Privacy policy reports
Every saved analysis appears here automatically. Search by company or domain, filter by risk level, and open the full report for scores, findings, and evidence.
39 reports
dentro.chat
97
lowOne of the strongest privacy policies in the AI chat space — fully EU-hosted, transparent subprocessor list, no AI training on user data, and no US-based providers.
View report →eualternative.eu
94
lowNineties Engineering OÜ's website EU Alternative is a model of privacy-by-design, collecting almost no personal data, avoiding all tracking, and keeping everything hosted exclusively in the EU.
View report →startpage.com
90
lowStartpage offers exceptional privacy by design, collecting virtually no personal data and explicitly rejecting tracking, profiling, and search logging, though minor data flows to third-party ad and analytics providers exist.
View report →proton.me
88
lowProton offers strong privacy protections with end-to-end encryption and minimal data collection, though some data is shared with US-based processors for payments and support, and network traffic may route through third parties to bypass censorship.
View report →kolsetu.com
85
lowKolsetu generally respects EU privacy rules, but it over‑collects usage data, lacks a public DPO, and provides limited detail on some international transfers.
View report →duckduckgo.com
82
lowDuckDuckGo lives up to its no-tracking promise for core search and browsing, but its growing optional features (Duck.ai, Sync & Backup) and the Microsoft ad partnership introduce data flows the policy doesn't fully explain, especially around AI training and international transfer safeguards.
View report →berlin.de
80
lowThe Berlin Senate Chancellery's privacy policy is generally strong, using two-click consent for third-party media and anonymizing IPs, though it relies on standard contractual clauses for some sub-processors outside the EEA and lacks clarity on AI training.
View report →europealternatives.com
78
lowEurope Alternatives is a privacy-friendly directory that collects almost no personal data, but clicking partner links can send your data to third parties—including potentially outside the EU—with no clear safeguards described.
View report →langdock.com
78
lowLangdock is a privacy-conscious EU-based AI platform that explicitly bans using your content to train AI models and keeps data in the EU, though it relies on some US sub-processors and has vague retention periods in places.
View report →about.qwant.com
72
mediumQwant offers strong baseline privacy for anonymous search, but creating an account or consenting to cookies triggers significant data sharing with Microsoft for personalized ads and AI features, creating a gap between its privacy branding and actual data flows.
View report →signal.org
72
mediumSignal genuinely collects almost nothing and encrypts everything, but its legal documentation is outdated and missing critical GDPR-mandated disclosures like transfer safeguards, retention periods, and user rights procedures.
View report →slack.com
72
mediumSlack collects a wide range of personal and usage data, relying heavily on broad legitimate interests to process it and transfer it globally, though it does provide standard GDPR rights and safeguards like Standard Contractual Clauses.
View report →fenritec.eu
68
mediumFenritec generally respects EU privacy rules but lacks clear limits on data use for AI, proactive sub‑processor disclosure and detailed data‑minimisation statements.
View report →robotstxt.es
68
mediumRobotstxt generally respects EU privacy but lacks clear details on legal bases, third‑party processors and AI use.
View report →bestalternatives.eu
65
mediumBest European Alternatives genuinely minimizes data and avoids cookies, but uses US-based processors without addressing international transfer safeguards and omits key GDPR rights and legal details.
View report →calendly.com
65
mediumCalendly collects a wide range of personal and usage data, shares it with advertising partners, and while it offers standard EU rights and transfer mechanisms, its vague retention periods and silence on AI training for its Notetaker feature are concerning.
View report →pcloud.com
65
mediumpCloud lets you choose EU or US storage but still shares extensive personal and usage data with many parties and lacks clear limits on AI training or US‑transfer safeguards.
View report →qdrant.tech
65
mediumQdrant’s policy leans heavily on legitimate‑interest and US third‑party transfers, gives consent options for newsletters, but lacks clear limits on data collection and any mention of AI model training, making it only moderately privacy‑friendly.
View report →zoom.com
65
mediumZoom's privacy portal demonstrates significant investment in compliance infrastructure and EU-specific safeguards, but the page itself is a navigation hub rather than a substantive policy, leaving critical details about data collection, AI training, and third-party sharing behind links that weren't provided for analysis.
View report →cake.com
62
mediumCAKE.com provides standard EU data rights and transfer safeguards but collects highly intrusive workplace surveillance data—like screenshots, background location, and app usage—on behalf of employers, who act as the data controllers for their employees.
View report →cursor.com
62
mediumCursor (Anysphere) promises not to use your code inputs for AI training by default and doesn't sell your data, but it collects a sweeping range of personal and usage data, ships it to the US with vague transfer safeguards, and leaves key details like retention periods and legal bases unspecified.
View report →eustella.com
62
mediumeustella makes strong privacy promises — no data selling, no third-party sharing, no AI training on your data, and all processing stays in the EU — but this is marketing copy, not a binding privacy policy, and critical details on data collection, retention, sub-processors, and user rights are absent from the provided text.
View report →lhv.com
62
mediumLHV Bank collects a sweeping range of personal and financial data, shares it widely with fraud prevention agencies and payment intermediaries, and relies heavily on legitimate interest for marketing and analytics — but it does cover GDPR rights and uses manual review for profiling decisions.
View report →free.fr
58
mediumFree collects a vast and vaguely defined array of personal data—including profiling scores and detailed usage metrics—shares it widely with ad networks and the Iliad group, and transfers some outside the EU, though it does clearly outline standard GDPR rights.
View report →bsky.social
55
mediumBluesky collects broad behavioral data and stores your direct messages unencrypted, but earns points for refusing to sell your data for targeted ads and providing solid GDPR rights infrastructure.
View report →cal.com
55
mediumCal.com provides standard GDPR rights and a subprocessor list, but fails to specify the legal basis for EU-to-US data transfers and remains silent on AI training data usage.
View report →linkedin.com
55
mediumLinkedIn collects a vast amount of your data—including from your contacts, calendar, and across the web—uses it to train AI models with no clear opt-out, shares it extensively with Microsoft and advertisers, and retains it broadly, though EU users get some extra protections.
View report →peerpush.com
55
mediumPeerPush has strong anonymization practices for its public analytics but falls short on GDPR basics by failing to disclose legal bases, lacking an EU representative, and using vague language around international data transfers.
View report →policies.google.com
55
mediumGoogle collects a very wide range of personal data, shares it broadly, and uses it for AI training with limited opt‑out options, making its privacy stance mixed at best.
View report →scaleway.com
55
mediumScaleway talks a big game on European data sovereignty, but this marketing page provides zero actual privacy policy substance to back those claims up.
View report →tella.com
55
mediumTella collects sensitive video data and shares it with numerous US-based AI and analytics providers without clearly stating if your data trains their models, making it a mixed bag for EU users.
View report →gemini.com
52
mediumGemini collects extensive personal and financial data as a regulated crypto exchange, shares it widely with third parties for marketing and analytics, and transfers it globally, though it provides standard GDPR rights and SCCs for EU users.
View report →hotels.com
48
highHotels.com (Expedia Group) collects an unusually broad range of personal data — including sensitive data, voice recordings, and co-traveler info — shares it widely with advertisers and Expedia Group brands, and uses it for extensive AI purposes with no opt-out, making this a data-hungry policy despite decent transfer safeguards.
View report →policies.tinder.com
48
highTinder collects a massive amount of highly sensitive personal data—including sexual orientation, biometric face data, and precise location—and shares it widely across Match Group companies and advertising partners, making it a concerning privacy choice despite offering standard EU rights.
View report →european-alternatives.eu
45
highEuropean Alternatives collects minimal data and uses privacy-friendly tools, but its privacy policy is an unfinished template with placeholder text for critical sections like data storage, retention, and deletion — making it non-compliant as-is.
View report →whatsapp.com
45
highWhatsApp collects extensive metadata on your usage and device and shares it widely across Meta's family of companies, making it a concerning privacy choice despite its end-to-end encrypted messaging.
View report →trust.grindr.com
40
highGrindr collects deeply sensitive data—including HIV status, precise geolocation, and biometric information—from a vulnerable community, ships it all to the US with no EU establishment, and reserves the right to keep training AI on it even after you opt out.
View report →privacy.claude.com
30
highThis is only a navigation page for Anthropic's Privacy Center — no actual privacy policy text was provided, so a meaningful compliance assessment is impossible.
View report →mastodon.social
25
highMastodon GmbH's mastodon.social privacy policy page was not actually provided for analysis — only navigation chrome and marketing copy were included, making it impossible to assess compliance and leaving users without verifiable assurances.
View report →