DentroChat logo
Prova gratis

qdrant.tech privacy policy — score 65/100 (medium risk)

Senast analyserad

Den här rapporten är äldre än 28 dagar. Den visar den senast sparade analysen för den här policyn — uppdatera för att hämta den live-sidan och förnya poängen.

Rapportinnehållet (sammanfattning, fynd, citat) genererades på engelska och är inte lokaliserat.

Rapportdetaljer

medium risk

Qdrant’s policy leans heavily on legitimate‑interest and US third‑party transfers, gives consent options for newsletters, but lacks clear limits on data collection and any mention of AI model training, making it only moderately privacy‑friendly.

The privacy policy provides the required legal bases and lists many processors, but it often relies on legitimate interest for core website functions, gives vague retention periods, and does not disclose whether user data is used to train AI models. International transfers are covered by SCCs and the EU‑US Data Privacy Framework, yet the reliance on US providers remains a risk. User rights are described, but practical mechanisms (e.g., easy withdrawal of consent, DPO contact process) are not detailed.

Senast analyserad
KällaURL
Längd120,000 tecken

Bedömning per kategori

Uppdelning av policyn över viktiga efterlevnadsområden. Bra = stark, rimlig = blandad, dålig = oroande.

Data Minimizationfair

The policy does not specify limits on the amount of data collected; it lists many data points (IP, browser details, usage logs) collected by default.

Transparencyfair

Legal bases are listed, but the description of processing purposes is generic and does not detail profiling or AI model training.

Third-party Sharingfair

Numerous third parties (HubSpot, Segment, Google Analytics, Mixpanel, Stripe, Netlify) are used, many based outside the EEA, with reliance on SCCs.

International Transfersfair

Transfers are covered by SCCs and the EU‑US Data Privacy Framework, but the policy lacks per‑processor risk assessments.

AI/Model Trainingpoor

No mention of whether personal data is used to train Qdrant’s AI models or how users can opt‑out.

User Rightsgood

Rights are enumerated (access, rectification, erasure, portability, objection) and contact details for the DPO are provided.

Viktiga fynd

Anmärkningsvärda klausuler, problem eller positiva rutiner (kritiska först)

Kritisk

No disclosure of AI or model‑training usage

The policy never mentions whether personal data collected via the website or cloud service is used to train or improve Qdrant’s AI models, leaving a significant transparency gap.

Varning

Extensive reliance on legitimate interest for core website functions

The policy states that IP address, browser details, and other log data are processed on the basis of Art. 6(1)(f) GDPR as a legitimate interest, without offering a clear opt‑out mechanism for users.

Varning

Broad international data transfers to US providers

Multiple US‑based processors (HubSpot, Segment, Google Analytics, Mixpanel, OneTrust, Netlify) are used, with transfers justified by standard contractual clauses or the EU‑US Data Privacy Framework, but the policy does not disclose specific safeguards per processor.

Info

Vague data retention periods for many categories

While log files are deleted after 14 days and IPs after 90 days, other data (e.g., newsletter contacts, customer accounts) have no explicit retention schedule, relying on “as long as necessary” language.

Info

Consent management for newsletters is described, but the revocation process is unclear

The policy says consent can be revoked by clicking a link or emailing, but does not specify how quickly the revocation is processed or whether it automatically stops all marketing communications.

Sammanfattning för användaren

Your data may be shared with many US‑based services (e.g., HubSpot, Google Analytics, Mixpanel) under standard contractual clauses; you can object to direct marketing, but the policy does not clearly explain how your data might be used for AI training or profiling beyond marketing.

Efterlevnadsställning

Mixed – the policy meets many formal GDPR requirements (legal bases, rights, DPO contact) but falls short on transparency about data minimisation, purpose limitation, and AI usage.

EU-överföringar

Transfers to the US are justified by SCCs and the EU‑US Data Privacy Framework, but the policy does not provide detailed safeguards for each processor, nor does it offer an easy way for data subjects to object to such transfers.

Upptäckta signaler

Specifika datapunkter och rutiner identifierade i texten

Insamlad data
IP addressDate and time of requestTime zone difference to GMTContent of the request (specific page)Access status/HTTP status codeAmount of data transferredWebsite referrer URLBrowser operating system and versionLanguage and version of the browser softwareFirst and last nameE‑mail addressCustomer IDRegionCluster statusCloud providerAuthentication typePayment informationRAM usageDeployment type
Behandlingsändamål
Website stability and securityProviding and maintaining Qdrant Cloud ServiceCustomer support and contact form handlingMarketing newsletters and direct advertisingStatistical analysis and service improvementPayment processingEmployment recruitmentAnalytics and profiling for advertising
Delning med tredje part
HubSpot (USA, EU processing)Segment (USA)Google Analytics (USA)Google Tag Manager (USA)Mixpanel (USA)OneTrust (USA)Netlify (USA)Stripe (USA and EU)Auth0 (USA, SCCs and EU‑US Data Privacy Framework)Mailjet (EU)HeyData (EU)
Internationella överföringar
Standard contractual clauses for Netlify, Segment, OneTrust, Stripe, Auth0EU‑US Data Privacy Framework for HubSpot, Stripe, Auth0

Bevisutdrag

Direkta citat från policyn som stödjer dessa fynd

During the informative use of the website, ... we collect the personal data that the browser transmits to our server ... This is our legitimate interest, so that the legal basis is Art. 6 para. 1 s. 1 lit. f GDPR.

We use HubSpot to manage leads ... The provider processes usage data ... in the EU. The legal basis for the processing is Art. 6 para. 1 s. 1 lit. f GDPR.

We use Google Analytics for analytics. ... The legal basis for the processing is Art. 6 para. 1 s. 1 lit. a GDPR. The processing is based on consent.

Data subjects have the following rights ... Right of access, Right to correction or deletion, Right to limit processing, Right to object ...

The legal basis for the transfer to a country outside the EEA are standard contractual clauses. The security of the data transferred ... is guaranteed by standard data protection clauses (Art. 46 para. 2 lit. c GDPR).

Saknas eller otydligt

  • Explicit statement on whether personal data is used for AI model training or improvement
  • Detailed retention periods for non‑log data (e.g., newsletter contacts, customer accounts)
  • Clear opt‑out mechanism for legitimate‑interest processing of website logs
  • Information on profiling beyond direct marketing

Frågor att ställa

  • Do you use any of the collected personal data (including log data) to train or improve Qdrant’s AI models, and if so, can users opt‑out?
  • What specific safeguards (technical or contractual) are in place for each US‑based processor beyond the generic SCCs?
  • How is consent for analytics (Google Analytics, Mixpanel, etc.) obtained and recorded, and can users withdraw it easily?
  • Can you provide a detailed retention schedule for each data category (e.g., newsletter subscribers, customer accounts, payment data)?
  • Is there a mechanism for users to object to the legitimate‑interest processing of website logs, and how is that request handled?
Den här analysen genereras av AI och är inte juridisk rådgivning. Rådfråga alltid en kvalificerad jurist för efterlevnadsbeslut.

Dela den här analysen

Alla med den här länken kan se resultatet ovan.

Byggd av DentroChat

100 % europeisk AI-chatt för alla

Chatta med AI, arbeta med filer, generera bilder och sök på webben. Data stannar i Europa.

Infrastruktur hostad i EUText, filer, bilder och webbsökningSnabb-, Tänk- och Kreativ-lägenIntegritet först som standardIngen data lämnar Europa
Prova gratis →