Privacy Policy Analyzer

Paste a legal page URL or text and get a detailed compliance-style report on data collection, sharing, model training signals, and possible EU transfer risks.

Informational tool only. This is not legal advice.

45/ 100

Analysis Report

medium risk

The policy is vague, omits key details on data sharing, retention, and transfers, making it unlikely to meet GDPR standards.

The privacy policy provides basic information about data collection and user rights but lacks transparency on third‑party processors, international transfers, data retention, cookie consent, and AI/model training, raising significant compliance concerns.

SourceURL

Length7,946 chars

Enginellm

Linked pages2 included

Category Assessment

Breakdown of the policy across key compliance areas

Data Minimizationpoor

Collects IP address, device info, and browsing behaviour without clear necessity or limitation.

Transparencyfair

Lists data categories and rights but omits details on processors, retention periods, and transfer mechanisms.

Third-party Sharingpoor

Mentions third‑party services generically without naming them or describing contractual safeguards.

International Transferspoor

Silence on whether data is transferred outside the EEA or on the use of Standard Contractual Clauses.

AI/Model Trainingpoor

No mention of whether user data is used to train AI models or any opt‑out mechanism.

User Rightsfair

Rights are enumerated but procedural details (e.g., timelines, verification) are missing.

Key Findings

Notable clauses, issues, or positive practices discovered

Critical

Insufficient detail on third‑party processors and data transfers

The policy states "We may use third‑party services to analyze website traffic and improve our services. These third parties have their own privacy policies" but provides no list of processors, purposes, or contractual safeguards.

Critical

Lack of explicit cookie consent mechanism

The cookie section only says "You can set your browser to refuse cookies, but this may limit your ability to use some features" without describing a consent banner or lawful basis under ePrivacy.

Critical

No data retention periods disclosed

The policy does not specify how long personal data (e.g., contact details, IP addresses) are retained, contrary to GDPR Art. 5(1)(e).

Critical

No information on international data transfers

There is no statement about whether data is transferred outside the EU/EEA or what safeguards (e.g., SCCs, adequacy decisions) are in place.

Warning

Absence of AI/model training disclosure

The policy does not address whether user data is used for training AI models or if users can opt out, a requirement under emerging EU AI regulations.

Consumer Takeaway

Your personal data may be shared with unnamed third parties and possibly transferred abroad without clear safeguards.

Compliance Posture

The policy shows a minimal effort to address GDPR obligations but falls short on several core requirements.

EU Transfers

No explicit statement on whether data stays within the EU/EEA or on safeguards for transfers outside the region.

Detected Signals

Specific data points and practices identified in the text

Data Collected

NameEmail addressPages viewedActions performedTime spent on websiteIP addressBrowser typeDevice information

Processing Purposes

Improve website and servicesRespond to inquiriesUnderstand how users interact with the websiteEnsure website security

Third-party Sharing

Third‑party services for website traffic analysis

Evidence Snippets

Direct quotes from the policy supporting these findings

We may collect the following information: Basic information such as name and email address when you contact us; Information about your visit, including pages you viewed, actions you performed, and the time spent on our website; Technical information such as IP address, browser type, and device information.

Third-Party Services We may use third-party services to analyze website traffic and improve our services. These third parties have their own privacy policies.

Cookies Our website uses cookies to enhance your browsing experience. You can set your browser to refuse cookies, but this may limit your ability to use some features of our website.

Legal Basis for Processing We process your personal data based on: Your consent; Our legitimate interests in providing and improving our services; Compliance with legal obligations under EU and Irish law.

Your Rights Under GDPR, you have the right to: Access your personal data; Rectify inaccurate personal data; Request erasure of your personal data; Restrict or object to processing of your personal data; Data portability; Withdraw consent at any time.

Missing or Unclear

Specific list of third‑party processors and the data they receive
Data retention periods for each data category
Mechanisms for international transfers (e.g., Standard Contractual Clauses)
Detailed cookie consent and ePrivacy compliance description
Whether user data is used for AI or model training

Questions to Ask

Can you provide a detailed list of all third‑party processors, the categories of data they receive, and the contractual safeguards in place?
What are the retention periods for each type of personal data you collect?
Do you transfer personal data outside the EU/EEA, and if so, what legal mechanisms (e.g., SCCs, adequacy decisions) do you rely on?
How do you obtain and manage consent for cookies in line with the ePrivacy Directive?
Is any user data used for training AI models or other automated decision‑making, and can users opt out?

This analysis is generated by AI and is not legal advice. Always consult a qualified legal professional for compliance decisions.

Share this analysis

Anyone with this link can view the result above.

Built by DentroChat

100% European AI chat for everyone

Chat with AI, work with files, generate images, and search the web. Data stays in Europe.

EU-hosted infrastructureText, files, images & web searchFast, Thinking & Creative modesPrivacy-first by defaultNo data leaves Europe

Try free →