fenritec.eu privacy policy — score 68/100 (medium risk)

Last analyzed 11 April 2026

This report is more than 28 days old. It shows the last saved analysis for this policy — refresh to re-fetch the live page and update the score.

68privacy score

Report details

medium risk

Fenritec generally respects EU privacy rules but lacks clear limits on data use for AI, proactive sub‑processor disclosure and detailed data‑minimisation statements.

The privacy charter outlines EU‑hosted processing, strong security measures and a ban on transfers outside the EU, yet it relies on consent for advertising pixels, provides sub‑processor information only on request, and is silent on AI/model‑training uses, resulting in a mixed compliance profile.

Last analyzed11 April 2026

SourceURL

Length69,441 chars

Category Assessment

Breakdown of the policy across key compliance areas. Good = strong, fair = mixed, poor = concerning.

Data Minimizationfair

The charter says processing is limited to contract purposes but does not specify limits on the categories or amount of data collected.

Transparencyfair

Detailed clauses are provided, yet sub‑processor lists are only given on request and AI uses are not addressed.

Third‑party Sharingfair

Advertising pixels are used with consent, but the scope of data shared with those third parties is not fully disclosed.

International Transfersgood

Explicitly bans any transfer outside the EU without client‑authorised safeguards.

AI/Model Trainingpoor

No mention of whether personal data are used for training models or how data subjects can opt‑out.

User Rightsfair

Rights are acknowledged and response times are set, but procedural details and contact points are vague.

Key Findings

Notable clauses, issues, or positive practices discovered (critical first)

Critical

No clause on AI or model‑training use of personal data

The charter is silent on whether personal data may be used for training machine‑learning models or improving services, creating uncertainty about secondary processing.

Warning

Advertising pixels rely on consent but lack detailed data‑flow transparency

The charter permits third‑party advertising pixels (e.g., X Ads) activated only after consent, yet it does not specify which personal data are transmitted or retained by those third parties.

Warning

Sub‑processor information only provided on request

The policy states "It will provide the Client, upon first request, with the list of subprocessors or joint controllers involved in the Processing" rather than publishing a current list proactively.

Warning

Retention periods are only partially disclosed

Specific retention times are given for logs (3 months) and billing info (10 years), but the policy does not cover other data categories, leaving the overall data‑retention framework unclear.

Consumer Takeaway

You can expect your data to stay in the EU and be protected, but the company does not clearly tell you if it will reuse your data for AI or give you a full list of all third‑party processors up front.

Compliance Posture

mixed

EU Transfers

good

Detected Signals

Specific data points and practices identified in the text

Data Collected

Billing information (addresses, first and last name, etc.)Connection and user action logsUploaded files and documentsMetadata associated with stored files

Processing Purposes

Performance of the contractual servicesSecurity and backup of stored dataAdvertising performance measurement (with consent)Generation of thumbnails for user‑experience improvement

Third-party Sharing

Advertising pixels (X Ads) may share browsing data with third‑party ad platformsDisclosures to authorities or authorized third parties following a justified official procedure

International Transfers

All processing infrastructure is hosted by OVH S.A.S. and Scaleway S.A.S., both EU‑based providersExplicit prohibition of transfers outside the EU without client‑authorised safeguards

Evidence Snippets

Direct quotes from the policy supporting these findings

Fenritec reserves the right to add other hosting providers to this list provided that the main parent company has its registered office in France or the European Union and is subject to the GDPR.

Unless and until you give your consent, no advertising pixel is installed or triggered.

Fenritec shall not carry out any transfer or Processing of Personal Data outside the European Union

It will provide the Client, upon first request, with the list of subprocessors or joint controllers involved in the Processing.

Missing or Unclear

No explicit statement on whether personal data are used for AI or model training
No publicly available, up‑to‑date list of all subprocessors
Limited detail on the exact data categories shared with advertising pixels

Questions to Ask

Can you provide a publicly accessible, regularly updated list of all current subprocessors and their GDPR compliance certifications?
Do you use any personal data for training AI or machine‑learning models, and if so, what opt‑out mechanisms are offered to data subjects?
What specific personal data elements are transmitted to the X Ads pixel and other advertising trackers, and can you supply a data‑flow diagram for these third‑party services?
How do you determine the retention period for each category of personal data beyond the examples of logs and billing information?
Is the consent obtained for advertising pixels granular (e.g., separate consent for profiling) and can it be withdrawn at any time without affecting the core service?

This analysis is generated by AI and is not legal advice. Always consult a qualified legal professional for compliance decisions.

Share this analysis

Anyone with this link can view the result above.

Built by DentroChat

100% European AI chat for everyone

Chat with AI, work with files, generate images, and search the web. Data stays in Europe.

EU-hosted infrastructureText, files, images & web searchFast, Thinking & Creative modesPrivacy-first by defaultNo data leaves Europe

Try free →