outside EU/EEA or adequacy countries. No US-based subprocessors. Switzerland covered by adequacy decision.

AI/Model Traininggood

Explicitly states user data is not used for AI model training. AI providers process data solely to generate responses and do not retain it.

User Rightsgood

All GDPR rights (access, rectification, erasure, restriction, portability, objection) clearly described with practical steps and contact info.

Viktiga fynd

Anmärkningsvärda klausuler, problem eller positiva rutiner (kritiska först)

Info

Fully EU-based infrastructure

All servers hosted on Hetzner in Germany. Encrypted backups on Scaleway in France. No infrastructure outside the EU/EEA or adequacy-decision countries.

Info

No US subprocessors

The policy and subprocessor list explicitly confirm zero US-based providers. All 10 third-party subprocessors are in Germany, France, Netherlands, Finland, or Switzerland.

Info

No AI training on user data

User conversations are explicitly not used to train AI models. AI providers (Mistral, Nebius, Infomaniak) process data solely to generate responses and do not retain it.

Info

Self-hosted critical services

Analytics (Plausible), authentication (Better Auth), LLM observability (Phoenix), and deployment (Coolify) are all self-hosted on own infrastructure in Germany — no data leaves to third parties for these functions.

Info

Cookie-free analytics

Uses self-hosted Plausible Analytics which does not use cookies and does not collect personal data, eliminating the need for a cookie consent banner.

Info

Clear data retention periods

Each data category has a specific retention policy: chat history until deletion, account data deleted within 30 days of closure, invoices 7 years per Estonian law, analytics aggregated and anonymised.

Sammanfattning för användaren

This is one of the strongest privacy policies you will find for an AI chat service. Every subprocessor is named with their exact location. Data stays in Europe, is never used for training, and the company self-hosts critical infrastructure like analytics and authentication in Germany. Very few AI services offer this level of transparency.

Efterlevnadsställning

Excellent EU compliance posture. EU/EEA and adequacy-country-only infrastructure, explicit no-training commitment, clearly stated legal bases under GDPR Art. 6, published subprocessor list with 30-day advance notice for changes, and self-hosted analytics without cookies or personal data collection.

EU-överföringar

No transfers outside the EU/EEA or adequacy-decision countries. All subprocessors are in Germany, France, Netherlands, Finland, or Switzerland. The policy explicitly states: 'Your data never leaves the EU/EEA or countries with adequacy decisions.' Switzerland is covered by an EU adequacy decision.

Upptäckta signaler

Specifika datapunkter och rutiner identifierade i texten

Insamlad data

NameEmail addressPassword (hashed)Account creation dateUser preferencesChat messagesAI responsesUploaded filesGenerated imagesWeb search queriesVoice input (transcribed, not stored)TimestampsFeature usageBrowser typeDevice type

Behandlingsändamål

Service deliveryAccount managementPayment processingProduct improvement (anonymous analytics)Legal complianceSupport and communication

Delning med tredje part

Mistral AI (France) — AI chatNebius B.V. (Netherlands) — AI chatInfomaniak SA (Switzerland) — AI chatBlack Forest Labs (Germany) — image generationLinkup (France) — web searchMollie B.V. (Netherlands) — paymentsLettermint (Netherlands) — emailsMigadu (Switzerland) — business emailHetzner (Germany) — hostingScaleway (France) — encrypted backups

AI / Modellträning

Explicitly does not train on user dataAI providers do not retain data for training

Bevisutdrag

Direkta citat från policyn som stödjer dessa fynd

We do not use any US-based subprocessors.

We do not sell your data. We do not use your chat conversations to train AI models. We do not share your data with third parties for their own marketing purposes.

Your data never leaves the EU/EEA or countries with adequacy decisions.

All AI providers are located within the EU. These providers process your data solely to generate a response and do not retain your data for training purposes.

We use self-hosted Plausible Analytics on both dentro.chat and app.dentro.chat. Plausible does not use cookies and does not collect personal data.

We will update this page when we add or remove subprocessors. If we add a subprocessor that materially changes how your data is processed, we will notify you via email at least 30 days in advance.

All data encrypted in transit using TLS 1.3. Data encrypted at rest on our servers. Encrypted backups stored separately from primary data.

Frågor att ställa

How often are encrypted backups tested for successful restoration?
Is there a formal incident response plan, and what is the notification timeline in case of a data breach?
Are subprocessor DPAs (Data Processing Agreements) available for review upon request?
What specific measures are in place to prevent unauthorized employee access to production chat data?

Den här analysen genereras av AI och är inte juridisk rådgivning. Rådfråga alltid en kvalificerad jurist för efterlevnadsbeslut.

Dela den här analysen

Alla med den här länken kan se resultatet ovan.

Byggd av DentroChat

100 % europeisk AI-chatt för alla

Chatta med AI, arbeta med filer, generera bilder och sök på webben. Data stannar i Europa.

Infrastruktur hostad i EUText, filer, bilder och webbsökningSnabb-, Tänk- och Kreativ-lägenIntegritet först som standardIngen data lämnar Europa

Prova gratis →