KIFOX - The Search Portal for AI Applications ?

Which AI tool is GDPR-compliant? Compare features, hosting, and data protection with real user reviews and an editorial score. Compare for free now.

Here, users can get an overview of which AI tools and LLMs are currently available on the market. Every user is free to submit a review and share their experience with AI applications, and can click a link to go directly to the provider’s website.

KIFOX is not an online store, but a comparison and information portal for AI applications.

ⓘ“Design anything in seconds with AI” / “the world’s easiest way to design anything with the power of AI”

Playground is an AI design and image editor for logos, social media posts, stickers, T-shirts, mockups, memes, illustrations, and image editing via prompt. The current product is more focused on AI design and templates than on classic pure text-to-image boards.Playground AI

Design anything in seconds with AI

3.9/10 | Insufficient

Image Editing, Image Generation, Graphic Design, Poster Design

Free Free Plan
Limited Playground-v3 edits, very limited monthly edits for certain external/premium models, daily download limit; Background Removal and Upscaling only in the Pro Plan. Subscription Pro: higher limits, background removal, upscaling, more premium model edits.

Pro Plus: significantly higher quotas for premium models and extended usage. Other Day Pass One-time 24-hour access with an additional credit/edit quota.

Credit Purchases Additional credits for certain models such as GPT-4o, Seedream, or Nano Banana; credits can be purchased additionally.

iOS Subscriptions In the App Store, Design Pro and Design Pro Plus are listed as in-app subscriptions; the scope of features may differ from web subscriptions.

Location: USA California, USA

GDPR: Unclear Overall assessment: Unclear to conditionally GDPR-suitable.

Positive is that Playground AI describes GDPR rights for EEA, UK, and Swiss users in its Privacy Policy and states that it does not sell personal data. According to the Terms, the tool allows personal and commercial use of the created assets; users generally own the assets they create with the service under the Terms.

Negative is: Playground AI collects and stores, among other things, names, email addresses, payment information, content/files, IP addresses, device information, geolocation, and usage data. The Privacy Policy allows the use of personal data to provide, improve, and develop the services. The Terms also indicate that assets may be publicly visible and remixable by default and that users grant Playground AI a broad, worldwide, perpetual, irrevocable, and royalty-free license to inputs/outputs or assets.

Server location: no specific hosting region confirmed; the Privacy Policy states that information may be stored in the normal course of business on computers in other countries outside the home country. A public DPA/AVV, EU data residency, SCC documents, or a complete list of subprocessors could not be clearly found: No confirmed information available.

Conclusion: Well suited for general creative work; only suitable to a limited extent for confidential designs, customer motifs, images of people, or sensitive data. Sources: Playground Privacy, Terms, Help Center.

Privacy

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"Built to make you extraordinarily productive, Cursor is the best way to code with AI."

Cursor is an AI-powered development environment for software development with agents, autocomplete, CLI, cloud agents, and code review features.

Officially, Cursor is positioned as a tool that enables developers to delegate tasks to agents, write code faster, and work in parallel across multiple environments. More recent releases add, among other things, an agent-centric interface, parallel multitasking with subagents, canvases, and automations.Cursor – Anysphere

Built to make you extraordinarily productive, Cursor is the best way to code with AI

7.6/10 | Good

App Development, AI Agents, Programming

Free Free use without a credit card, limited agent requests and limited tab completion. Subscription Pro Extended agent limits, access to frontier models, MCPs, Skills, Hooks, and Cloud Agents.

Pro+ Everything in Pro plus significantly more usage for OpenAI, Claude, and Gemini models.

Ultra Everything in Pro plus very high usage and priority access to new features.

Teams Everything in Pro plus shared chats, Commands and Rules, centralized billing, usage analytics, org-wide Privacy Mode, RBAC, and SAML/OIDC SSO. Other Enterprise Pooled Usage, Invoice/PO Billing, SCIM, AI Code Tracking API, Audit Logs, granular admin/model controls, Priority Support, and Account Management.

Bugbot Separate code review/bug detection offering with Pro, Teams, and Enterprise options.

Location: USA Anysphere, Inc., 2261 Market Street STE 86466, San Francisco, CA 94114, USA.

GDPR: Partly For users in the EU/EEA, use that is conditionally GDPR-compliant is documented, but not as a simple standard SaaS offering with EU data residency. Positive aspects include a published privacy policy, a Data Processing Addendum, a published list of subprocessors on the Trust Portal, documented data subject rights, and a clear “no training/zero data retention” path via “Privacy Mode.” On the negative side, according to the privacy policy, Anysphere processes personal data on servers in various jurisdictions, including the U.S., and data for EEA users may be transferred to U.S. servers or other countries outside the EEA/UK. The website does not specify an explicit EU data residency or an EU/EEA data center for the main SaaS environment. The best-documented way to achieve greater GDPR compliance is therefore to use “Privacy Mode” in conjunction with a DPA; for Cloud Agents, there is also a self-hosted infrastructure option, but it does not replace the entire Cursor Cloud, as inference and planning continue to run via the Cursor Cloud.
Positive
Privacy policy available; DPA/AVV available; subprocessors are listed at trust.cursor.com/subprocessors; data subject rights for users are described; 'Privacy Mode' is documented, including 'zero data retention' by providers and a statement that customer data will not be used by Cursor for training; SOC 2 Type II is mentioned on the security page; for Cloud Agents, there is a self-hosted option on the user’s own infrastructure.
Negative
The website does not specify guaranteed EU/EEA data residency for the standard SaaS offering. According to the Privacy Policy, processing takes place on servers in various jurisdictions, including the U.S.; for EEA users, data may be transferred to U.S. servers or other countries outside the EEA/UK. A specific server location in the EU/EEA, a dedicated EU data center, or ISO 27001 certification are not specified on the website. The self-hosted agent option is only a partial solution because planning and inference still run through Cursor Cloud.
Server Location
The website does not specify a specific EU/EEA server location. The Privacy Policy only states that personal data is processed on servers in various jurisdictions, including the U.S., and that for users in the EEA, data may be transferred to U.S. servers or other countries outside the EEA/UK. No EU data residency is specified on the website.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“Turn text into video with AI”

HeyGen is an AI video platform that enables the creation, localization, and personalization of avatar-based videos from text, images, audio, presentations, or templates.

The product includes, among other things, AI Studio, Video Translation, Digital Twins, Voice Cloning, Video Agent, as well as API, CLI, and MCP access. Officially, HeyGen states that it has 100,000+ teams on the web platform and 1,000,000+ developers on the developer platform.HeyGen

Turn text into video with AI

7.3/10 | Good

Avatarerstellung, Voice output, Stimmenklonen, Subtitling, Video generation, Videoübersetzung

Free Limited number of short videos, custom digital twin, standard processing, stock avatars, 720p export, sharing/download, as well as trial access to premium features. Subscription Creator For solo creators; longer videos, Custom Digital Twin, unlimited Photo Avatars, many Stock Video Avatars, Voice Cloning, many languages, faster processing, 1080p, Brand Kit, and watermark removal.

Pro For advanced individuals; everything in Creator plus significantly more premium usage, faster processing, translation script editing, and 4K export.

Business For teams/businesses; everything in Creator plus more generative usage, multiple Custom Digital Twins, centralized billing, Auto-Reload Credits, team members, Workspace Collaboration, comments, interactive videos, Screen Recorder, SCORM export, LMS and automation integrations. Other Enterprise Custom offer with unlimited videos, no maximum video duration, 4K, fastest processing, multi-workspace control, role management, SCIM, MFA, commercial contract terms, priority support, dedicated CSM, and onboarding.

API Pricing Separate API access for developers and product teams; HeyGen refers to a separate API pricing overview.

Location: USA HeyGen Technology, Inc., 12130 Millennium Drive, Suite/STE 300, Los Angeles, CA 90094, USA

GDPR: Partly For users in the EU/EEA, GDPR-compliant use of HeyGen is only plausible under certain conditions that are properly documented; it is not considered standard use that is entirely unproblematic. Positive aspects include an available DPA, SCCs, the EU-US Data Privacy Framework, a European DPO, and documented sub-processor arrangements. However, a negative aspect is that, according to the website, all customer data is stored on AWS in the U.S., and the website does not specify any EU/EEA data residency, any EU data center, or any on-premises/self-hosting option. For standard SaaS in the EU/EEA, a third-country transfer to the U.S. therefore remains an inherent part of the service.
Positive
The website documents a privacy policy, a Data Processing Addendum, SCC information for EU/UK/Switzerland transfers, EU-US DPF certification, a DPO based in Europe, SOC 2 Type II, and an opt-out from AI training. For Enterprise customers, data use for AI training is excluded by default.
Negative
The website states that all HeyGen customer data is stored in the U.S. on AWS. The website does not specify EU data residency, EU/EEA data centers, a private cloud option in the EU/EEA, a hybrid model, or on-premises/self-hosting. Furthermore, according to the privacy policy, HeyGen reserves the right to process data for its own purposes, including service improvement and AI model training; for non-enterprise customers, the only option mentioned is to opt out by contacting the company.
Server Location
According to the website, the services are hosted on AWS in the U.S.; all customer data is stored in the U.S. EU/EEA server locations are not specified on the website.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“A suite of free AI-powered features …”

Shopify Magic is Shopify’s integrated AI suite for e-commerce workflows.

It supports, among other things, writing product descriptions, blog posts, emails, theme content, suggested replies in customer support, customer segment descriptions, as well as AI-powered image editing in the file editor. The features are generally available for free within Shopify, but the specific availability of individual features may vary depending on the functional area.Shopify Magic

A suite of free AI-powered features …

7.9/10 | Good

Image editing, E-commerce Optimization, Customer Support, Product Description, Text generation

Subscription Shopify offers testing options; Shopify Magic can be used in the Shopify admin as an integrated AI feature as soon as a suitable Shopify store is being used. Other Basic For small shops; online store, product management, checkout, payment processing, basic commerce features, and access to relevant Shopify features including AI features where available.

Grow For growing merchants; more features, better scalability, and enhanced commerce/reporting options compared to Basic.

Advanced For larger teams and shops; advanced reports, higher scalability, stronger commerce features, and more operational control. Other Shopify Plus Enterprise commerce with individual contracts, greater scalability, enhanced customization, automation, and support features.

Retail / Starter / Agentic / Enterprise / Apps Additional Shopify offerings for POS/retail, simple sales channels, agentic commerce features, enterprise scenarios, and app extensions.

Location: Canada Shopify Inc. 151 O'Connor Street Ground Floor Ottawa, Ontario K2P 2L8 Canada

GDPR: Yes GDPR assessment: From a GDPR perspective, Shopify Magic/Sidekick is conditionally to well suited, provided Shopify is configured correctly.

Positive is that Shopify provides a Data Processing Addendum and explains in the Help Center that, in the context of data processing on behalf of a controller, Shopify follows the merchant’s instructions and takes European data protection laws into account. Shopify also offers customer privacy settings such as a privacy policy, cookie banner, data sales opt-out, and privacy apps. Another positive aspect is that Shopify Magic is integrated directly into the admin and supports functions such as product descriptions, blog posts, pages, messaging, theme editor, media editing, and Sidekick analytics.

Negative is that Shopify explicitly points out that using Shopify alone does not guarantee GDPR compliance; merchants remain responsible for the legal basis, cookie/consent configuration, apps, tracking, payment services, marketing, and Enhanced Services.

Server location: No blanket EU-only guarantee; Shopify can be used globally and processes data internationally depending on the service, app, payment provider, and Enhanced Services.

Shopify Magic Using Shopify to help comply with GDPR Shopify Data Processing Addendum

– ★★★★★★★★★★ (0)

Link

Link

ⓘGoogle offers a family of models with the Gemini API for text generation, reasoning, coding, agent workflows, tool use, multimodal prompts, and document-centric processing.

For current API LLMs, Gemini 3.1 Pro Preview, Gemini 3 Flash Preview, Gemini 3.1 Flash-Lite Preview, Gemini 2.5 Pro, Gemini 2.5 Flash, and Gemini 2.5 Flash-Lite are particularly relevant. Older Gemini 2.0 Flash variants are still available, but are already marked as deprecated.Google Gemini API

LLM “AI for every developer”

7.4/10 | Good

Image Generation, Embeddings, Function Calling, AI Agents, LLM API, Multimodal AI, Programming, Reasoning Model, Language Model, Text Generation

Free Free or unpaid use with limits; content may be used for product improvement and should not contain sensitive or confidential data. Other Gemini API Paid Tier For production applications with higher limits, context caching, Batch API, access to advanced models, and without using content for product improvement.

Batch / Context Caching / Priority / Flex Additional billing and operational options for controlling cost, latency, and throughput.

Vertex AI / Google Cloud Enterprise-oriented operation with Cloud DPA, IAM, regional endpoints, data residency, monitoring, and zero-data-retention configurations.

Grounding / Tuning / Embeddings / Live API Advanced features for search, context enrichment, model customization, vector search, real-time audio, and multimodal applications.

Location: USA Global parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, United States. For EMEA Gemini API Paid Services: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland.

GDPR: Partly For the EU/EEA region, a more privacy-friendly use of the Gemini API based on the provider’s documentation appears to be possible only under certain conditions. On the positive side, according to the additional terms, a DPA applies to “Paid Services,” and prompts and responses are not used for product improvement. On the negative side, Google nevertheless logs prompts and responses for Paid Services for a limited time for security and compliance purposes and may store this data temporarily or in cache “in any country” where Google or its agents operate facilities. The website does not specify an explicit EU data residency or an EU/EEA server location for the Gemini API.
Positive
The website lists three key points for “Paid Services”: processing in accordance with a DPA, no training on prompts or responses for product improvement, and specific notes for EEA users. Additionally, the “Zero Data Retention” page explains that, for certain projects and upon approval, user-identifying content and metadata can be removed before logging, and that individual storage options can be disabled for stateful features.
Negative
The website does not specify a guaranteed EU data residency for the Gemini API or a specific EU/EEA data center location. Rather, the additional terms state that log data for Paid Services may be stored transiently or in cache in any country where Google or its agents operate facilities. Furthermore, data-minimizing configurations such as “Zero Data Retention” and the disabling of certain storage functions require additional prerequisites; according to the website, it is not possible to disable the storage described there for specific functions such as “Grounding with Google Search” or “Grounding with Google Maps.”
Server Location
Not specifically listed on the website as an EU/EEA location. For paid services, it states that log data may be stored temporarily or in cache in any country where Google or its agents operate facilities.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“The #1 AI Assistant for Your Meetings”

Fireflies.ai is an AI meeting assistant that automatically transcribes, summarizes, searches, and analyzes meetings. The tool supports video conferencing systems, audio/video uploads, meeting search, AskFred, a mobile app, a Chrome extension, an API, conversation intelligence, AI skills, and integrations with CRM, collaboration, and storage tools.Fireflies.ai

The #1 AI Assistant For Your Meetings

7.8/10 | Good

Meeting Minutes, Transcription, Summary

Free Free entry with limited transcription, limited storage, AskFred, audio/video file upload, mobile app, Chrome extension and API access according to the pricing page. Subscription Pro For professionals and small teams; includes unlimited transcription, unlimited AI summaries, increased storage, downloads of transcripts/summaries/recordings, Personal Assistant, talk-time analytics, AI skills, voice agents, AI credits, action items, task manager, and unlimited integrations.

Business For growing businesses; includes Pro features plus unlimited storage, video recording, multi-language mode, conversation intelligence, team analytics, more AI credits, and user groups.

Enterprise For large enterprises; includes Business features plus Rules Engine, SSO, SCIM, HIPAA compliance, private storage, custom data retention, Transcript+Summary-only mode, more AI credits, Super Admin, and a dedicated account manager. Other API Fireflies provides API access for processing audio files and integrating them into your own workflows.

Private Storage Enterprise option for storing meeting data in a preferred location or dedicated storage environment.

AI Credits / AI Skills AI Credits control the use of specific AI features; AI Skills automatically extract follow-ups, scores, insights, and structured meeting data.

Location: USA Fireflies.ai Corp, 1000 Brickell Ave, Ste 715 PMB 5136, Miami, FL 33131, USA

GDPR: Partly For users in the EU/EEA, compliance with the GDPR is only partially plausible. Positive aspects include a publicly available DPA, provisions regarding EU Standard Contractual Clauses, participation in the EU-U.S. Data Privacy Framework, documented data subject rights, and the statement that meeting content and personal data are not used for AI training. At the same time, the website states that the standard cloud stores and processes data in the U.S. Even with “Private Storage,” while data may be stored in the EU, the website indicates that processing still takes place in the U.S. The website does not specify any true EU/EEA data processing without U.S. processing or an on-premises/self-hosting option.
Positive
Existing DPA/AVV with binding instructions, SCCs as a fallback, EU-US Data Privacy Framework, documented support for data subject requests, subprocessor provisions with the right to object, statements regarding “no AI training” and “zero data retention” by third-party providers, as well as documented security and compliance certifications such as SOC 2 Type II and GDPR.
Negative
The website clearly states that the default is U.S. hosting and U.S. processing. Even with private storage in the EU, processing continues to take place in the U.S., according to the website. Full EU/EEA data residency for processing, an EU data center for the entire solution, or a self-hostable/on-premises option are not specified on the website. The provider’s ISO 27001 certification is not listed on the website.
Server Location
By default, according to the website, data is stored and processed in Fireflies’ secure cloud infrastructure in the U.S. on AWS and GCP. With “Private Storage,” data can also be stored in a customer-owned bucket in the EU; however, according to the website, processing still takes place in the U.S.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"Track & Boost Your Brand's Visibility in both AI Search (…) and Traditional Search"

Writesonic is an AI marketing platform for SEO, Generative Engine Optimization (GEO), AI search visibility, and content creation.

The tool monitors how brands appear in AI responses and search systems, provides recommendations for action, and supports the creation, updating, and optimization of content. According to the official documentation, Writesonic combines traditional search such as Google/Bing with AI search such as ChatGPT, Claude, Perplexity, Gemini, and Grok.Writesonic

Track & Boost Your Brand's Visibility in both AI Search (…) and Traditional Search

7.4/10 | Good

Image generation, Chatbot, Research, SEO, Social media content, Text generation

Free Start without a credit card for SEO and AI content tools; no permanently fully featured free version recognizable as a guaranteed standard plan. Subscription Starter For early-stage brands with AI Search Tracking, GEO, AI Article Writer, Content Optimization, SEO & Content AI Agent, Chatsonic, and basic project/team features.

Basic For growing brands with more GEO tracking, more AI content, Site Audits, Premium SEO Data, integrations, and additional team/project limits.

Growth For scaling teams with more AI Search Tracking, content generation, SEO Audits, Sentiment Analysis, AI Search Volume Data, integrations, and enhanced support. Other Enterprise Custom solution for large brands and agencies with custom AI Search Tracking, custom limits, SSO/SAML, dedicated GEO strategist, account manager, and tailored projects.

Chatsonic / SEO Agents / Integrations Additional AI features for SEO, content, data analysis, web browsing, file uploads, image generation, and marketing workflows.

Location: USA Writesonic, Inc., #4608, 2261 Market Street, San Francisco, CA 94114, USA.

GDPR: Partly GDPR assessment: From a GDPR perspective, Writesonic is conditionally suitable.

Positive is that Writesonic provides a Data Processing Agreement in which Writesonic is described as the Processor, processes Controller Data according to customer instructions, and regulates confidentiality, security measures, audit rights, subprocessors, and international transfers with SCCs or recognized transfer mechanisms.

Negative is that Writesonic is a Delaware Corporation with an address in San Francisco and therefore remains a US provider. I could not publicly verify a blanket EU-only data residency.

Server location: No verified EU-only region publicly documented; US provider with international transfers and subprocessors. Further link: Writesonic DPA, Privacy Policy, Subprocessors, and Pricing.

Data Processing Agreement

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"Bitrix24 is a free online workspace for your company: CRM, tasks, online appointments, and much more."

Bitrix24 is a cloud-based and optionally self-hosted business platform with CRM, task and project management, team communication, contact center, websites, online store, HR functions, document management, automation, and an AI assistant. The AI assistant CoPilot supports, among other things, writing, summarizing, translating, creating tasks, checklists, CRM call transcription, CRM field population, and website text/image generation.Bitrix24

Bitrix24 is a free online workspace for your company: CRM, tasks, online appointments, and much more.

7.7/10 | Good

Aufgabenverwaltung, Automation, Customer Support, Lead generation, Project Management, Scheduling, Text generation, Website Development

Free Free entry with unlimited users, limited storage, as well as core features for collaboration, tasks & projects, CRM, Bitrix24 Sign, Drive, Contact Center, and website builder. Subscription Basic Entry-level plan for smaller teams with more storage, user quota, collaboration, tasks & projects, CRM, Bitrix24 Sign, Drive, Contact Center, website builder, online store, and support.

Standard Advanced plan for teams with more users and storage, plus marketing, online documents, administration, and advanced business features.

Professional Comprehensive business plan with greater user and storage capacity, X5 CRM, marketing, online documents, electronic HR signature, Sales Intelligence, automation, HR management, support, and administration.

Enterprise Scalable enterprise plan for larger organizations with many users, large storage capacity, Enterprise package, multiple branches, centralized management, optimized multiuser infrastructure, complete data isolation, advanced backups, and support features. Other Bitrix24 On-Premise Edition Self-hosted version for your own servers with full access to source code and API; according to Bitrix24, intended for large companies and corporate groups.

CoPilot / AI Features AI features for CRM, tasks, chat, feed, websites, email, flows, website images, prompt library, and CoPilot roles; availability depends on the plan and the specific feature.

Marketplace / Apps / Integrations Hundreds of apps and integrations via the Bitrix24 Marketplace; third-party apps may involve their own contracts, privacy policies, and data processing.

MCP Server Connection of external AI systems with Bitrix24 to perform actions in CRM, tasks, and other tools; disabled by default and controllable by administrators.

Location: Cyprus Europe: Alaio Cloud Limited, Frema House, office 102, No. 9 Constantinou Paparigopoulou Str., 3106 Limassol, Cyprus. USA: Alaio Inc., 700 North Fairfax St., Suite 614-B, Alexandria, VA 22314, USA.

GDPR: Yes For the EU/EEA region, there is a clearly documented, GDPR-compliant usage path: Bitrix24 offers an on-premises/self-hosted option on the customer’s own server with full data control, as well as a Data Processing Agreement (DPA). In addition, the website documents for European customers that data is stored in Europe in AWS data centers. However, the standard use of AI features is restricted under data protection law because the AI tools’ terms and conditions provide for the use of content for training and improvement and specify a transfer to the U.S. for OpenAI-powered features. Therefore, the “yes” rating is based on the best available approach—namely, self-hosting or controlled use without AI features—and not on every standard SaaS/AI configuration.
Positive
The website provides links to a privacy policy, a GDPR page, a German General Terms and Conditions document, and a document on infrastructure and subprocessors. For European customers, Bitrix24 specifies data centers in Europe—specifically AWS in Frankfurt and Dublin—and the on-premises edition can be run on the customer’s own server; full access to the source code is also described.
Negative
The website explicitly states that, for AI tools, Alaio may use content to develop, improve, and train AI/ML models. Furthermore, it mentions that requests are transferred to the U.S. when using OpenAI technologies. Certifications such as ISO 27001 or SOC 2 are not listed on the reviewed pages of the website.
Server Location
For European customers, the infrastructure/subprocessor document specifies data storage in Europe: AWS eu-central-1 in Frankfurt, Germany, and for data storage, among others, AWS eu-west-1 in Dublin, Ireland; other European infrastructure components are listed in Frankfurt, Dublin, and Amsterdam, among other locations. The on-premises version can be run on the customer’s own server.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“Automate AI Workflows, Agents, and Apps”

Zapier is a no-code/low-code automation platform that enables workflows (“Zaps”) to be connected between SaaS tools, forms, spreadsheets, chatbots, and AI functions.

Zapier currently brings together Zaps, Tables, Forms, and Zapier MCP in a shared AI orchestration platform, positioning itself not only as a traditional integration service but also as a platform for AI workflows, agents, and chatbots.Zapier

Automate AI Workflows, Agents, and Apps

7.8/10 | Good

API Integration, Automation, Chatbot, AI agents

Free Zaps, Tables, and Forms, limited Tasks, Two-Step Zaps, and Zapier Copilot with daily limits. Subscription Professional Multi-step Zaps, Premium Apps, Webhooks, Support, AI Fields, and Conditional Form Logic. Team Multi-user plan with Shared Zaps, folders, Shared App Connections, SAML SSO, and Premier Support. Other Enterprise Unlimited Users, advanced admin rights, App Controls, VPC Peering, annual task limits, Observability, and Technical Account Manager.

Task Tiers / Pay-as-you-go / Agents Billing based on task quotas; additional AI-/Agents-/MCP usage depending on plan and consumption.

Location: USA Zapier, Inc., 548 Market St. #62411, San Francisco, CA 94104-5401, USA

GDPR: Partly GDPR assessment: From a GDPR perspective, Zapier is conditionally suitable. A positive aspect is that Zapier offers a Data Processing Addendum, and Enterprise customers can use governance features such as app controls and AI app restrictions.

Another positive is a model training opt-out, which applies automatically to Enterprise customers and is available to other customers.

Negative is that, according to its own privacy overview, Zapier hosts data on AWS servers in the USA, including customer data and data processed on behalf of customers. In addition, every connected third-party app creates additional data flows, for which the customer must review the respective legal basis and DPAs.

Server location: USA on AWS. Further link: Zapier Data Privacy, DPA and Security/Compliance.

Data Privacy Overview

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“Leading partner for AI assistants for Swiss network operators and fiduciary firms”

Connect AI develops and operates tailor-made AI assistants for companies, primarily for customer service, internal knowledge work, sales, and industry-specific scenarios such as fiduciary services. The core product, Employee GPT, is marketed as a secure alternative to ChatGPT/Copilot for companies that can be operated in Switzerland or the EU. The offering is complemented by AI rollout programs for executives, teams, and companies.Connect AI

AI assistants for businesses, especially for customer service, internal knowledge work, sales, and industry-specific scenarios such as fiduciary services

6.6/10 | Solid

Automation, Chatbot, AI Agents, Knowledge Base

Subscription Employee GPT / Employee GPT Secure private ChatGPT alternative for companies; according to the provider, with internal knowledge sources, Swiss hosting, no training on customer data, role-based permissions, private container environments, and customer ownership of data, knowledge bases, and chat logs. The pricing logic is described in a blog post as a monthly fee per employee plus a one-time onboarding fee.

AI Customer Support AI agents, help center, personalized responses, knowledge library, analytics and reports, service quality, and multilingual 24/7 support.

Sales Agent Personal sales agent for customers, lead qualification, product recommendations, upselling/cross-selling, audience insights, analytics, and reduction of cart abandonment.

Event Agent / TreuhandGPT / AI Strategy Listed on the website as additional solutions; specific public details on plans and features are not fully verifiably available. Other Customer-specific implementation & operation The Terms and Conditions describe Connect-AI Services as the customer-specific implementation and operation of the Connect-AI platform; fees, packages, usage volume, and term are defined in the respective Agreement.

Onboarding / Consulting / Integrations According to the Employee-GPT blog, the pricing framework includes not only the platform and secure hosting but also training and personal support; specific terms are clarified on a project-by-project basis.

Location: Switzerland Connect AI Group GmbH, Lagerstrasse 93, 8004 Zurich, Switzerland

GDPR: Partly The website contains several positive statements regarding the privacy-friendly use of Employee GPT in the European context, particularly regarding data storage in Switzerland or the EU, self-hosted open-source models, “cloud or on-premises,” and “no use of customer data for model training.” However, for an assessment covering the entire EU/EEA area, the documentation is not sufficient to warrant an unqualified “yes,” because the general privacy policy also mentions data processing outside the EU/EEA, and there is no clear, detailed evidence—freely accessible on the website—regarding EU/EEA data residency, a list of subprocessors, or certifications. The best available approach appears to be a controlled deployment close to the EU/Switzerland via Swiss/EU hosting or “on-premises,” but this is only partially documented.
Positive
Positive aspects include the product-related statements regarding Employee GPT: “Your data is anonymized and remains in Switzerland or the EU,” “No use of customer data for model training,” “role-based access rights and private container environments,” “Hosting with FINMA-certified partners,” as well as the statement that self-hosted open-source models and hosting preferences—“cloud or on-premises”—are supported.
Negative
A negative or limiting aspect is that the general privacy policy also mentions transfers to third countries and lists Google Cloud and HubSpot; furthermore, it states that recipients may be located outside Switzerland/the EU/the EEA. A publicly accessible, specific list of subprocessors, reliable details on EU data center locations, a clearly described EU data residency model for all variants, and relevant certifications such as ISO 27001 or SOC 2 are not provided on the website.
Server Location
Employee GPT product page: Data remains “in Switzerland or the EU”; it also mentions “Swiss infrastructure” and, for the Swiss models, “no data transfer abroad.” General Privacy Policy: physical data is stored in “Switzerland & Europe,” while electronic data from customers and users is stored on Google Cloud; HubSpot stores data in the U.S., among other locations. Specific individual EU/EEA data center countries are not listed on the website.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“Truly usable and practical AI”

Tencent Hunyuan is Tencent Cloud’s AI model family. It includes text models, reasoning models, vision, video understanding, image generation, translation, 3D generation, and open-source models. Tencent positions Hunyuan for content creation, mathematics, code, dialogue, enterprise scenarios, and multimodal workflows.Tencent Hunyuan / Tencent HY

LLM “Truly usable and practical AI”

4.1/10 | Limited

3D Modeling, Image Generation, LLM API, Multimodal AI, Open Source Model, Programming, Language Model, Text Generation, Video Generation

Free Free Resource Package / Test Quota
Upon initial activation of Tencent HY Text Generation Global, a one-time free test quota is provided as a Resource Package; after it is used up or expires, postpaid activation is required. Other Token Postpaid / Pay-as-you-go API billing based on token consumption for Hunyuan text functions; billing via Tencent Cloud according to usage and with postpaid enabled.

Tencent HY 3D Global Separate product for 3D generation from text, image, or sketch with its own billing and API/cloud usage.

Enterprise / Tencent Cloud Agreements Individual cloud, contractual, and compliance setups are possible via Tencent Cloud; specific terms and data regions must be reviewed contractually.

Location: China Tencent headquarters Shenzhen, China. For the EU/EEA context, Tencent Cloud states: Tencent Cloud Europe B.V., Atrium Building, 8th Floor, Strawinskylaan 3127, 1077 ZX Amsterdam, Netherlands.

GDPR: No Overall assessment: Conditionally to critically GDPR-suitable. For the EEA, UK, and Switzerland, Tencent Cloud designates Tencent Cloud Europe B.V. in Amsterdam as the Data Controller for administrative data and states that customer data or content is generally processed as a processor within the scope of the services.

Positive is that Tencent Cloud references a Data Processing and Security Addendum structure in the Privacy Policy, distinguishes roles between Controller and Processor, and offers formal contractual documentation for enterprise/cloud use.

Negative is that Tencent Cloud states in the Privacy Policy that servers may be located outside the user's country, for example in Mainland China. In addition, the AI Service Terms allow Tencent Cloud to use User Input and AI Output for the provision, support, improvement, development, and training of AI Models, unless an opt-out is made in the respective AI function. According to the AI Terms, sensitive personal data and specially regulated data must not be entered into AI Services unless this has been expressly agreed in writing and configured accordingly.

Server location: depending on the Tencent Cloud service and configuration; the official Privacy Policy mentions possible processing outside the user's country, including Mainland China. For GDPR-critical use, Tencent Hunyuan is therefore only recommended with a DPA, region/transfer review, training opt-out, subprocessor review, and exclusion of sensitive data. Sources: Tencent Cloud Privacy Policy, AI Service Terms, and Hunyuan documentation.

Privacy Policy

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"The essential AI stack for your company. Simple for business users. Ready for advanced use cases."

Langdock is an enterprise-focused AI platform with chat, agents, workflows, integrations, knowledge search, and API access.

Companies can use it to centrally roll out generative AI, search internal knowledge bases, build automations, and run their own AI applications on a shared platform. Langdock officially positions itself as a model-agnostic platform for secure AI adoption in the enterprise.Langdock

The essential AI stack for your company. Simple for business users. Ready for advanced use cases

7.4/10 | Good

Automation, Chatbot, Data Analysis, AI Agents, Text Generation, Knowledge Base

Free Free trial period without a credit card to test the platform. Subscription Chat & Agents Basic subscription for model-agnostic AI chat and custom AI agents; usage limits included per user.

Business / Business Max Business offers standard limits; according to the docs, Business Max offers multiple times the usage limits for power users. Other Workflows Add-on Add-on for automations; Starter is included, Business offers higher execution volumes, Custom individual limits.

API Unified API for multiple models; Langdock charges a markup on model provider prices when using the API.

Enterprise Deployment Single-tenant SaaS, bring-your-own-cloud, or on-premise depending on company size and security requirements.

Location: Germany Langdock GmbH, Greifswalder Str. 212, 10405 Berlin, Germany.

GDPR: Yes On its website, Langdock provides several clear building blocks for GDPR-compliant use throughout the EU/EEA: T&Cs/Privacy Policy, processing predominantly within the EU or EEA, EU hosting for multi-tenant SaaS, dedicated deployment options, self-hosting or on-premises, and statements regarding “no model training.” Since hosting on the customer’s own infrastructure and “bring your own cloud” are also explicitly offered, a straightforward path to GDPR-compliant use within the EU/EEA context is documented. One limitation is that, according to the AVV, data transfers to third countries are possible if the customer actively activates an LLM with a server location outside the EU.
Positive
Positive aspects include the available AVV/DPA, the statement that the processing of customer data generally takes place within the EU or an EEA member state, EU hosting of the multi-tenant SaaS, self-hosting and “bring your own cloud,” the documented list of subprocessors, “no model training” for customer data, and the mentioned ISO 27001 and SOC 2 Type II certifications.
Negative
A negative or limiting aspect is that the website does not guarantee that all processing will exclusively take place within the EU/EEA for every conceivable model configuration. The General Terms and Conditions of Service explicitly state that transfers to a third country are possible at the direction of the controller, for example, if an LLM with a server location outside the EU is activated. Furthermore, no clear, detailed evidence regarding open-source components was found on the website.
Server Location
The website states that the multi-tenant SaaS is hosted on servers within the EU via Microsoft Azure. It also states that the processing of customer data generally takes place within the European Union or a member state of the EEA. The list of subprocessors in the General Terms and Conditions (AVV) includes Microsoft Ireland Operations Limited, which processes data within the EU for hosting and Azure LLMs, as well as Amazon Web Services EMEA SARL, which processes data within the EU for AWS LLMs.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"AI that brings out the best in you, from first idea to final draft"

Paperpal is an AI-powered academic writing tool for researchers, students, authors, and scientific teams.

It combines language correction, academic paraphrasing, research and citation assistance, PDF chat, plagiarism checking, and other pre-submission features on one platform. The provider explicitly positions Paperpal as a secure all-in-one solution for scientific writing.Paperpal

AI that brings out the best in you, from first idea to final draft

7.4/10 | Good

Literature Research, Paraphrasing, Plagiarism Check, Spell Check, Translation

Free Free entry with academic writing features, PDF chat, Research & Cite, AI detector, plagiarism check, and submission checks with limitations. Subscription Extended or unlimited use of central functions such as Language Editing, Consistency, Research Q&A, Citation Generation, writing features, and advanced academic checks. Other Teams Plan Group plan for 2–10 members with centralized billing, activation codes, and team discounts; according to support, based on Paperpal Prime annual.

Institutional Plans Individual solutions for universities, institutions, students, or employees.

Multi-year Plan One-time longer-term option for users who want to book long-term.

Location: Singapore Cactus Communications Services Pte Ltd, 20 McCallum Street, #19-01, Tokio Marine Centre, Singapore 069046.

GDPR: Partly GDPR assessment: From a GDPR perspective, Paperpal is well suited to conditionally well suited, especially for research and higher education contexts.

Positive is that Paperpal cites GDPR compliance, ISO/IEC 27001:2022, PECR, CSA STAR Level 1, and other security frameworks. Paperpal explicitly states that it does not use user data and documents to train its AI models. In addition, Paperpal mentions encryption, confidentiality of processed documents, and security measures for research data.

Negative is that no clear, directly linked AVV/DPA and no precise EU server location as a standard could be found publicly; the secure data centers mentioned are not clearly described as EU-only.

Server location: No verified EU-only information available; Paperpal mentions secure certified data centers, but no clearly documented location. Further link: Paperpal Data Security, support article on training and pricing.

Data Security Privacy Policy

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"Work AI that Works"

Glean is an enterprise work AI platform that brings together search, assistants, and agents across enterprise data.

The platform connects to business applications, documents, chats, and tickets, respects existing permissions, and supports features such as enterprise search, generative answers, data analysis, deep research, and agentic automation. It is clearly geared toward enterprises rather than consumer self-service.Glean

Work AI that Works

7.8/10 | Good

Automation, Chatbot, Data Analysis, AI agents, Knowledge Base

Subscription Glean Enterprise Work AI platform with Enterprise Search, Assistant, Agents, Connectors, permissions, company context, and security features.

Glean Enterprise Flex Seat-based licensing combined with pooled FlexCredits for advanced AI features; includes platform capabilities and usage-based premium features. Other FlexCredits / Usage-based Features Advanced features such as Thinking Mode, Deep Research, Data Analysis, Canvas, image understanding, and other features may consume credits.

APIs / Developer Platform / MCP APIs for Search, Chat, and Agents; integrations with Cursor, Claude Code, Copilot, and MCP hosts.

Location: USA Publicly, Glean lists 260 Sheridan Ave, Suite 300, Palo Alto, CA 94306, United States on its legal/footer pages; the Privacy Policy additionally lists 634 2nd Street, San Francisco, CA 94107, United States for data protection inquiries.

GDPR: Partly Glean documents several components relevant to the GDPR in the EU/EEA region on its own website: GDPR compliance, a Data Processing Addendum with SCCs, a list of subprocessors, customer rights for the EEA, and customer-controlled hosting options—including deployment in preferred regions and operation in the customer’s own AWS, Azure, or GCP cloud. At the same time, the website indicates that standard subprocessors and LLM/cloud providers are based in the U.S., and the general privacy policy describes international transfers to the U.S. This appears to offer a viable path for GDPR-compliant use in the EU/EEA, but not as a simple, blanket solution for standard SaaS usage in all cases.
Positive
Positive aspects include the published DPA with EU Standard Contractual Clauses, the explicit designation of Glean as a data processor in the DPA, the documented support for data subject rights and data protection impact assessments, the list of subprocessors, the statement on data sovereignty across global regions, the option for an isolated single-tenant deployment, and customer-hosted deployments in their own AWS, Azure, or GCP cloud. In addition, Glean lists certifications and attestations such as SOC 2 Type II, ISO/IEC 27001, and ISO/IEC 42001.
Negative
A negative or limiting aspect is that the website does not provide a specific commitment regarding EU/EEA data centers for the standard deployment, with named countries or regions. The published list of subprocessors includes numerous U.S. providers, such as AWS, Google, Microsoft, OpenAI, Anthropic, Groq, Fireworks.ai, and Snowflake, as well as a support affiliate in India. The privacy policy also describes data transfers to the U.S. or other jurisdictions. The website does not provide a reliable statement confirming that the standard SaaS version is processed entirely within the EU/EEA.
Server Location
The website does not provide a fixed list of EU/EEA servers with specific countries for the standard SaaS version. It mentions global regions such as “AMER, EMEA, or APAC,” as well as customer-controlled deployment in the preferred region. The list of subprocessors includes several U.S. subprocessors and an affiliate in India. For customer-hosted deployments, the website refers to the customer’s own AWS, Azure, or GCP cloud; the specific EU/EEA location would be selectable by the customer, but is not further specified on the website.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“The Visual No Code App Builder – Now Powered By AI”

Adalo is a visual no-code platform for building and publishing database-driven web apps as well as native iOS and Android apps from a single project.

AI features such as Ada, Magic Start, Magic Add, Visual AI Direction, and X-Ray support the generation, editing, and review of apps using natural language. The focus is therefore on app building, data modeling, publishing, and integrations—not on an isolated AI chat or content tool.Adalo

The Visual No Code App Builder – Now Powered By AI

6.4/10 | Solid

App Development, Website Creation

Free Free plan for building and testing, unlimited screens, limited records per app, and Ada AI Assistant. Subscription Starter One published app, unlimited App Actions, one App Editor, Custom Fonts, Custom Domain, Publish to Web, automated app store publishing, no Adalo branding, and Ada AI Assistant.

Professional More published apps, more employees/editors, more storage, and advanced integrations.

Team More published apps, more editor/team capacity, Priority Support, and team-oriented capacity increases.

Business More apps, unlimited editor structure or stronger team/business features, and enterprise-level enhancements. Other Adalo Blue Dedicated infrastructure, custom monitoring, on-premise option, and connection to any data sources, including legacy systems without an API. Add-ons Additional published apps and additional app editors can be added depending on the plan.

Location: USA Adalo, Inc. 911 Washington Avenue, Suite 501 St. Louis, MO 63101 USA

GDPR: Partly Adalo provides a privacy policy on its website and a Data Processing Agreement (DPA) embedded in its Terms of Service, with explicit reference to the GDPR. At the same time, according to its privacy policy, Adalo is based in the United States and describes international data transfers only in general terms as involving “appropriate safeguards,” without providing evidence on its website of a specific EU/EEA server location, EU data residency, or an EU SaaS option. For users throughout the EU/EEA, GDPR-compliant use is therefore justifiable at best under certain conditions, particularly based on the DPA and following a careful independent review of the transfers and the categories of data used.
Positive
Positive aspects include a published privacy policy, a DPA/SLA as part of the Terms, the explicit mention of the GDPR, the allocation of roles with the customer as the controller and Adalo as the processor, and the statement that “Customer Content” is processed only on behalf of and in accordance with the customer’s instructions.
Negative
On the negative side, the website does not document any EU/EEA data center, any EU data residency, any on-premises/self-hosting option, or a robust opt-out for AI training. Furthermore, the website refers to international data transfers only in general terms and does not list any specific subprocessors in Schedule 2 of the DPA, but rather lists “N/A.”
Server Location
The privacy policy states that Adalo is based in the U.S. and that data may be transferred, stored, and processed in countries where Adalo or its service providers operate. The website does not specify a specific server or data center location or EU/EEA data residency.

– ★★★★★★★★★★ (0)

Link

Link

ⓘAutomate without limits

n8n is a workflow automation platform for technical teams that combines visual building with code, API connectivity, and AI capabilities.

Workflows, agents, and integrations can be created through a graphical interface, but can also be extended deeply with JavaScript, Python, HTTP requests, custom nodes, and self-hosting when needed. n8n can be run in the cloud or on your own infrastructure.n8n

AI agents and workflows you can see and control

8.1/10 | Very good

API Integration, Automation, Data Analysis, AI agents

Free Free version for up to 14 days after sign-up or when self-hosted. As a Community Edition for self-hosting. According to the documentation, every self-hosted installation runs without a license key as a free Community Edition; the website also refers to it as a “standard, self-hosted version.” There is also a free cloud trial period, but no permanently free cloud tier. Important: The Community Edition is licensed under the Sustainable Use License, not under a classic open-source license. Subscription Starter: €20 / month, billed annually; 2.5K workflow executions, 1 shared project, 5 concurrent executions, unlimited users, 50 AI Workflow Builder credits.

Pro: €50 / month, billed annually; custom execution volume, 3 shared projects, 20 concurrent executions, 7 days of insights, 150 AI Workflow Builder credits, admin roles, global variables, workflow history, execution search.

Business: €667 / month, billed annually; self-hosted, 40K executions, 6 shared projects, SSO/SAML/LDAP, 30 days of insights, environments, scaling options, Git source control.

Enterprise: Price on request; cloud or self-hosted, custom execution volume, 200+ concurrent executions, 365 days of insights, external secret store integration, log streaming, extended data retention. According to the pricing page, all paid plans include unlimited users, unlimited workflows, and all integrations; billing is based on workflow executions.

The Help Center article adds that Business is currently only available for self-hosted deployments. Other Community Edition free via self-hosting under the Sustainable Use License. A free trial for Cloud is available and, according to the pricing page, can be started without a credit card. In addition, there is a startup plan with a 50% discount on Business, publicly listed at €333 / month, billed annually, for early-stage startups. In principle, n8n follows an execution-based pricing model, not per task/step.

Location: Germany n8n GmbH, Novalisstr. 10, 10115 Berlin, Germany

GDPR: Yes According to the information found on the website, n8n can be used in compliance with the GDPR, primarily through the best available method: self-hosting on your own or self-selected infrastructure. For the SaaS version, there are also relevant data protection measures such as DPAs/SCCs and EU hosting. However, according to subprocessors, some AI functions may involve processing in the U.S., which is why the assessment is based on the best overall method of use available.
Positive
Found on the website: DPA/AVV available; for the cloud, EU hosting is specified, specifically Frankfurt, Germany; the security page states that cloud data is hosted in the EU; subprocessors are disclosed; Self-hosting is officially offered and documented; for self-hosting, n8n clarifies that n8n is neither the controller nor the processor because n8n does not manage the data; the Privacy Policy also states that personal data is not used for the development, improvement, or training of AI/ML models.
Negative
Restrictions according to the website: Among the subprocessors, several AI providers with processing in the U.S. are listed; Google Vertex AI is listed as operating in both the EU and the U.S., OpenAI in the U.S., Anthropic in the U.S., and LangChain in the U.S. No general statement was found on the website confirming that all AI processing remains exclusively within the EU. ISO 27001 was not mentioned on the website.
Server Location
For hosted plans: Data is stored within the EU, on servers in Frankfurt, Germany. The security page adds that n8n Cloud uses Microsoft Azure and that the physical hardware and stored data are currently hosted in the EU. The list of subprocessors includes, among others, Microsoft Azure with “EU (Germany, Sweden)” and Hetzner with “Germany” for infrastructure. For self-hosting: “wherever you decide to host n8n” or on your own chosen infrastructure.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“The AI community building the future.”

Hugging Face is a central platform for the AI/machine learning community. The Hub is used for sharing, hosting, and collaboratively developing models, datasets, and AI applications; in addition, Hugging Face offers Spaces, Inference Providers, Inference Endpoints, HuggingChat, Enterprise Hub, and open-source libraries such as Transformers.Hugging Face

The AI community building the future

8.1/10 | Very good

Data Analysis, Embeddings, AI inference, LLM API, Modelltraining, open-source model, Language model

Free Free access to the Hub to discover, experiment, share, and collaborate with models, datasets, and Spaces; suitable for learning, open-source projects, and initial prototypes. Subscription PRO Account Personal subscription with more private storage, more public storage, more inference credits, a higher ZeroGPU quota, Spaces Dev Mode, ZeroGPU Spaces Hosting, private Dataset Viewer, and blog features.

Team Organization plan for growing teams with SSO, Storage Regions, Audit Logs, Resource Groups, Repository Analytics, advanced authentication and visibility controls, token control, and team benefits for ZeroGPU / Inference Providers.

Enterprise Enterprise plan with Team features plus higher storage, bandwidth, and API limits, SCIM provisioning, advanced security and access controls, managed billing, legal/compliance processes, and dedicated support.

Enterprise Plus Extended enterprise plan according to the Enterprise documentation with additional governance, policy, network, SSO, managed user, and vendor onboarding features; to be evaluated individually. Other Inference Providers Pay-as-you-go-Modell für Zugriff auf Modelle externer und eigener Inference Provider über eine zentrale API; Abrechnung über Hugging Face oder über eigene Provider Keys möglich.

Inference Endpoints Dedizierte, autoskalierende Deployments für ML-Modelle auf gemanagter Infrastruktur; nutzungsabhängige Abrechnung nach Instanz/Hardware.

Spaces Hardware / ZeroGPU / Jobs / Storage Zusätzliche nutzungsabhängige Modelle für Spaces-Hardware, ZeroGPU-Erweiterungen, Jobs/Scripts, Training/Fine-Tuning, Eval-Workloads und zusätzlichen Speicher.

Location: France Hugging Face SAS, 9 rue des Colonnes, 75002 Paris, France.

GDPR: Yes On its website, Hugging Face lists several components relevant to the EU/EEA region: a privacy policy with its EU headquarters in France, a list of subprocessors, explicitly available GDPR data processing agreements for Enterprise plans, SOC 2 Type 2, and selectable EU data residency for Team and Enterprise organizations. However, according to the documentation, standard usage may involve storage in the U.S. in some cases; the best documented approach for GDPR-compliant use in the EU/EEA is therefore to use Team/Enterprise plans with EU regions or EU data residency, along with contractual safeguards via a DPA. In addition, there is a robust open-source/self-hosting option using Hugging Face’s own components.
Positive
Positive aspects include the documented EU headquarters in France, a published privacy policy, a published list of subprocessors, available GDPR data processing agreements through Enterprise plans, SOC 2 Type 2, and explicitly available EU storage regions for models, datasets, Spaces, and—according to the documentation—inference endpoints as well.
Negative
A negative aspect is that, according to the website, repositories for non-Team/non-Enterprise users are always stored in the U.S. Additionally, the list of subprocessors mentions several processing activities in the U.S. or the United States/EMEA. A generally available, directly linked standard DPA for all plans was not found on the website; the DPA is only mentioned in connection with Enterprise plans. The website lacks a comprehensive, consistent overview of certain points, such as the specific EU countries where data centers are located, ISO 27001 compliance, and a general, platform-wide AI training opt-out.
Server Location
The website states: For non-Team/non-Enterprise users, repositories are stored in the U.S. For Team and Enterprise plans, the documented selectable regions are “US” and “EU”; for buckets, the options are also “US” and “EU.” The Privacy Policy also mentions possible processing in the U.S. and other countries. Specific individual EU/EEA data center locations are not listed on the website.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"Your Visual Studio"

Fotor is a web-based creative and image editing tool with AI features for photo enhancement, background removal, retouching, text-to-image, image-to-video, design templates, and AI agent workflows.

The tool runs in the browser as well as on Windows, Mac, iOS, and Android and is aimed at beginners, content teams, marketers, freelancers, and smaller businesses that want to create visual content without complex professional software.Fotor

Your Visual Studio

4.5/10 | Limited

Bewerbungsfotos, Image editing, Image generation, Graphic Design

Free Free forever; limited credits, one simultaneous generation, few chats and tasks with AI Agent Sisi, basic editing, basic templates, limited effects/fonts, limited creation storage duration, small cloud storage, and exports with watermarks. Subscription Fotor Pro More credits, multiple simultaneous generations, significantly more AI Agent Sisi chats, AI Agent tasks, 100+ editing tools, AI portrait retouch, many templates/assets, premium effects/fonts, exclusive AI models, unlimited creation storage duration, more cloud storage, and watermark-free HD/transparent PNG exports.

Fotor Pro+ Everything in Pro plus more credits, more parallel generations, more AI Agent Sisi usage, AI batch edit for Background Remover/Replacement, multiple brand kits, AI slides generation, significantly more cloud storage, and advanced project/asset features. Other Fotor Max / Credits Higher usage and storage limits; Fotor uses credits for AI models and mentions rollover of unused credits with an active subscription for up to a certain period.

AI Headshot Plans One-time headshot packages for individual and team use with AI Headshots, Redo, fast processing, and HD quality.

API Plans API plans are listed as a separate section on the pricing page; specific usage should be checked separately.

Location: China ⚠️ No verified information available – as of 28/04/2026. The company name Chengdu Everimaging Science & Technology Co., Ltd / Everimaging is officially and clearly verifiable; a complete postal business address is not clearly indicated on the researched Fotor pages.

GDPR: No The website includes a privacy policy, but the information provided does not clearly demonstrate compliance with the GDPR from an EU/EEA perspective. For AIGC inputs, AIGC outputs, and face data-related processing, Fotor cites servers from Amazon Web Services in the United States. The website does not specify EU/EEA data residency, a Data Processing Agreement (DPA), a list of subprocessors, or a self-hosting/on-premises option. Consequently, there is no fully documented evidence of GDPR-compliant use for users in the European region.
Positive
Positively documented are a published privacy policy, options for deleting personal data, and statements that Face Data is not used to train other AI products. Furthermore, it states that content is transferred to third-party models only after explicit user action and engine selection, and is to be used solely for the requested generation.
Negative
From an EU/EEA perspective, the following are particularly negative: the explicitly stated server locations in the U.S. for AIGC inputs, AIGC outputs, and Face Data, the absence of an EU data residency policy on the website, the absence of a Data Processing Agreement (DPA) on the website, the absence of a list of subprocessors on the website, and the lack of any on-premises, private cloud, or hybrid options specified on the website. In addition, the privacy policy refers to the laws of the People’s Republic of China and designates Chengdu as the place of jurisdiction.
Server Location
The privacy policy specifies Amazon Web Services servers in the United States for AIGC inputs, AIGC outputs, and Face Data. No other EU/EEA data center locations are listed on the website.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“Launch your dream site in seconds”

Hostinger Website Builder is a no-code website builder with integrated hosting, a domain/SSL bundle, templates, marketing features, and several AI tools.

Users can create websites via drag-and-drop or with an AI prompt and then customize them for portfolios, company websites, blogs, or small to medium-sized online stores. Particularly relevant are the integrated AI features for text, images, logos, blog posts, product descriptions, and SEO.Hostinger

Build anything with AI from a personal site to an advanced web app – no coding needed

7.2/10 | Good

App Development, Image generation, E-commerce Optimization, GEO, Logo Design, Product Description, SEO, Text generation, Website Development

Subscription Premium For small businesses, appointment pages, and professional presentations; includes AI Website Builder, Hostinger Horizons Credits, a free domain in the first year, email inboxes, hosting, and security features.

Business Website Builder For websites and online stores; includes AI tools, e-commerce features, domain, SSL, email, multiple websites, Vibe-Coding/Horizons Credits, SEO, marketing, and email campaign features.

Web Hosting / WordPress / Cloud / VPS Alternative hosting plans for users who need WordPress, their own code, cloud resources, or VPS control. Other Hostinger Horizons AI-powered prompt-based web app/website builder with credits, depending on the plan.

Domains, Email, CDN, Agency Hosting, API Additional products and extensions related to hosting, domain management, email, performance, and developer access.

Location: Lithuania Contracting entity applicable to EU customers: Hostinger International Limited, 61 Lordou Vironos str., 6023 Larnaca, Cyprus. Operational/Registrar office according to the official registrar information: HOSTINGER operations, UAB, Švitrigailos str. 34, Vilnius 03230, Lithuania.

GDPR: Partly Hostinger documents its GDPR compliance on its own website, explicitly refers to processing in accordance with the GDPR, provides a Data Processing Agreement (DPA) for its Website Builder, and offers multiple data center locations within the EU for its standard hosting plans. However, according to the help page, the server location for the specifically mentioned Hostinger Website Builder is fixed for primary files and cannot be selected as an EU data residency; additionally, assets are delivered via a global Cloudflare CDN. Furthermore, the privacy policy explicitly mentions possible transfers to third countries outside the EU/EEA. From an EU/EEA perspective, GDPR-compliant use is therefore only possible under certain conditions and upon review of the specific data flow; full compliance is not clearly demonstrated.
Positive
The website includes a privacy policy with explicit reference to the GDPR, an AVV/DPA for the website builder as a “Covered Service,” information on Standard Contractual Clauses (SCCs) for transfers to third countries, multiple EU server locations for hosting plans, and a statement that conversations with Hostinger AI Agents are not used for training or fine-tuning AI models. Hostinger also states that it is ISO/IEC 27001-compliant.
Negative
For the Hostinger Website Builder, the website does not specify a specific, selectable EU server location for primary data; instead, it states that primary files are stored at a fixed location and assets are delivered via a global CDN with over 330 locations. The privacy policy also states that some servers may be located outside the EU/EEA, such as in the U.S., Brazil, Singapore, and Indonesia. A dedicated subpage with a clear list of subprocessors was not found on the website.
Server Location
For general web and cloud hosting plans, Hostinger lists EU locations in France, Germany, Lithuania, the Netherlands, and the United Kingdom; these can be selected according to the help page. However, for the specific Hostinger Website Builder under consideration, the policy only states that primary files are stored at a fixed location and that assets are delivered worldwide via the Cloudflare CDN. A specific EU/EEA primary location for the Website Builder is not specified on the website.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“The Creator-First Generative AI Platform”

Leonardo.AI is a generative AI platform for image, video, design, and motion workflows.

Officially, the product is positioned for creating high-quality visuals from prompts or reference images, for precise editing, upscaling, as well as for API-powered production workflows. The platform also offers team collaboration and developer access via API.Leonardo.AI

The Creator-First Generative AI Platform

7.0/10 | Good

Image editing, Image generation, Charakterdesign, Illustrations, Video generation

Free Free entry with daily renewed Fast Tokens, image generation, video generation, Flow State, limited Blueprints, limited Realtime Canvas, Realtime Generation, Presets, Elements, platform models, and third-party models. Subscription Essential For daily hobby use and enthusiasts; includes monthly Fast Tokens, Token Bank, private generations, presets, Enhanced Quality, unlimited personal collections, personal AI models, simultaneous generations, and top-up tokens.

Subscription Premium For semi-professionals and active creators; includes more monthly Fast Tokens, a larger Token Bank, private generations, Enhanced Quality, unlimited collections, more personal AI models, higher parallelization, queue, top-up tokens, and unlimited Relaxed Image Generation for selected models.

Subscription Ultimate For professional creators, small businesses, and content producers; includes significantly more monthly Fast Tokens, a larger Token Bank, private generations, Enhanced Quality, many personal AI models, higher parallelization, a larger queue, top-up tokens, as well as unlimited Relaxed Image and Video Generation for selected models.

Subscription / Team Starter Team plan with Shared Tokens, Bank Capacity, Fast Tokens per seat, private team generations, team token usage for model training, unlimited collections, unlimited Realtime Canvas and Realtime Generation actions, Enhanced Quality, and team workflow features.

Subscription / Team Growth Advanced team plan with more Shared Tokens, higher Bank Capacity, more Fast Tokens per seat, private team generations, model training with Team Tokens, unlimited collections, unlimited Realtime actions, and Enhanced Quality. Other Custom Plan Individually tailored plan for larger workflows; includes custom Fast Tokens per seat, all Starter and Growth features, as well as bespoke requirements.

Pay as you go / API Usage-based API option with no long-term commitment, automatic top-ups, access to the latest models, and parallel generations.

API Custom For higher production volumes and long-term scaling; includes custom limits for parallel generations, model-based discounts, and dedicated support for production deployments.

Location: Australia Suite 1007, 120 High St, North Sydney, NSW 2060, Australia

GDPR: Partly For the EU/EEA region, GDPR-compliant use is partially documented but not fully guaranteed. Positive aspects include a published privacy policy with a European focus, a Data Processing Addendum with SCCs, an EEA representative in Ireland, and a list of subprocessors. However, a negative aspect is that the website itself mentions data storage in the U.S. and processing in Australia and other countries, lists AWS as its hosting provider in the U.S., and does not guarantee EU data residency. Additionally, according to the privacy policy, Leonardo.Ai reserves the right to use content and account data to improve the service and to train algorithms and AI products. Thus, GDPR-compliant use within the EU/EEA appears possible only under certain conditions and following a detailed case-by-case review, rather than as a clearly established standard practice.
Positive
The website includes a privacy policy, a Data Processing Addendum with standard contractual clauses for limited third-country transfers, information on data subject rights, an EEA representative in Ireland, and a published list of subprocessors. For multi-user/team setups, the DPA describes processing as a data processor in accordance with documented customer instructions.
Negative
The website lists the U.S. as the standard storage location and Australia and other countries as processing locations. The list of subprocessors includes several providers in the U.S. and Singapore; a binding EU/EEA data residency is not specified. In addition, the privacy policy states that content and associated account data may be used to improve the service and to train algorithms, models, and AI products. A clear, general opt-out option for AI training is not provided on the website.
Server Location
According to the privacy policy, information is stored in the United States and processed in Australia and other countries. The DPA names AWS as the hosting and infrastructure provider and lists AWS, headquartered in the United States, in the list of subprocessors. The website does not specify a specific EU/EEA server location or EU data residency.

– ★★★★★★★★★★ (0)

Link

Link

ⓘGemini is a broad-based AI product from Google for end users, teams, and developers.

In the Gemini apps, it supports, among other things, writing, planning, brainstorming, Deep Research, Canvas for Docs/Apps/Slides/Code, image and video generation, as well as file analysis.
In Workspace, Gemini is built directly into Gmail, Docs, Sheets, Drive, and more. For developers, there is also an API with Function Calling, Structured Outputs, Grounding, Code Execution, and additional tools.Gemini

Meet Gemini, Google's AI assistant

4.4/10 | Limited

Image Generation, Chatbot, Data Analysis, Document Analysis, Function Calling, AI Agents, Multimodal AI, Tutoring, Presentations, Programming, Reasoning Model, Research, Voice Assistant, Language Model, Text Generation, Translation, Video Generation, Summarization

Free The Gemini app can be used for free for general AI tasks, such as writing, planning, brainstorming, learning, summarizing, image/camera input, voice interaction, and in some cases app integrations like Gmail, Drive, Maps, or Flights. The free version is functional, but limited in terms of models, usage limits, and advanced features. Subscription Google AI Plus: More access to Gemini, more access to Gemini 3.1 Pro, limited access to Veo 3.1 Lite, Flow, NotebookLM, Gemini in Gmail and other Google products, as well as cloud storage.

Google AI Pro: Includes the Plus features with higher limits; additionally, higher access to Gemini 3.1 Pro, Veo 3.1 Lite, Flow, NotebookLM, Gemini in Gmail/Docs/Slides/Sheets/Meet, and Google AI features.

Google AI Ultra: Highest private subscription tier with the highest limits, access to Gemini 3.1 Pro, Veo 3.1, Deep Think, and Gemini Agent; some features are regionally restricted.

Google Workspace with Gemini: Integrated for businesses in Google Workspace or available depending on the Workspace plan; includes Gemini in Gmail, Docs, Sheets, Slides, Drive, Meet, Chat, Vids, as well as the Gemini app with Basic or Expanded Access.

AI Expanded Access: Workspace add-on for higher limits on advanced AI features such as image generation, video generation, Deep Reasoning, NotebookLM, Workspace Studio, and real-time speech translation.

AI Ultra Access: Workspace add-on with the highest access to advanced AI features, including image/video generation, Deep Reasoning, NotebookLM, Workspace Studio, Whisk, and Project Mariner. Other Gemini API: In addition, there is a Gemini Developer API with a Free Tier and a Paid Tier. Billing is usage-based by model and usage, e.g. via input/output tokens, audio/video/image usage, context caching, grounding, and in some cases batch/standard/priority options.

AI Studio / Developer access: Google AI Studio is the entry point for developers; separate Gemini API terms apply when using the API.

Workspace note: According to Google, private Google AI plans apply to personal Google accounts; Workspace customers should use Workspace add-ons or Workspace plans instead.

Regional restrictions: Individual features such as Gemini Agent, Project Mariner, Flow, or Whisk may be restricted depending on country, language, account type, and age.

Usage limits: Features and limits vary significantly across Free, Plus, Pro, Ultra, Workspace, and API.

Location: USA Google LLC: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

GDPR: Unclear The Gemini website provides specific information on data protection and control options, particularly regarding the deactivation of “Gemini Apps Activity” for future chats, as well as export and deletion controls. However, for a reliable assessment of GDPR compliance throughout the EU/EEA, the specified domain lacks crucial information regarding EU data residency, specific server locations, data processing agreements (DPAs), subprocessors, and certifications. Therefore, compliance based solely on the website documentation remains unclear.
Positive
User controls for reviewing, managing, exporting, and deleting Gemini data are clearly documented. Additionally, the website states that future Gemini chats will not be used to improve Google’s machine learning technologies if “Gemini Apps Activity” is disabled. The website also mentions broad availability in many countries and refers to business and enterprise options via Google Workspace and Google Cloud, respectively.
Negative
On the negative side, no specific information regarding server or data center locations within the EU/EEA was found on the website. Similarly, the website does not provide clear information on the AVV/DPA, subprocessors, EU data residency, on-premises/self-hosting, open-source components, or relevant certifications such as ISO 27001 or SOC 2. Furthermore, according to the website, the opt-out from training is described only for future chats via the “Gemini Apps Activity” setting; a comprehensive contractual exclusion for all content is not specified on the website.
Server Location
Not specified on the website. No specific server locations or EU/EEA data centers were found on the gemini.google domain.

– ★★★★★★★★★★ (0)

Link

Link

ⓘAI-powered video platform for avatar-based business videos.

Synthesia is an AI video platform that enables companies to create professional videos without a camera, studio, or actors.

Content can be transformed from a prompt, script, document, PDF, or URL into multi-scene videos and then refined with avatars, voices, branding, and translations. The clear focus is on training, sales enablement, marketing, and internal communication.Synthesia

The #1 AI video platform for business

7.8/10 | Good

Avatar Creation, Text-to-Speech, Subtitling, Video Generation, Video Translation

Free Free entry with AI video creation, limited credits, limited video minutes, and a small selection of AI avatars. Subscription Starter Everything in Basic plus video downloads, AI Video Assistant, AI Dubbing, removal of the Synthesia logo, your own Personal Avatars, more avatars, support, and credits.

Creator Everything in Starter plus more Personal Avatars, API access, branded video pages, multiple avatars per scene, interactive videos, more AI avatars, priority support, and more credits. Other Enterprise Custom Enterprise plan with unlimited video minutes, translation, many stock avatars, unlimited Personal Avatars, SAML/SSO, live collaboration, Brand Kits, SCORM export, onboarding, dedicated CSM, and custom credits.

Credits / API / Custom Avatar Synthesia uses credits as a shared currency for AI usage features; custom Personal Avatars are included depending on the plan or expanded on the Enterprise side.

Location: United Kingdom Synthesia Ltd, 20 Triton Street, Regent's Place, 3rd Floor, London NW1 3BF, United Kingdom.

GDPR: Partly GDPR assessment: From a GDPR perspective, Synthesia is conditionally to well suited, especially for business and enterprise use.

Positive is that Synthesia offers a Data Processing Addendum that addresses its role as a processor of customer data. In addition, Synthesia lists security measures, subprocessors management, transfer impact assessments for cross-border transfers, and technical/organizational measures in its Security section. It is also positive that, according to the Trust Center FAQ, Synthesia stores data within the EU in data centers in Ireland.

Negative is that Synthesia uses subprocessors and affiliates in several countries, including connections to the USA and the UK; therefore, EU companies must review the DPA, subprocessors, third-country transfers, avatar/voice rights, and moderation processes.

Server location: According to the Synthesia Trust Center, data is stored within the EU in data centers in Ireland; however, subprocessors and international processing remain relevant. Further links: Synthesia DPA, Security Practices, Subprocessors.

Data Processing Agreement

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“Smarter business planning, powered by purpose-built AI”

LivePlan is a cloud-based software solution for business plans, financial forecasts, pitch presentations, and ongoing business management.

The AI helps with writing plan sections, rewriting texts, suggesting forecasts, validating ideas, and conducting market-related research. In addition, LivePlan offers integrations with QuickBooks Online and Xero, as well as dashboards for comparing forecasts with actual data.LivePLan

Smarter business planning, powered by purpose-built AI

7.4/10 | Good

Business Plan, Financial Analysis, Umsatzprognose

Subscription Standard Write a business plan, collaborate with others, download and print the plan; suitable for classic business planning and simple financial planning.

Premium Everything in Standard plus multiple forecast scenarios, QuickBooks Online and Xero integration, Actual Results Dashboard, automated Forecast Builder, Monthly Review, and Actuals + Forecast. Other LivePlan Coach / Expert Additional offering with personal video support, priority support, and individual guidance for planning and use.

Consultant / Strategic Advisor Use Training and resources for consultants, startup centers, and strategic advisors.

Location: USA Palo Alto Software, Inc., 44 West Broadway, Suite 500, Eugene, OR 97401, United States

GDPR: Partly For users in the EU/EEA, GDPR-compliant use is only plausible if it is properly documented. Positive aspects include a dedicated privacy policy, an available DPA/AVV, explicit references to the GDPR, provisions regarding international data transfers via standard contractual clauses, and statements that AI inputs are not used to train the models. At the same time, the website does not specify a concrete EU/EEA server location, EU data residency, or any on-premises/self-hosting option. Furthermore, the DPA page links to an external Palo Alto domain for the list of subprocessors rather than to a subpage of liveplan.com; thus, no complete list of subprocessors is documented on the domain evaluated here.
Positive
A privacy policy, a DPA/AVV referencing the GDPR, and documented processing in accordance with customer instructions are in place. The Terms of Service explicitly require a valid DPA for the processing of EU data. For EU data transfers, the website cites standard contractual clauses as a protective mechanism. Regarding AI functions, it is stated that transmitted data is not used as training data for AI models or processing services; additionally, there is an opt-in option for analyzing interactions to improve AI functions, which, according to the website, can be revoked at any time.
Negative
The website does not specify a specific server location in the EU/EEA. There is no documented EU data residency, no commitment to EU data centers, and no on-premises/self-hosting option. The security page lists AWS as the data center provider, but without specifying a region. For AI features, data is sent to third-party providers such as Anthropic, Google Gemini, and OpenAI; although the website states that the data is anonymized and not used for training, this still constitutes an additional processing chain from an EU/EEA perspective. A complete list of subprocessors is not provided on liveplan.com itself.
Server Location
AWS is listed as the data center provider. The website does not specify a specific location for the servers or data centers within the EU/EEA.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“Create custom, responsive websites with the power of code — visually.”

Webflow is a visual platform for creating, managing, and hosting websites and web-based experiences.

Its features include, among other things, a visual builder, CMS, hosting, collaboration, APIs, localization, Analyze/Optimize, as well as Webflow AI for site generation, copy, CMS content, and SEO/AEO support. For classification as an “AI tool,” it is important to note: AI is a growing part of the product, but not its sole core.Webflow

Build, manage, optimize — all with Webflow AI

7.4/10 | Good

E-Commerce Optimization, SEO, Text Generation, UI Design, Website Creation

Free Free entry point for building and testing Webflow projects with a Webflow subdomain. Subscription Basic For simple websites with their own domain and no CMS focus.

CMS For blogs, content websites, and dynamic content with CMS features.

Business For larger marketing and business websites with higher capacity and more traffic.

Standard / Plus / Advanced For online stores with increasing e-commerce features and capacities.

Starter / Core / Growth / Freelancer / Agency Workspace plans for individuals, teams, freelancers, and agencies with collaboration, roles, and client access. Other Enterprise Custom Enterprise offering with advanced security, support, governance, and scalability features.

Webflow AI AI Site Builder and AI Assistant for website creation, pages, CMS Collection Items, SEO/AEO, and help in the Editor.

Location: USA Webflow, Inc., 398 11th Street, Floor 2, San Francisco, CA 94103, USA

GDPR: Partly GDPR assessment: From a GDPR perspective, Webflow is conditionally suitable.

Positive is that Webflow provides a Data Processing Addendum, lists SOC 2 Type II and ISO 27001 in its Trust Center, encrypts data in transit and at rest, and states for Webflow AI that it does not use customer data to train generative AI models; prompts and outputs are also reportedly not used to improve foundation models.

Negative is that, according to the Privacy FAQ, Webflow stores customer and end-user data in the USA and uses several US-based subprocessors. For EU companies, it is therefore necessary to review the DPA, SCCs, subprocessors, consent/cookie setup, form data, tracking, third-party apps, and Webflow AI usage.

Server location: USA. Further links: Webflow DPA, Privacy FAQ, Trust Center, and AI Approach.

Data Processing Addendum Global Privacy Policy

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“Your AI note-taker is now also your Conversational Knowledge Engine”

Otter.ai is an AI meeting assistant that provides automatic transcription, meeting notes, summaries, action items, AI chat, and cross-meeting knowledge search. The tool integrates with Zoom, Microsoft Teams, Google Meet, and other platforms, turning conversations into searchable meeting data.Otter.ai

Your AI notetaker is now also your Conversational Knowledge Engine

7.2/10 | Good

Meeting Minutes, Transcription, Summarization

Free Free basic plan with integration with Zoom, Microsoft Teams, and Google Meet; AI chat; AI meeting workflows; limited audio/video import; live transcription; speaker recognition; audio playback; multilingual support; mobile apps; and a limited monthly transcription quota. Subscription Pro For individuals and small teams; includes more recording minutes, advanced AI workflows, monthly audio/video imports, longer meetings, advanced meeting templates, unlimited storage, Team Vocabulary, taggable speakers, advanced search, export, and playback.

Business For medium-sized teams; includes unlimited meetings and in-app recordings, custom AI workflows, unlimited audio/video imports, longer meeting durations, admin features, activity logs, usage analytics, multiple simultaneous meeting joins, and prioritized support.

Enterprise For large teams and enterprises; includes Business features plus unlimited custom AI workflows, Otter Sales Notetaker, custom integrations, SSO, SCIM, domain capture, enterprise security controls, HIPAA add-on, API, webhooks, video replay, and the Customer Success Program. Other API / Webhooks Enterprise-grade integration options for connecting Otter to CRM, dialer, project, and enterprise systems.

MCP Server Otter provides an MCP Server for connecting external AI workflows; access and governance depend on the plan and admin settings.

Location: USA Otter.ai, Inc, 800 W El Camino Real, Suite 170, Mountain View, CA 94040, USA.

GDPR: Partly The website demonstrates that Otter.ai provides GDPR-relevant contractual documentation and explicitly addresses the GDPR in the DPA. For the EU/EEA region, however, use can only be assessed as conditionally GDPR-compliant, because the website identifies AWS in the US as core infrastructure and data storage, and several US subprocessors are also used. EU data residency, EU data centers, or an on-premise/self-hosting option are not specified on the website. A positive point is that a DPA is available and, for the listed AI service providers, it is explicitly stated that customer data is not used to train or improve their models and is not stored; at the same time, according to the Terms, Otter allows the use of aggregated and/or de-identified data for machine learning and training, so the overall situation for EU/EEA users appears viable only under additional reviews and conditions.
Positive
The website includes a DPA as an appendix to the Terms of Service, which explicitly mentions the GDPR and its national implementations in the EEA. There is a subprocessor list. For Anthropic and OpenAI, the website states that no customer data is used to train or improve their AI models and is not stored. In addition, Otter cites a SOC 2 Type 2 attestation and security policies based on the ISO 27001/2 framework.
Negative
The website identifies AWS as the cloud and customer data storage platform in the US; the Help Center also mentions AWS Region West, United States. The subprocessor list contains predominantly US providers. EU data residency, an EU/EEA data center, a dedicated EU environment, or self-hosting/on-premise operation are not specified on the website. In addition, the Terms permit the use of aggregated and/or de-identified data for business purposes including machine learning and training.
Server location
The website names Amazon Web Services located in the USA as the core infrastructure. The Help Center also states that Otter uses AWS services for data storage in the AWS Region West, United States. EU/EEA server locations or EU data residency are not specified on the website.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"Snowflake powers AI, data engineering, applications, and analytics on a trusted, scalable AI Data Cloud — eliminating silos and accelerating innovation."

Snowflake Cortex Analyst is a text-to-SQL/conversational analytics service for structured data in Snowflake.

Business users can ask questions in natural language; Cortex Analyst generates SQL and provides answers without requiring end users to write SQL themselves. The feature can be integrated via REST API and relies on Semantic Views / Semantic Models, custom instructions, and verified queries for high accuracy.Snowflake Cortex Analyst

Snowflake powers AI, data engineering, applications, and analytics on a trusted, scalable AI Data Cloud — eliminating silos and accelerating innovation

7.4/10 | Good

Data Analysis, Data Visualization

Subscription Snowflake generally uses a consumption-based model instead of traditional fixed monthly subscriptions. Other Snowflake Consumption / Credits Usage is billed based on Snowflake consumption; Snowflake describes its pricing as consumption-based according to storage and compute.

Cortex Analyst API Usage Cortex Analyst can be used via REST API and is suitable for apps, dashboards, chatbots, or Streamlit applications.

Cortex AI / Cortex Search / Cortex Agents Additional Cortex features for LLM functions, search, agents, and other AI workloads; costs depend on the function, model, region, and usage.

Location: USA Snowflake, Inc., 135 Constitution Drive, Menlo Park, CA 94025, USA

GDPR: Partly GDPR assessment: Snowflake Cortex Analyst is well suited from a GDPR perspective if the Snowflake environment is configured in a GDPR-compliant manner.

Positive is that Cortex Analyst is fully integrated into Snowflake Cortex and respects Snowflake RBAC, data protection, and governance functions; according to the documentation, generated SQL queries comply with the defined access controls. Another positive aspect is that Cortex Analyst is deployed as a fully managed service via REST API in Snowflake and does not require a separate external data pipeline for business questions.

Negative is that regional model availability must be taken into account; not all Cortex functions and models are available in every region, and cross-region inference can have implications for data residency.

Server location: Depends on the Snowflake account region and enabled Cortex/cross-region features; EU regions such as Frankfurt, Ireland, London, or Stockholm are relevant in Cortex region tables, but specific model/feature availability must be verified. Further links: Cortex Analyst Docs, Cortex AI Functions, Snowflake Pricing.

Snowflake Privacy Notice

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"Built to Keep You in Flow State"

Windsurf is an AI-powered coding assistant, or rather an agentic IDE for software development.

The Windsurf Editor combines the local agent Cascade with the cloud agent Devin, supports model routing via Adaptive, offers IDE integrations, MCP connections, previews, and team/enterprise features for governance, security, and deployment. The tool is aimed primarily at developers, technical teams, and companies, not general office users.Windsurf

Built to Keep You in Flow State

6.9/10 | Solid

App Development, AI agents, Programming

Free Light Usage Allowance, Tab, Previews/Deploys depending on the limit and getting started in Windsurf. Subscription Pro Standard Usage Allowance, unlimited core features, additional usage at the API price.

Max Heavy Usage Allowance for power users and high agent/coding usage. Other Teams Team plan with centralized billing, admin dashboard, analytics, support, and team features. Enterprise SSO, access controls, RBAC, volume discounts, hybrid deployment, account management, and custom deployment.

Location: USA The Terms of Service name Exafunction, Inc., 900 Villa Street, Mountain View, CA 94041, USA; the Privacy Policy names Exafunction, Inc., 990 Villa St., Mountain View, CA 94041, USA.

GDPR: Partly GDPR assessment: From a GDPR perspective, Windsurf is conditionally to well suited, especially for Teams, Enterprise, EU cluster, Hybrid, or Self-hosted.

Positive is that Windsurf documents SOC 2 Type II, penetration tests, Zero Data Retention as standard for Teams/Enterprise, and ZDR opt-in for Individual plans. Also positive are EU servers in Frankfurt for Enterprise options, Hybrid Deployment with a customer-owned data-hosting instance, and Self-hosted Deployment in the company’s own private cloud or on-premises.

Negative is that in cloud plans, requests may pass through Windsurf servers and subprocessors; certain features such as web search, MCP, or remote indexing may require data retention or subprocessors without ZDR.

Server location: Standard cloud USA; Enterprise EU option Frankfurt; Hybrid/Self-hosted controllable by the customer. Further link: Windsurf Security and Pricing.

Security Privacy Policy

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"Where knowledge begins"

Perplexity Sonar is a family of models for AI search, web-based answers, research, reasoning, and deep research. The API is particularly strong in current facts, citations, product comparisons, summaries, and research workflows.Perplexity Sonar

LLM “Where knowledge begins”

7.9/10 | Good

Function calls, LLM API, Research, Language model

Location: USA Perplexity AI, Inc., 115 Sansome St, Ste 900, San Francisco, CA 94104-3624, USA

GDPR: Yes Overall assessment: Conditionally to well suited for GDPR compliance for the Sonar API, depending on the contract.

Positive is that Perplexity states a strict Zero Data Retention Policy for the Sonar API: content from API requests is not stored and customer data is not used for model training. According to the API documentation, only necessary billing metrics are collected, such as token count, model used, timestamp, duration, and API key identification; according to Perplexity, this metadata does not contain prompt or response content. In addition, Perplexity mentions SOC 2 Type II, HIPAA Gap Assessment, and CAIQlite in the trust/security context.

Negative is that, according to the FAQ, Perplexity hosts its compute infrastructure via AWS in North America; for EU customers, this means a third-country/transfer assessment is required. No verified information is available in the evaluated sources about a publicly directly reviewed DPA/AVV or SCC document.

Server location: AWS in North America for language models/API according to the Perplexity FAQ. Conclusion: For API-based research and search applications, significantly more attractive from a data protection perspective than many LLM APIs, but for GDPR-compliant EU use, the DPA/AVV, transfer mechanism, subprocessors, and enterprise contract should be reviewed. Sources: Perplexity Privacy & Security, FAQ, and Enterprise Security information.

Privacy & Security

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"Frontier intelligence, customized to you."

The Mistral API is the developer and enterprise interface for Mistral models.

Through Mistral AI Studio, companies and developers can use models via API, test prompts, build agents, implement RAG workflows, use fine-tuning, manage workspaces, and bill API usage. Mistral offers both open-weight and commercial/premier models.Mistral API

LLM - build, customize, and deploy AI, your way

8.1/10 | Very good

Embeddings, Function calls, AI agents, LLM API, Multimodal AI, open-source model, Programming, Reasoning model, Language model, Text recognition

Free Le Chat Free Personal AI assistant for chat, search, learning, images, projects, memories, and connectors; not to be equated with productive API usage. Other API / La Plateforme Usage-based API for Mistral models, chat, embeddings, OCR, agents, coding, multimodal models, and developer workflows.

Self-Deployment / Open-Weight Models Selected models can be operated independently or via cloud/enterprise deployments; the range of features depends on the respective model.

Enterprise Private Deployment Customized private deployment for organizations with increased control, security, and scalability requirements.

Location: France Mistral AI, 15 rue des Halles, 75001 Paris, France. Mistral is registered in Paris under number 952 418 325.

GDPR: Partly For users in the EU/EEA, GDPR-compliant use of the website is generally possible, but this is not consistently and clearly documented in the standard SaaS version. Positive aspects include a published Data Processing Agreement (DPA), explicitly described GDPR roles and data subject rights, documented sub-processor arrangements, and a clear self-deployment/on-premises path for open models. At the same time, for general API/Studio use on the website, there is no clearly documented EU/EEA server location established as the standard for all data processing; furthermore, the website mentions international data transfers using SCCs. Therefore, usage is considered “conditional” rather than clearly and fully substantiated.
Positive
Mistral publishes a privacy policy and a Data Processing Addendum (DPA). In the DPA, Mistral AI is described as a data processor for business use and commits to processing personal data only in accordance with the customer’s documented instructions. Support is provided for data subject rights, DPIA, audits, and data breach notifications. Regarding the API, the documentation states that data sent via the API is not used for model training. Additionally, there is self-deployment for models on the customer’s own infrastructure, as well as a European-hosted compute offering with EU data centers.
Negative
The website does not clearly specify a concrete, binding EU/EEA server location for general Mistral API/Studio SaaS use, nor does it specify a general EU data residency for all customer data. Instead, Mistral also describes international data transfers and refers to SCCs. A specific, publicly accessible list of subprocessors with individual locations was not directly found on the pages reviewed. For some training and model improvement uses, there are opt-out mechanisms or standard exceptions depending on the product and pricing plan, which require additional review without proper configuration.
Server Location
Not specifically stated on the website for general API/Studio data processing. The following was found: Mistral Compute is described as a European-hosted AI cloud with “EU Tier 3+ data centers”; a location in Sweden is also mentioned. Mistral cites SCCs for data transfers outside the EU.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“Turn lazy prompts into great ones”

Prompt Cowboy is a web-based AI tool for optimizing prompts for ChatGPT, Claude, Gemini, and other LLMs.

According to the provider, it transforms rough ideas into clearer, more powerful prompts and, depending on the input, adds follow-up questions so the prompt can be improved with more context. The platform is aimed at individual users and teams who want to create, save, reuse, and organize prompts for team collaboration.Prompt Cowboy

Turn lazy prompts into great ones

6.0/10 | Solid

Prompt-Optimierung, Promptgenerator

Free Unlimited prompts with standard AI; limited access to the most powerful model; use of the results with ChatGPT, Claude, Gemini, and other tools. Subscription Individual For individuals with unlimited access to the most powerful model, Advanced Memories, reusable templates, and early access.

Team For teams with shared workflows, team usage, and access to powerful prompt optimization.

Location: Australia Fourday AI Pty Ltd, Surry Hills, Sydney NSW 2000, Australia.

GDPR: Partly GDPR assessment: From a GDPR perspective, Prompt Cowboy is conditionally suitable.

Positive is that Prompt Cowboy publishes a transparent Privacy Policy, mentions EU/UK-GDPR as the applicable legal framework, does not sell data, and explicitly states that user data is not used to train large language models. Also positive are TLS/HTTPS, encryption of stored data, additional encryption of sensitive items, Supabase Row-Level Security, the option to delete the account, and purging within 30 days.

Negative is that Prompt Cowboy is operated by Fourday AI Pty Ltd in Australia, uses providers such as Supabase, Google Cloud, Stripe, and PostHog, and does not publicly provide clear evidence of a standard DPA/AVV or EU-only hosting.

Server location: No verified EU-only information; the operator is based in Sydney, Australia, and hosting runs via service providers such as Supabase. Further links: Prompt Cowboy Privacy, Security, Pricing.

Privacy Policy

– ★★★★★★★★★★ (0)

Link

Link