eualternative.eu privacy policy — score 94/100 (low risk)

Last analyzed 2 June 2026

94privacy score

Nineties Engineering OÜ · eualternative.eu

Report details

low risk

Nineties Engineering OÜ's website EU Alternative is a model of privacy-by-design, collecting almost no personal data, avoiding all tracking, and keeping everything hosted exclusively in the EU.

Last analyzed2 June 2026

SourceURL

Length5,377 chars

Category Assessment

Breakdown of the policy across key compliance areas. Good = strong, fair = mixed, poor = concerning.

Data Minimizationgood

Collection is strictly limited to voluntary contact form submissions and anonymous aggregated statistics, backed by an explicit no-logs policy and no tracking cookies.

Transparencygood

The policy is written in plain language and clearly identifies the controller, purposes, legal bases, and user rights, though it lacks specifics on cookie names and exact retention days.

Third-party Sharinggood

Only Plausible Analytics is disclosed as a third party for anonymous statistics, with no advertising trackers or data sales, but an explicit Article 28 DPA is not confirmed.

International Transfersgood

The policy explicitly states exclusive EU hosting and affirms that personal data is not transferred to third countries outside the EU/EEA.

AI/Model Trainingfair

The policy is entirely silent on whether user data is used for AI or model training, leaving users unable to verify this practice despite the otherwise minimal data collection.

User Rightsgood

All major GDPR rights are clearly listed with specific articles cited, and contact details for both the controller and the Estonian supervisory authority are provided.

Key Findings

Notable clauses, issues, or positive practices discovered (critical first)

Warning

Vague retention periods

Retention periods for contact form messages are vague, stating they are kept only 'as long as needed to handle your enquiry and any related follow-up,' without specifying a concrete maximum timeframe or automatic deletion schedule.

Warning

Missing DPA confirmation

While Plausible Analytics is described as GDPR-compliant, the policy does not explicitly confirm whether a written Data Processing Agreement under Article 28 GDPR has been concluded with them.

Warning

Silent on AI training

The policy is completely silent on whether user data—particularly contact form submissions—is ever used for AI or machine-learning model training.

Warning

Unspecified spam cookies

The strictly necessary cookies used for spam protection on the contact form are mentioned but lack specifics on their name, provider, duration, or the exact data they process.

Info

No server logs

The website explicitly states that servers are configured to not log any information, which is an exceptional privacy-by-design measure that eliminates a common source of personal data leakage.

Consumer Takeaway

Nineties Engineering OÜ's website EU Alternative is a model of privacy-by-design, collecting almost no personal data, avoiding all tracking, and keeping everything hosted exclusively in the EU.

Compliance Posture

strong

EU Transfers

EU-only hosting with no third-country transfers described.

Detected Signals

Specific data points and practices identified in the text

Data Collected

NameEmail addressMessage contentAnonymous aggregated page visit statistics

Processing Purposes

Replying to contact form messagesOperating and securing the websiteSpam protection on contact formAnonymous usage statistics

Third-party Sharing

Plausible Analytics (anonymous statistics)

International Transfers

Hosted exclusively in EUNo transfers to third countries outside EU/EEA

AI / Model Training

No mention of AI or model training

Evidence Snippets

Direct quotes from the policy supporting these findings

Server logs: our servers are configured to not log any information.

Contact form messages are kept for as long as needed to handle your enquiry and any related follow-up, and then deleted.

We use Plausible Analytics, a GDPR- and ePrivacy-compliant tool that does not use cookies and does not collect IP addresses.

This website is hosted exclusively on servers located within the European Union. Personal data processed in connection with this website is not transferred to third countries outside the EU/EEA.

The only cookies that may be set are strictly necessary cookies on the contact form, used solely to help protect the form against spam and abuse.

Missing or Unclear

No mention of AI or machine-learning model training practices or an opt-out mechanism.
No specific retention schedule or automatic deletion timeframe for contact form personal data.
No explicit confirmation of an Article 28 GDPR Data Processing Agreement with Plausible Analytics.
No details on the spam protection cookie provider, cookie names, or expiration periods.
No information on data backup practices, locations, or retention.
No description of personal data breach notification procedures.

Questions to Ask

What is the maximum retention period for contact form submissions, and is deletion performed automatically after a fixed number of days?
Is a written Data Processing Agreement under Article 28 GDPR in place with Plausible Analytics?
What specific spam protection cookies are set on the contact form, who provides them, and what is their expiration period?
Are contact form submissions or any other user data ever used to train AI or machine-learning models?
Are backups of contact form data created, and if so, where are they stored and for how long?

This analysis is generated by AI and is not legal advice. Always consult a qualified legal professional for compliance decisions.

Share this analysis

Anyone with this link can view the result above.

Built by DentroChat

100% European AI chat for everyone

Chat with AI, work with files, generate images, and search the web. Data stays in Europe.

EU-hosted infrastructureText, files, images & web searchFast, Thinking & Creative modesPrivacy-first by defaultNo data leaves Europe

Try free →