eualternative.eu privacy policy — score 94/100 (low risk)
Senast analyserad
Rapportinnehållet (sammanfattning, fynd, citat) genererades på engelska och är inte lokaliserat.
Nineties Engineering OÜ · eualternative.eu
Rapportdetaljer
low riskNineties Engineering OÜ's website EU Alternative is a model of privacy-by-design, collecting almost no personal data, avoiding all tracking, and keeping everything hosted exclusively in the EU.
Nineties Engineering OÜ's website EU Alternative is a model of privacy-by-design, collecting almost no personal data, avoiding all tracking, and keeping everything hosted exclusively in the EU.
Bedömning per kategori
Uppdelning av policyn över viktiga efterlevnadsområden. Bra = stark, rimlig = blandad, dålig = oroande.
Collection is strictly limited to voluntary contact form submissions and anonymous aggregated statistics, backed by an explicit no-logs policy and no tracking cookies.
The policy is written in plain language and clearly identifies the controller, purposes, legal bases, and user rights, though it lacks specifics on cookie names and exact retention days.
Only Plausible Analytics is disclosed as a third party for anonymous statistics, with no advertising trackers or data sales, but an explicit Article 28 DPA is not confirmed.
The policy explicitly states exclusive EU hosting and affirms that personal data is not transferred to third countries outside the EU/EEA.
The policy is entirely silent on whether user data is used for AI or model training, leaving users unable to verify this practice despite the otherwise minimal data collection.
All major GDPR rights are clearly listed with specific articles cited, and contact details for both the controller and the Estonian supervisory authority are provided.
Viktiga fynd
Anmärkningsvärda klausuler, problem eller positiva rutiner (kritiska först)
Vague retention periods
Retention periods for contact form messages are vague, stating they are kept only 'as long as needed to handle your enquiry and any related follow-up,' without specifying a concrete maximum timeframe or automatic deletion schedule.
Missing DPA confirmation
While Plausible Analytics is described as GDPR-compliant, the policy does not explicitly confirm whether a written Data Processing Agreement under Article 28 GDPR has been concluded with them.
Silent on AI training
The policy is completely silent on whether user data—particularly contact form submissions—is ever used for AI or machine-learning model training.
Unspecified spam cookies
The strictly necessary cookies used for spam protection on the contact form are mentioned but lack specifics on their name, provider, duration, or the exact data they process.
No server logs
The website explicitly states that servers are configured to not log any information, which is an exceptional privacy-by-design measure that eliminates a common source of personal data leakage.
Sammanfattning för användaren
Nineties Engineering OÜ's website EU Alternative is a model of privacy-by-design, collecting almost no personal data, avoiding all tracking, and keeping everything hosted exclusively in the EU.
Efterlevnadsställning
strong
EU-överföringar
EU-only hosting with no third-country transfers described.
Upptäckta signaler
Specifika datapunkter och rutiner identifierade i texten
Bevisutdrag
Direkta citat från policyn som stödjer dessa fynd
Server logs: our servers are configured to not log any information.
Contact form messages are kept for as long as needed to handle your enquiry and any related follow-up, and then deleted.
We use Plausible Analytics, a GDPR- and ePrivacy-compliant tool that does not use cookies and does not collect IP addresses.
This website is hosted exclusively on servers located within the European Union. Personal data processed in connection with this website is not transferred to third countries outside the EU/EEA.
The only cookies that may be set are strictly necessary cookies on the contact form, used solely to help protect the form against spam and abuse.
Saknas eller otydligt
- No mention of AI or machine-learning model training practices or an opt-out mechanism.
- No specific retention schedule or automatic deletion timeframe for contact form personal data.
- No explicit confirmation of an Article 28 GDPR Data Processing Agreement with Plausible Analytics.
- No details on the spam protection cookie provider, cookie names, or expiration periods.
- No information on data backup practices, locations, or retention.
- No description of personal data breach notification procedures.
Frågor att ställa
- What is the maximum retention period for contact form submissions, and is deletion performed automatically after a fixed number of days?
- Is a written Data Processing Agreement under Article 28 GDPR in place with Plausible Analytics?
- What specific spam protection cookies are set on the contact form, who provides them, and what is their expiration period?
- Are contact form submissions or any other user data ever used to train AI or machine-learning models?
- Are backups of contact form data created, and if so, where are they stored and for how long?
Dela den här analysen
Alla med den här länken kan se resultatet ovan.
Byggd av DentroChat
100 % europeisk AI-chatt för alla
Chatta med AI, arbeta med filer, generera bilder och sök på webben. Data stannar i Europa.