KIFOX - The Search Portal for AI Applications ?

Which AI tool is GDPR-compliant? Compare features, hosting, and data protection with real user reviews and an editorial score. Compare for free now.

Here, users can get an overview of which AI tools and LLMs are currently available on the market. Every user is free to submit a review and share their experience with AI applications, and can click a link to go directly to the provider’s website.

KIFOX is not an online store, but a comparison and information portal for AI applications.

ⓘ“Cognitive Robotics – A New Era of Human-Robot Collaboration”

NEURA Robotics develops humanoid, collaborative, and cognitive robots for industry, logistics, research, service, and, in the future, the home. 4NE1 combines mobility, sensor skin, environmental perception, multimodal AI, voice interaction, and interchangeable or dexterous hands. The platform is designed for collaboration with humans and for tasks in real-world, non-fully-structured environments.NEURA Robotics

Cognitive Robotics – A New Era of Human-Robot Collaboration

6.4/10 | Solid

Autonomous Navigation, Embodied AI, Humanoid Robots, Industrial Robots, Robot Learning, Robot Manipulation, Service Robots

Other Hardware purchases, reservations, volume discounts, customized corporate offers, pilot projects, integration, support, and project-specific configurations. Separate reservation models are available for MiPA and 4NE1.

Location: Germany NEURA Robotics GmbH, 44 Gutenbergstraße, 72555 Metzingen, Germany. Commercial Register: Stuttgart Local Court, HRB 768826.

GDPR: Unclear There is a privacy policy available on the website, and the provider identifies itself in the legal notice as the responsible entity in Germany. However, for a reliable assessment of GDPR compliance throughout the EU/EEA, the website lacks essential information on server/data center locations, EU data residency, AVV/DPA, subprocessors, opt-out from AI training, and certifications. As a result, a Europe-wide compliance assessment for the practical use of the tool is too incomplete based on the website alone.
Positive
Positively documented are a published privacy policy, the explicit reference to the GDPR, and information on data subject rights. In the legal notice, NEURA Robotics GmbH, based in Metzingen, Germany, is named as the responsible entity.
Negative
Negative is that no specific information was found on the website regarding server locations or data centers, no documented EU data residency, no AVV/DPA, no list of subprocessors, no statement about a contractual exclusion of AI training with customer data, and no relevant certifications such as ISO 27001 or SOC 2. The privacy policy also mentions Google Analytics and refers to a transfer of personal data to Google in the USA.
Server location
Not specified on the website. Server log files are mentioned in the privacy policy, but no location of the servers or data centers is stated. In addition, for Google Analytics, a transfer of personal data to Google in the USA is described.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"Turn any idea into stunning images and cinematic video"

BasedLabs is an AI platform for creating and editing images, videos, and in some cases also audio/voice content.

Officially, the platform advertises, among other things, an AI Image Generator, AI Video Generator, Face Swap, Voice Changer, Video Editor, YouTube Video Editor, community/feed features, as well as an API for using models in your own applications. The focus is clearly on creator, social media, advertising, and content workflows.BasedLabs AI

Turn any idea into stunning images and cinematic video

3.4/10 | Insufficient

Avatar Creation, Image Generation, Voice Cloning, Video Generation

Free Free AI tools and credits via platform/community; exact limits may vary. Other Starter One-time credit purchase for tests, images, and short videos.

Creator More credits for regular creator use.

Pro More credits, bonus credits, and more professional use.

Studio High credit volume for high-volume production.

Enterprise / API Enterprise pricing, API access, and custom solutions available.

Location: Anguilla ⚠️ No verified information available – as of 26/04/2026. Publicly mentioned are “primary business location in San Diego” as well as older TOS stating “company registered in California, United States”; a complete postal company address could not be verified on the official pages accessed.

GDPR: No Although the website contains a privacy policy that refers to GDPR rights for EU users, it does not demonstrate, from the perspective of the EU/EEA, that its use is fully or reliably GDPR-compliant. The website lacks specific information regarding EU/EEA data residency, server locations/data centers, a data processing agreement (DPA), a list of subprocessors, and a contractually guaranteed exclusion of training with user data. Additionally, the website lists BasedLabs AI, Inc. in Delaware, USA, with its principal place of business in San Diego, which typically leads EU/EEA users to expect cross-border data processing without the relevant safeguards being sufficiently documented on the website.
Positive
Positively noted are a publicly accessible privacy policy, explicit references to GDPR rights for EU users, a contact point for data protection inquiries, and an enterprise-level note regarding “SOC 2-compliant infrastructure” and encryption.
Negative
A major negative is that the website does not specify a concrete EU/EEA server location, does not guarantee EU data residency, no Data Processing Agreement (DPA) can be found, no subprocessors are disclosed, and no clear opt-out or contractual exclusion for AI training using user inputs, uploads, or outputs is documented. Furthermore, according to the Terms of Service, the platform is operated by a U.S. company.
Server Location
Not specified on the website. The Terms of Service only state that BasedLabs AI, Inc. is registered in Delaware, USA, and has its principal place of business in San Diego; specific server or data center locations or EU/EEA hosting are not mentioned.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“Build production-ready apps through conversation.”

Emergent is an agent-based no-code—or “vibe-coding”—app builder. Natural-language requirements are transformed into complete web and mobile applications, complete with user interface, backend logic, database, authentication, integrations, and hosting. Users can export the generated code via GitHub and continue developing or deploying it outside the platform.Emergent

Build production-ready apps through conversation.

6.0/10 | Solid

API Integration, App Development, Automation, Data Analysis, Data visualization, Chart creation, E-commerce Optimization, Game Design, AI agents, Customer Support, Course Creation, Programming, Project Management, Prototyping, UI Design, UX Design, Website Development

Free Monthly free credit allowance, access to core platform features, web and mobile experiences, advanced models, and one-click LLM integration. Subscription Standard Free features plus private projects, a larger monthly credit allowance, the ability to purchase additional credits, GitHub integration, and task forking.

Pro Standard features plus a large context window, advanced reasoning, system prompt editing, custom AI agents, high-performance computing, a higher credit allowance, and prioritized support.

Enterprise Custom enterprise plan with higher usage limits, SSO, domain capture, shared workspaces, role-based access control, audit logs, managed hosting, onboarding, and enterprise support. Other Credits Consumption units for AI agents, development steps, and platform usage; the standard plan allows you to purchase additional credits.

GitHub Code Export Full synchronization and transfer of the generated code to your own GitHub repository.

Managed Hosting Hosting, monitoring, authentication, database, and deployment can be provided within the platform.

Enterprise Cloud Deployment Custom deployment within the company’s cloud and governance environment; technical and regional details available upon request.

Integrations and MCP More than 100 integrations, payment providers, APIs, and MCP connections for external systems and workflows.

Location: USA Emergent Labs Inc., San Francisco, California, USA.

GDPR: Partly The website documents several security-related aspects, such as ISO 27001, SOC 2 Type II, code export, hosting outside the platform, and even self-hosting or on-premises deployments. However, this alone is not sufficient for GDPR-compliant use within the EU/EEA. I was unable to find any reliable information on the website regarding EU/EEA server locations, EU data residency, subprocessors, or a data processing agreement (DPA). On the positive side, however, Emergent describes a way to run generated applications on your own servers, in your own cloud, or on-premises. Therefore, its use is conditional from a GDPR perspective: a more privacy-friendly approach is conceivable through self-hosting or hosting the generated application on one’s own servers, whereas the standard SaaS documentation is too incomplete for the EU/EEA region.
Positive
The website describes full code ownership rights, GitHub sync/export, and deployments to your own servers, your own cloud environments, or on-premises. Additionally, the website lists ISO 27001 and SOC 2 Type II as certifications.
Negative
The website does not specify a concrete EU/EEA server location for the SaaS platform, a guaranteed EU data residency, a list of subprocessors, a locatable AVV/DPA, or a clear statement that prompts, uploads, or outputs are not used for general model training or that an opt-out option is available for this purpose.
Server Location
Not specified on the website. There are references to hosting, managed hosting, and the option to deploy applications on one’s own servers, in one’s own cloud, or on-premises; however, a specific location for the Emergent SaaS servers or data centers within the EU/EEA was not found on the website.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“Building a world where we do more of what we love, while our humanoid companions handle the rest.”

1X develops humanoid robots for household and general physical work. The current flagship product, NEO, is a humanoid home robot featuring Redwood AI, LLM, audio/visual intelligence, app control, a voice interface, remote control options, and Scheduled Expert Mode for tasks the robot cannot yet perform autonomously.1X Technologies

Building a world where we do more of what we love, while our humanoid companions handle the rest.

3.7/10 | Insufficient

Autonomous Navigation, Embodied AI, Home robots, Humanoid robots, Robotic Learning, Robotic Manipulation, Robotic teleoperation

Subscription Standard – Monthly subscription with the Starter Productivity Package and Standard Delivery, as described on the order page.

Early Access – Ownership model with warranty, premium support, and priority delivery, as described on the order page. Other Refundable Deposit, Ownership, Subscription, Support/Priority Delivery, possibly future software/service enhancements.

Location: Norway X Technologies AS: Henrich Gerners gate 8, 1530 Moss, Norway; organization number 929 455 568. The website also lists Palo Alto, California as the current location/base, but without the full address in the privacy policy.

GDPR: Unclear The website includes a privacy policy, but key information regarding data processing on behalf of others, subprocessors, specific server locations, EU data residency, and contractual safeguards is missing, making it impossible to conduct a reliable GDPR assessment. The privacy policy also mentions international data transfers to the U.S. and other jurisdictions without providing the detailed evidence typically found on a German tool directory website.
Positive
On the positive side, there is a privacy policy that includes data subject rights, a contact option via “[email protected],” and a section on international data transfers. In addition, the website describes technical architecture details such as “onboard” and “off-board language” as well as remote supervision, which allows for certain inferences regarding data processing.
Negative
On the negative side, the website does not include a Data Processing Agreement (DPA), a list of subprocessors, a specific EU data residency, named data centers or server locations, an explicit opt-out from AI training using usage data, or reliable certification evidence. The Privacy Policy also states that personal data may be transferred to affiliated companies and service providers in the U.S. and other jurisdictions.
Server Location
Not specifically stated on the website. The Privacy Policy only states that personal data may be transferred to affiliated companies and service providers in the U.S. and other jurisdictions; specific data centers or countries where the main processing takes place are not named.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"The leading AI management and orchestration platform" / "AI platform – Made in Germany"

The neuland.ai HUB is an AI management and orchestration platform for companies. It brings together AI chat, assistants, projects, workflows, AI apps, integrations, document processing, governance, and model strategy within a controlled enterprise framework.neuland.ai

AI platform – Made in Germany

7.4/10 | Good

Automation, Chatbot, AI Agents

Free Free trial period with full access to get started, AI chat with your own documents, prompt tests, and creation of assistants; no credit card and no commitment according to the pricing page. Subscription Business Business plan for teams with scalable usage, core modules, AI assistants, projects, assistant creation, as well as centralized role and permission management.

Enterprise Customized enterprise package with unlimited users and use cases, tailored AI systems, AI apps, integration into existing IT systems, cloud or on-premise operation, industry competency models, as well as advanced security and compliance options. Other Custom onboarding Implementation support by Customer Success with a tailored onboarding plan for Business and Enterprise customers. Other Custom AI apps Development, operation, and monitoring of custom AI applications tailored to business processes and systems.

Custom enablement / academy Training, change support, and structured rollout for sustainable AI use within the company.

On-premise & dedicated hosting Operation of the neuland.ai HUB in your own infrastructure or a dedicated environment for the highest security requirements, data sovereignty, and regulated environments.

AI app store / SDK Marked as “Coming soon”: access to agentic AI apps as well as an SDK for custom AI apps, agents, and integrations.

Location: Germany

GDPR: Yes The website outlines a clear path for GDPR-compliant use within Europe. Decisive factors are the explicitly stated options 'Secure EU hosting or on-premise operation', the statement that the entire neuland.ai HUB as well as all deployed models are operated and processed exclusively in the EU, and the claim that the platform complies with the GDPR. Since the assessment should reflect the best available path, compliance here should be rated as 'yes'.
Positive
Positive aspects are the EU operating models mentioned on the website, in particular EU hosting and on-premise operation, the statement regarding exclusive processing in the EU, the explicit mention of GDPR compliance, and the existing privacy policy. In addition, the published ISO/IEC 27001:2022 certification indicates a formalized level of information security.
Negative
A negative or limiting factor is that no specifically named server location at country level within the EU/EEA is stated on the website in the subpages found. Likewise, no separately identifiable information was found on the website regarding a DPA/AVV, subprocessors, or an explicit opt-out or contractual exclusion of AI training using customer data.
Server location
The website mentions EU hosting or exclusive processing in the EU; however, no specific country, data center, or data center operator is specified on the website.

– ★★★★★★★★★★ (0)

Link

Link

ⓘCommand A is Cohere’s most powerful enterprise LLM for real business tasks such as tool use, retrieval-augmented generation, agents, and multilingual workflows.

The model has 111 billion parameters, supports 23 languages, features a 256k context window, and according to Cohere is designed for a comparatively low inference footprint.Command A

LLM “Our largest, most performant model, ideal for building enterprise agents with a low compute footprint.” - “Max performance, minimal compute”

7.5/10 | Good

Embeddings, Function calls, AI agents, LLM API, Language model, Text generation, Summary

Free Yes, limited. Publicly primarily API/enterprise use; free trial or evaluation access may depend on the contract/account. Other API Usage Model access via the Cohere API, usage-based billing by model and tokens.

Enterprise / Private Deployment VPC, on-premises, or air-gapped deployment for companies with strict data protection, security, and data residency requirements.

North / Compass / Embed / Rerank Complementary Cohere products for agents, enterprise search, embeddings, and retrieval

Location: Canada Cohere Inc., 171 John Street, Suite 200, Toronto, Ontario M5T 1X3, Canada.

GDPR: Partly From an EU/EEA perspective, GDPR-compliant use is possible, but this has not been generally demonstrated for standard SaaS. Positive aspects include a published privacy policy, a DPA/AVV available upon request, an opt-out option for model training, zero data retention for enterprise customers, and private deployments in which, according to the website, Cohere does not receive any prompts or generated content. At the same time, the website does not specify a concrete EU/EEA server location for the SaaS version; furthermore, the website refers to international data transfers and, in the Trust Center, to subprocessors located in the U.S., among other places. Therefore, its use in the EU/EEA is generally viable under certain conditions—particularly via private deployment, VPC, or a third-party cloud with independent data control—but not solely based on the standard SaaS documentation.
Positive
The following are confirmed: a privacy policy is available; a DPA/AVV for SaaS is provided upon request; an opt-out option for training is available in the dashboard; zero data retention for Enterprise is available upon request; several private deployment models, including on-premises and VPC; according to its website, Cohere does not process customer prompts or generated content for private and third-party deployments; ISO 27001, ISO 42001, and SOC 2 Type II are mentioned.
Negative
Negative or limiting aspects include: The website does not specify a concrete EU/EEA server location or a specific EU data center for the standard SaaS offering; explicit EU data residency for Cohere SaaS is not indicated on the pages reviewed; Subprocessors listed in the Trust Center are located, among other places, in the U.S.; the privacy policy describes international data transfers across jurisdictions. As a result, significant compliance verification efforts remain necessary for pure SaaS use within the EU/EEA.
Server Location
The website does not specify a specific server location or data center in the EU or EEA for the Cohere SaaS. Instead, it mentions flexible deployment options for on-premises, VPC, third-party cloud, and “meeting strict data residency needs.” The Trust Center lists subprocessors with locations in the U.S., among other places. For applicant data, the website states that processing takes place in Canada and the U.S.; for product/SaaS data, no specific EU server location was mentioned on the pages found.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"Trustworthy artificial intelligence that powers humanity towards superproductivity"

AI21 Labs is an Israeli provider of large language models and AI orchestration systems for enterprises. Its core product in the model space is the Jamba family, a hybrid SSM/Transformer model family for long contexts, RAG, question-answering systems, document processing, and secure enterprise deployments. In addition, with Maestro, AI21 offers a model-agnostic orchestration system for validated RAG agents and complex business tasks.AI21 Labs

LLM "Trustworthy artificial intelligence that powers humanity towards superproductivity"

7.2/10 | Good

Function calls, AI agents, LLM API, open-source model, Language model, Text generation, Summary

Free New accounts receive time-limited trial credits for AI21 Platform, APIs, SDK, and Playground. Truly usable for testing, prototyping, and evaluation; billing or a paid plan is required for continuous production use. Subscription Pay As You Go: usage-based access to Foundation Model APIs, SDK, and unlimited seats.

Custom Plan: includes pay-as-you-go features plus volume agreements, premium rate limits, private cloud hosting, priority support, a dedicated account manager, and AI consulting. No direct prices listed. Other AI21 uses token-based API billing, custom payment/enterprise plans, and cloud provider billing through partners such as AWS, Microsoft Azure, Google Cloud / Vertex AI Model Garden, or SageMaker/Bedrock. Additionally, self-deployment, fine-tuning, quantization, and custom AI systems are relevant, depending on the contract and infrastructure. No direct prices listed.

Location: Israel Headquarters Tel Aviv, Israel

GDPR: Partly From the perspective of a user in the EU/EEA, it is not clearly demonstrated that AI21’s standard SaaS offering complies with the GDPR, because the website explicitly states that personal data is processed on servers outside the EEA, Switzerland, and the UK, including in the U.S. At the same time, however, AI21 describes private deployment options such as VPC and on-premises, as well as a DPA available upon request. Thus, GDPR-compliant use in the EU/EEA is conceivable only under certain conditions—specifically, with private deployment, appropriate contract terms, and the user’s own verification of the actual data residency in the specific setup.
Positive
The following aspects are confirmed: a published privacy policy; explicit GDPR-related transfer mechanisms such as SCCs, an adequacy decision, or a DPF in the privacy policy; a DPA/AVV template available upon request; private deployment options, including VPC and on-premises; statements that AI21 does not train models on customer content unless otherwise agreed in writing; and certifications or information regarding ISO 27001, ISO 27017, ISO 27018, SOC 2, and ISO 42001.
Negative
A major negative for standard EU/EEA operations is that AI21’s Privacy Policy mentions the processing of personal data on servers outside the EEA, including in the U.S. A specific EU/EEA server location for AI21’s own standard SaaS service is not specified on the website. No list of subprocessors was found on the website. An explicit, generally worded EU data residency commitment for the standard service was also not found on the website.
Server Location
The Privacy Policy states that personal data is processed on servers outside the EEA, Switzerland, and the UK, including in the U.S. Specific EU/EEA data center locations for standard SaaS usage are not specified on the website. The Deployment page merely lists data residency options such as “Single tenant,” “VPC,” and “On-premise,” but does not specify any specific countries or data centers within the EU/EEA.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"Create high-impact, professional video content without the inevitable cost and delay of outsourced video production."

Elai is an AI video generator for professional avatar, training, e-learning, communication, and marketing videos. The tool offers AI Avatars, Custom Avatars, Voice Cloning, automatic translation, AI Storyboard, Article-to-Video, PPTX-to-Video, Avatar Dialogs, personalization, Screen Recorder, and API.Elai.io

Create high-impact, professional video content without the inevitable cost and delay of outsourced video production

6.9/10 | Solid

Avatar Creation, Text-to-Speech, Subtitling, Video Generation, Video Translation

Free Free entry with 1 user, a very limited minute allowance, access to 80+ avatars, 75+ languages, and creator features. Subscription Creator For individual creators with more video minutes, Full HD video, and the complete avatar, voice, and language library.

Team For teams with multiple editors/guests, custom images and fonts, Ultra 4K video, Premium Voices, Selfie Avatar, and Voice Clone.

Enterprise Custom plan with unlimited users, multiple Voice Clones, Selfie Avatars, Premium Avatars, Brand Kit, Workspaces, SSO, and Premium Support. Other API API access for paid and trial accounts; supports video rendering, Story API, Avatar API, Voice API, webhooks, media upload, and personalization.

Custom Avatar / Voice Cloning Enterprise-grade features for digital twins, custom avatars, and voice cloning; rights and consents must be verified before use.

Zapier app and API integration for automated video creation, personalization, and external workflows.

Location: USA Elai Inc., 600 River Avenue, Suite 100, Pittsburgh, PA 15212, USA.

GDPR: Partly The website demonstrates compliance with several key GDPR requirements for the EU/EEA region, in particular a published DPA, a list of subprocessors with processing locations, the inclusion of EU/EEA-related data protection laws in the DPA, and certification under the EU-U.S. Data Privacy Framework. At the same time, the website repeatedly mentions U.S.-based data centers for standard data storage and does not document a general EU data residency policy as the standard for Elai. According to the list of subprocessors, Amazon Web Services is listed as “United States or Ireland, as selected by the Customer and/or as set forth in the Agreement,” but the security page explicitly states “USA” for user data and backups. Therefore, GDPR-compliant use within the EU/EEA appears to be possible only under certain conditions and with contractual clarification; it is not clearly established as the standard case.
Positive Aspects
Positive aspects include a publicly available DPA, explicit reference to the GDPR and EU Area Law, a published list of subprocessors with locations, the possibility of AWS processing in Ireland as per the subprocessor list, and the published participation in the EU-U.S. Data Privacy Framework.
Negative
A negative aspect is that the website repeatedly cites the U.S. as the storage location for data, backups, and servers. The website does not clearly guarantee general EU data residency for Elai-SaaS. There is no clear statement on the website that customer data, uploads, prompts, or outputs are not used to train general models. Relevant certifications such as ISO 27001 or SOC 2 are not listed on the website.
Server Location
The Security page states that “all data, including backups” is stored in data centers in the United States, operated by AWS and DigitalOcean, among others. However, in the DPA’s list of subprocessors, Amazon Web Services is listed as “United States or Ireland, as selected by the Customer and/or as set forth in the Agreement.” For Microsoft Azure, the United States is specified. Therefore, the website does not clearly indicate a uniform EU/EEA data residency.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“The #1 AI Headshot Generator for Professional Headshots”

HeadshotPro is an AI tool for creating professional business and team headshots from uploaded selfies.

The product is aimed at both individuals and companies and, in addition to individual packages, also offers team features such as an admin dashboard, API, webhooks, and enterprise SSO. It is officially positioned as a SaaS for professional portraits, LinkedIn/CV photos, team pages, and branded employee photos.HeadshotPro

The #1 AI Headshot Generator for Professional Headshots

7.2/10 | Good

Job Application Photos, Image Generation

Free Free headshot test feature; according to HeadshotPro, lower quality than the professional generator. Other Individual Packages One-time packages for professional AI headshots, commercial use, and download of the generated images.

Corporate / Team Headshots Team dashboard, invitations for employees, consistent company styles, branded profile pictures, and management of larger groups.

API / Enterprise / Sales API and enterprise options for larger or integrated headshot workflows.

Location: Singapore Headshot Pro Photography Pte. Ltd., 7 TEMASEK BOULEVARD, #12-07, SUNTEC TOWER ONE, SINGAPORE 038987.

GDPR: Partly HeadshotPro provides a privacy policy, a DPA/AVV, a list of subprocessors, and information on security and data deletion on its website. For users in the EU/EEA, this provides a formal framework for GDPR-compliant use, including SCCs for transfers from the EEA, the United Kingdom, and Switzerland. At the same time, the website does not specify EU data residency; rather, it specifies that hosting and processing take place in the U.S. and lists several U.S. subprocessors for hosting, databases, AI processing, and content. Therefore, GDPR-compliant use appears possible only under certain conditions and following an additional independent review of the transfer, the legal bases, and the risk assessment.
Positive
The website publishes a DPA/AVV, provisions regarding documented instructions, support for data subject rights, TOMs, subprocessor information, and SCCs for international transfers. In addition, HeadshotPro states that it processes personal data solely for the purpose of providing services and not for its own purposes, such as marketing, advertising, or profiling.
Negative
The website does not specify an EU/EEA-exclusive data residency. The Security Policy and the list of subprocessors mention data hosting and processing in the U.S., including GCS in the U.S., Render, Vercel, MongoDB, OpenAI, Google Gemini, Replicate, and Fal.ai. The website does not specify an on-premises, self-hosting, or dedicated private cloud option for the EU/EEA. Relevant certifications such as ISO 27001 or SOC 2 are not listed on the website.
Server Location
The website specifically lists the U.S. as a location. The Security Policy mentions data hosting in GCS facilities in the U.S. ('us-east-1') as well as Render; the list of subprocessors includes production systems for customer content in facilities in the U.S. as well as infrastructure subprocessors, including Google Cloud Platform with “EU/US,” Render US, Vercel US, and MongoDB US. A binding EU data residency requirement is not specified on the website.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“Power Up Your Customer Service”

OMQ is a German B2B SaaS solution for automating customer service inquiries. The system covers self-service, chat, email, contact forms, agent assistance, and process-based automation, and works across channels with a central knowledge base. In doing so, OMQ positions itself as a GDPR-compliant solution that can be integrated quickly for companies looking to reduce support effort and shorten response times.OMQ

The AI software for automated customer service

6.4/10 | Solid

Automation, Chatbot, Email Creation, AI Agents, Customer Support, Phone Assistant, WhatsApp Bot, Knowledge Base

Subscription Starter Dynamic, self-optimizing help page for smaller businesses; includes Help Page and unlimited topics/categories.

Essential Help Page plus either Contact Form or Chatbot, process automations, unlimited topics/categories, request quota, and reports.

Business Multiple Help Pages and Contact Forms, Chatbot at ChatGPT level, email bot, more process automations, reports, and optional agent handoff.

Corporate Extensive multilingual customer service automation with multiple Help Pages, Contact Forms, Chatbots, email bots, process automations, reports, languages, data analysis, agent handoff, live chat seats, and WhatsApp integration. Other Flex Custom package with flexible modules, flexible requests, up to 32 languages, custom adaptations, optional data analysis, account management, live chat seats, and integrations.

Location: Germany OMQ GmbH, Stefan-Heym-Platz 1, 10367 Berlin, Germany.

GDPR: Yes OMQ states multiple times on its own website that use is possible in compliance with the GDPR. For the EU/EEA area, it is particularly relevant that OMQ specifies EU servers, no transfer of personal data to third countries such as the USA, hosting in Germany or in European cloud infrastructures, as well as standard data processing agreements. This documents a clearly substantiated path to GDPR-compliant use in the European area.
Positive
The website mentions, among other things, the following points: 'GDPR-compliant', 'Hosted in Germany', 'All workflows run on EU servers', 'no personal data to third countries', standard AVV/DPA, as well as 'no training on customer data'. In addition, an anonymization algorithm is described that removes personal data.
Negative
Important detailed documentation can only partially be found specifically on the website. A separately and clearly linked current privacy policy for the product, a publicly viewable subprocessor list, specific information on individual data center locations, a directly accessible AVV/DPA text, as well as detailed information on on-premise, private cloud, or self-hosting options are not stated on the website or are not specifically substantiated in the material found.
Server location
The website states hosting in Germany. In addition, 'EU servers' as well as 'secure European cloud infrastructures' are described. Another reference found mentions the main AI server region in central Sweden. Specific data centers or country lists are not stated on the website.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“All-in-one AI video and audio platform” Async is an AI platform for audio and video production with remote recording, editing, AI voices, voice cloning, dubbing, subtitles, clips, and publishing workflows.



The product is aimed at both solo creators and teams and companies that want to produce podcasts, video formats, social clips, or voice-first content. The platform combines recording, post-production, and publishing in one workflow.Async

All-in-one AI video and audio platform

6.9/10 | Solid

Audiobereinigung, Podcastproduktion, Social media content, Voice output, Stimmenklonen, Transcription, Subtitling, Video generation, Video editing, Videoübersetzung

Free Free entry with limited AI credits, limited media upload, text-to-speech, cloud storage, and basic features. Subscription Essentials More monthly AI Credits, unlimited media upload in AI Chat, more text-to-speech, AI Clips, Reframe, Dubbing/Lipsync, Subtitles, Thumbnail Generator, and more storage.

Pro Higher credit amount, greater usage for video, audio, and voice features, more storage, and professional creator workflows.

Teams Team workspace, collaboration, significantly more credits and storage, shared use for teams. Other Business Customized business offering with custom credits, custom storage, live support, onboarding, Customer Happiness Manager, and dedicated support.

Top-up Packs Additional AI credits as one-time packages; usage depends on model, medium, duration, and resolution.

Location: USA Podcastle Inc. (DBA Async), 3500 South Dupont Highway, City of Dover, County of Kent, 19901, USA.

GDPR: Partly The website contains several GDPR-relevant elements, such as a privacy policy with a GDPR section, data subject rights for users in the EEA, information on security measures, and an opt-out option for AI training. However, for use throughout the EU/EEA, the documentation is not comprehensive enough to warrant a clear “yes”: The website does not specify a specific server or data center location, does not explicitly state EU data residency, and an explicitly linked Terms of Service (TOS)/Data Processing Agreement (DPA) for customers could not be found on the website. Furthermore, the privacy policy provides for international data transfers, and the terms of service permit, by default, the use of input/output data to improve services and third-party AI, unless users opt out.
Positive
Positive aspects include the explicit GDPR section in the privacy policy, data subject rights for individuals in the EU/EEA, security measures for biometric voice data such as encryption “in transit” and “at rest,” the reference to third-party providers’ contractual obligations regarding voice biometric data, and an explicit opt-out for the use of input and output data for AI training by contacting the company. On the homepage, Async also promotes “GDPR” and “SOC 2” for its Voice API.
Negative
A negative factor for an EU/EEA assessment is that the website does not specify a concrete EU/EEA data residency or a specific server location. The privacy policy only states that data is processed at the company’s facilities and at other locations of the parties involved and may be transferred to other countries. An explicit Data Processing Agreement (DPA) for customers and a dedicated list of subprocessors for product processing were not found on the website. Additionally, the Terms of Service permit, by default, the use of input and output data for “research and development” as well as to improve services and third-party AI; exclusion from this use is only possible after actively opting out.
Server Location
Not specified on the website. The privacy policy only states that data may be processed at the company’s facilities and at other locations of the parties involved in the processing and may be transferred to other jurisdictions; no specific EU/EEA region or data center is mentioned.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“Get found. Get booked. Get paid.”

Jimdo is a platform developed in Germany for websites and small online businesses. Users can use AI to create a website with a structure, text, images, and calls to action, and then manage bookings, forms, online stores, payments, invoices, and local visibility. The AI assistant, Companion, analyzes existing Jimdo business data and suggests specific steps for optimization.Jimdo

A website that thinks along with you and helps self-employed individuals build and grow their businesses.

6.8/10 | Solid

Drafting Terms and Conditions, Conversion Optimization, Privacy Policy, E-commerce Optimization, Lead generation, Logo Design, Invoicing, SEO, Scheduling, Website Development, Advertising copy

Free Free monthly credit allowance, access to core platform features, web and mobile experiences, advanced models, and one-click LLM integration. Subscription Standard Free features plus private projects, a larger monthly credit allowance, the ability to purchase additional credits, GitHub integration, and task forking.

Pro Standard features plus a large context window, advanced reasoning, system prompt editing, custom AI agents, high-performance computing, a higher credit allowance, and prioritized support.

Enterprise Custom enterprise plan with higher usage limits, SSO, domain capture, shared workspaces, role-based access control, audit logs, managed hosting, onboarding, and enterprise support. Other Credits Consumption units for AI agents, development steps, and platform usage; the standard plan allows you to purchase additional credits.

GitHub Code Export Full synchronization and transfer of the generated code to your own GitHub repository.

Managed Hosting Hosting, monitoring, authentication, database, and deployment can be provided within the platform.

Enterprise Cloud Deployment Custom deployment within the company’s cloud and governance environment; technical and regional details available upon request.

Integrations and MCP More than 100 integrations, payment providers, APIs, and MCP connections for external systems and workflows.

Location: Germany Jimdo GmbH, Stresemannstraße 375, 22761 Hamburg, Germany.

GDPR: Yes Jimdo is a German company (Jimdo GmbH, Hamburg) and explicitly promotes itself on its own website as GDPR-compliant: “GDPR-compliant data protection and security built in from day one.” The infrastructure runs on AWS data centers within the EU; a Data Processing Agreement (DPA) has been an automatic part of the Terms of Service since February 2022; subprocessors are documented; and international transfers are safeguarded via Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework. For German users, this makes GDPR-compliant use possible without any significant additional effort.
Positive
Explicit commitment to the GDPR on the homepage; servers located exclusively in the EU (AWS EU); DPA automatically included in the Terms of Service (no separate agreement required); public list of subprocessors with legal bases (SCCs, EU-U.S. DPF); Headquarters in Germany (Hamburg); dedicated data protection contact address ([email protected]); technical and organizational measures (TOMs) documented.
Negative
No evidence of Jimdo’s own ISO 27001 or SOC 2 certification on the website (only a reference to AWS security practices); No explicit statement regarding the option to opt out of AI training found on the website; no self-hosting or on-premises option available; users are entirely reliant on Jimdo’s cloud infrastructure.
Server Location
AWS data centers within the European Union (explicitly documented at legal.jimdo.com/hc/en-us/articles/20332078550676). No specific country or data center is named, but EU data residency is confirmed. No international data transfers for the core infrastructure.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"The central AI platform for your company."

Logicc is a central B2B AI platform that bundles several leading models into one interface and offers features such as web search, deep research, document chat, image generation, assistants, and code support.

The platform is clearly geared toward businesses and advertises EU/Germany hosting, "No AI training," and optional hosting on your own servers. Officially, Logicc mentions, among others, ChatGPT/OpenAI, Gemini, Claude, and Mistral models, as well as Smart Select AI for automatic model selection.Logicc

The central AI platform for your company

7.5/10 | Good

Automation, Chatbot

Free Free trial period with no obligation; suitable for trying out in a team. Subscription Business Access to all AI models, Smart Select AI, unlimited document uploads, text/voice/document chat, web search, security standards, EU computing, no AI training, and GDPR compliance.

Secure+ Everything in Business plus team collaboration, custom assistants, shared assistant library, higher usage limit, priority support, and a stronger focus on secure team use.

Max Everything in Secure+ plus very high usage limits, access to powerful models, §203 StGB confidentiality agreement, SSO/Identity Management, end-to-end encryption, and support for security/privacy questions. Other Enterprise Custom offering with many users, individual API integrations, SSO/Identity Management, advanced compliance features, dedicated support, SLA, onboarding workshop, training, possible own server hosting, and model API.

Own API keys / integrations / model API Relevant in higher-tier or Enterprise contexts for individual system connectivity, databases, software integration, and API usage.

Location: Germany Logicc GmbH, Kattrepelsbrücke 1, D-20095 Hamburg

GDPR: Yes Based on the information published on the Logicc website itself, a clearly documented path to GDPR-compliant use within the EU/EEA is evident. Logicc describes data storage exclusively within the EU, storage on German servers, AI processing conducted solely within the EU, the General Terms and Conditions (AVV) including Terms of Use (TOMs) and information on subprocessors, as well as a contractual and technical prohibition on the use of customer data for model training. In addition, the website lists hosting on the company’s own servers as an option, which further reinforces this as the best available approach.
Positive
Particularly positive are the points mentioned on the website: GDPR-compliant within the EU, conversation and application data stored on German servers, AI processing exclusively within the EU, zero data retention by model providers, no model training using customer data, Terms of Service (TOS) including Terms of Use (TOMs) and information on subprocessors used, as well as the mentioned option of hosting on one’s own servers.
Negative
A limitation is that, although the website makes numerous claims regarding data protection and provides structural details, no separately accessible list of subprocessors was found; instead, it merely states that information on subprocessors is included in the General Terms and Conditions. The pages reviewed also lack specific statements regarding SOC 2, an explicit “EU data residency” product option as a selectable tenant/region mechanism for customers, and specific open-source components of the platform.
Server Location
The website states that all conversation and application data is permanently stored in the ISO 27001-certified data centers of Hetzner Online GmbH in Nuremberg and Falkenstein. It also states that data processing for all AI models available on Logicc takes place exclusively within the European Union.

– ★★★★★★★★★★ (0)

Link

Link

ⓘAmazon Nova is Amazon's own family of foundation models for text, image/video understanding, document analysis, agents, tool use, and speech.

Nova is used via Amazon Bedrock APIs, in particular InvokeModel, InvokeModelWithResponseStream, Converse, ConverseStream, and, for Sonic, via bidirectional streaming.Amazon Nova API

LLM “frontier intelligence” - “industry-leading price-performance”

6.8/10 | Solid

Image generation, Function calls, AI agents, LLM API, Multimodal AI, Language model, Text generation, Video generation

Free AWS shows “Get started for free,” but for Amazon Nova/Bedrock, publicly documented billing is primarily usage-based; specific free quotas depend on AWS offerings, region, and account. Other On-Demand / Standard Tier Usage-based inference by model, modality, and tokens or image/video/special usage.

Flex / Priority / Reserved Tiers Bedrock supports different service tiers to manage cost, availability, latency, and throughput.

Batch Inference Asynchronous processing of larger workloads; according to AWS, cheaper than On-Demand for selected models.

Provisioned Throughput Reserved capacity for higher or predictable throughput; required for certain custom or production scenarios.

Fine-Tuning / Custom Models Customization using your own training/validation data; use of individual models typically via provisioned capacity.

Guardrails / Knowledge Bases / Agents / Prompt Routing Additional Bedrock features for security, RAG, agent orchestration, model routing, and governance.

Location: USA For AWS in general, officially documented, among others, is Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, U.S.A.

GDPR: Partly The documentation on the AWS website outlines several components for GDPR-compliant use in the EU/EEA context: AWS references a GDPR-compliant DPA, refers to SCCs for international transfers, describes Bedrock/Nova as capable of being supported in a GDPR-compliant manner, and documents in-region and EU-specific processing options. At the same time, the documentation found does not allow for the inference of a comprehensive, automatic “EU-only” default configuration for all Nova scenarios; compliance depends on the specific region selected, the chosen Bedrock routing, and the customer’s configuration. Therefore, from an EU/EEA perspective, its use can only be considered GDPR-compliant under certain conditions.
Positive
Positive aspects include an AWS Data Processing Addendum, which, according to AWS, is GDPR-compliant and applies automatically; SCCs or additional safeguards for transfers; the option for processing in an EU region; references to EU-based data residency with Bedrock routing; encryption at rest and in transit, customer-managed key management, and the statement that inputs/outputs via Amazon Bedrock are not used to train Amazon Bedrock models, including Amazon Nova.
Negative
A negative or limiting aspect is that the documentation for Amazon Nova itself does not guarantee a blanket EU/EEA-only operating mode as the standard for all usage scenarios. In addition to in-region routing, Bedrock offers geo- and global routing; for GDPR-sensitive cases, the customer must therefore actively select the appropriate option. The website does not specify an explicit Nova-specific server location for all functions, a Nova-specific list of subprocessors, an explicit self-hosting/on-premises deployment of Nova, or a clear statement regarding open-source components.
Server Location
The website documents for Amazon Bedrock that in-region processing remains strictly within the selected region and that geo-routing can occur within a geographic area such as the EU. For Amazon Nova, the Bedrock regional table lists at least one EU region as available, namely 'eu-north-1 (Stockholm)' for Nova 2 Sonic. A general, central server location for Amazon Nova is not specified on the website.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“The home of the AI Workforce” / “Scale GTM results, without scaling headcount”

Relevance AI is a low-/no-code platform for building, orchestrating, and operating AI agents and multi-agent workforces. The current focus is strongly on go-to-market processes such as sales, marketing, CRM enrichment, outbound, inbound qualification, customer success, and support automation.Relevance AI

The home of the AI Workforce / Scale GTM results, without scaling headcount

8.1/10 | Very good

Automation, Data Analysis, AI agents, Lead generation, Research

Free Free entry-level plan for creating, cloning, and testing agents; includes unlimited agents & tools, Chat to Invent Changes, 2,000+ integrations, one workforce, one user, one project, 30 days of task history, marketplace access, community forum, as well as SOC 2/GDPR information. Subscription Pro For GTM operators and engineers who want to use agents more productively; includes everything in Free plus unlimited Workforces, two Build Users, scheduled Tasks, Chat Mode, Smart Escalations, Activity Center, Premium App Triggers, and Bring Your Own LLM.

Team For teams with larger workloads; includes everything in Pro plus Credit Rollover, five Build Users, End Users, multiple Shared Projects, Calling & Meeting Agents, A/B Testing, Analytics Dashboard, and Priority Support.

Enterprise Custom enterprise plan with unlimited users and projects, Enterprise App Triggers, Agent Evaluations, Work Hour Controls, Multi-Org Management, Enterprise Security, Dedicated Account Manager, Custom Implementation, and Priority Early Access. Other Actions Usage units for agent and workflow executions; different monthly or annual quotas are included depending on the plan.

Vendor Credits Prepaid/quota model for third-party AI model usage; according to the Terms, Vendor Credits can be used for Third-Party-AI-Model-Usage and are tied to an active subscription.

Bring Your Own LLM Users can connect their own LLM accounts or API keys, for example for OpenAI, Anthropic, or Google; processing then additionally depends on the respective provider and its DPA/Terms.

Enterprise Data Retention Enterprise feature for the automatic control of the retention and deletion of Tool Runs, Agent Conversations, Workforce Tasks, and Asset Versions; according to the documentation, it must be activated by Relevance AI.

Location: Australia Australia. The contracting party is OnSearch Pty Ltd, an Australian company with ABN 33 637 909 409,

GDPR: Yes Overall assessment: Conditionally to well suited for GDPR, depending on the plan, region, and integrations. Relevance AI cites GDPR compliance, SOC 2 Type II, encryption in transit and at rest, SSO/MFA via identity providers for enterprise customers, RBAC, fine-grained access control, audit/security documentation, and a list of subprocessors in the Trust Center.

Another positive is that, according to Relevance AI’s security documentation, Relevance AI does not train models on customer data and stores agent conversations as well as knowledge data in the region selected by the customer. For enterprise customers, security questionnaires and additional compliance documentation are offered under NDA; the website also mentions DPA templates in the Trust Center.

The negative is: Relevance AI is operated by OnSearch Pty Ltd, an Australian company; the general privacy policy includes EU/UK-specific rights, but does not make a blanket statement that all processing takes place exclusively in the EU. External integrations and LLM steps may involve third-party providers whose own privacy and processing terms also apply.

Server location: Relevance AI describes multi-region deployment and storage in the selected region; specific default regions or automatically guaranteed EU data residency are not publicly and unambiguously assured for every plan. For GDPR-critical use, the enterprise plan, DPA/data processing agreement, region selection, list of subprocessors, BYO-LLM/LLM provider review, retention settings, and access controls should be verified in a binding manner. Sources: Relevance AI Privacy Policy, Security Overview, Data Security Policy, and Pricing.

Privacy Policy

– ★★★★★★★★★★ (0)

Link

Link

ⓘMidjourney is an AI tool for generating images and, by now, also short videos from text and image prompts.

Midjourney is an AI image generator with a web and Discord interface that translates text, reference images, and style prompts into high-quality visuals. Today, the tool covers not only classic text-to-image, but also image references, style references, Character/Omni References, moodboards, Describe functions, editor workflows, and short image-to-video animations. Particularly striking is the strong creative controllability through personalization and visual references. Important for professional use: Commercial use is generally permitted, but its suitability for data protection and enterprise use can only be rated as limited due to US-based storage, training-related concerns, and limited business administration.Midjourney

community-funded research lab … building the most beautiful AI models in the world

4.3/10 | Limited

Image Generation, Character Design, Illustrations, Video Generation

Subscription Basic Plan: Entry into image generation with limited Fast GPU time; no Relax Mode, no Stealth Mode.

Standard Plan: More Fast GPU time, unlimited image generation in Relax Mode, HD video possible in Fast Mode.

Pro Plan: More Fast GPU time, Stealth Mode, more simultaneous image/video prompts, Relax Mode for images and SD video.

Mega Plan: Highest official tier with maximum Fast GPU time and the highest parallelization limits within the standard plans. Other Annual Billing Annual payment with a discount compared to monthly payment.

Fast/Relax Mode Usage depends, depending on the plan, on fast GPU time and Relax Mode.

Stealth Mode Included only in Pro and Mega; is intended to keep images/videos private, but does not apply in open/shared rooms.

Location: USA Midjourney, Inc., Attn: Takedowns Department, 611 Gateway Blvd. Ste 120, South San Francisco, CA, 94080-7066, US.

GDPR: No The information documented on the website does not demonstrate full GDPR compliance for users in the EU/EEA. On a positive note, Midjourney addresses EEA/EU-related issues in its privacy policy and specifies standard contractual clauses for data transfers. At the same time, the website explicitly states that the personal data processed by Midjourney is stored on servers in the United States. The website does not specify an EU data residency, EU/EEA data centers, a Data Processing Agreement (DPA), subprocessors, or an on-premises/self-hosting option. Additionally, the website states that data generated from the use of the service may be used to train the models.
Positive
Privacy policy available; separate notices for the EEA/EU, Switzerland, and the UK are provided; Standard Contractual Clauses for transfers from the EEA/EU context are mentioned; deletion of accounts and data is described; non-essential cookies are to be used only with explicit consent.
Negative
The website states that personal data is stored on Midjourney servers in the U.S. The website does not specify an EU data residency or an EU/EEA hosting option. A Data Processing Agreement (DPA) is not mentioned on the website. Subprocessors are not listed on the website. The privacy policy and training documentation explicitly state that data generated from the use of the service and user data may be relevant for training or for training machine learning algorithms; an opt-out option for general model training is not provided on the website. On-premises, self-hosting, or private cloud options are not listed on the website.
Server Location
As stated on the website: personal data processed by Midjourney is stored on Midjourney servers in the United States. EU/EEA server locations or EU data residency are not specified on the website.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“Bringing technology to life”

ElevenLabs is an AI platform for speech synthesis, voice cloning, speech-to-text, dubbing, sound effects, music, conversational agents, and audio APIs.

The company no longer positions itself solely as a voice tool, but as a platform with ElevenCreative, ElevenAgents, and ElevenAPI for creators, businesses, and developers.ElevenLabs

Bringing technology to life

7.8/10 | Good

Audiobook Creation, Sound Effects, Voice Assistant, Text-to-Speech, Voice Cloning, Transcription, Video Translation

Free Includes text-to-speech, speech-to-text, sound effects, voice design, music, productions, image & video, as well as limited studio projects and monthly credits. Subscription Starter Everything in Free plus a commercial license, Instant Voice Cloning, more Studio projects, commercial music use, and Dubbing Studio.

Creator Everything in Starter plus professional Voice Cloning and additional credits; suitable for creators with regular audio/voiceover needs.

Pro Everything in Creator plus higher audio quality and API-oriented audio output; suitable for professional production and developer workflows.

Scale Everything in Pro plus multiple workspace seats, team collaboration, and professional AI voices; suitable for teams and growing audio workflows.

Business Everything in Scale plus low latency for TTS, more professional AI voices, and more seats; suitable for companies with high production or integration needs. Other Enterprise Custom offer with tailored credits and seats, DPA/SLA commitments, BAA for HIPAA customers, custom SSO, higher concurrency, more voices, prioritized support, and additional enterprise features.

Pay-as-you-go / API / Startup Grants In addition to subscriptions, ElevenLabs also offers pay-as-you-go prepayment with or without a paid subscription; there is also API usage and a startup grant program for conversational AI integrations.

Location: USA Eleven Labs Inc., 169 Madison Ave #2484, New York, NY 10016, United States. For Voice Data of persons in the EEA/UK/CH, the Privacy Policy additionally names: Eleven Labs Poland sp. z o.o., Lipska 27/22 Street, 03-908 Warsaw, Poland.

GDPR: Partly For users in the EU/EEA, GDPR-compliant use is not guaranteed across the board for the standard SaaS offering, but under Enterprise terms, there is a documented path to reduced-risk use: ElevenLabs offers a DPA, EU data residency in isolated environments, and, optionally, an EU-restricted processing path via API with Zero Retention Mode. At the same time, the website itself notes that data is stored in the U.S. by default and that processing may take place outside the selected region despite the chosen data residency. Therefore, usage within the European region appears to be robustly documented only under certain conditions.
Positive
The website features a privacy policy, a DPA, documented EU data residency as an enterprise feature, Zero Retention Mode to reduce stored content, an opt-out option from model training via account settings, and a reference to SOC 2. The DPA also specifies that processing is permitted only in accordance with documented customer instructions.
Negative
The website also states that customer data is hosted or stored in the U.S. by default. Even with data residency, processing may take place outside the selected region—for example, by international affiliates and subprocessors, as well as for support and content moderation. EU data residency is available only to Enterprise customers. The website does not provide evidence of full EU/EEA standard operations without these restrictions.
Server Location
According to the website, customer data is hosted or stored in the U.S. by default. Additionally, ElevenLabs offers isolated data residency environments in the EU for Enterprise customers. The website lists a separate environment for the EU at 'eu.residency.elevenlabs.io'. At the same time, it is noted that processing may take place outside the selected region despite the chosen storage location; processing can be restricted to the EU only in certain configurations, such as with Zero Retention Mode and API usage.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“The Global Leader in Social Humanoid Robotics” / “Engineering the world’s most advanced social humanoid robots.”

Engineered Arts develops and builds humanoid robots for social interaction, entertainment, education, research, events, and public installations. The flagship Ameca is a full-scale, interactive, and programmable humanoid robot equipped with cameras, microphones, speakers, and 61 degrees of freedom. All current robots are operated via the Tritium software platform.Engineered Arts

The Global Leader in Social Humanoid Robotics" / "Engineering the world's most advanced social humanoid robots.

5.0/10 | Limited

Embodied AI, Humanoid Robots, Robot Teleoperation, Service Robots

Other Purchase on request, rental/rental on request, customized configurations, Tritium AI Subscription, maintenance/support and optional warranty extensions. Direct prices are not given here as no verified official standard price list was found. Ameca: CE publicly named. The official Ameca spec page states "Certifications: CE".

Location: United Kingdom Engineered Arts Limited is registered at Companies House as an active Private Limited Company.

GDPR: Unclear Although the website contains several statements regarding data protection, local processing whenever possible, and general GDPR compliance, it does not include a robust privacy policy with details on product data processing, specific server or data center locations, EU/EEA data residency, a data processing agreement (DPA), a list of subprocessors, or a robust opt-out option for AI training. The documentation is therefore too incomplete to allow for a reliable assessment of GDPR compliance throughout the EU/EEA.
On the positive side
On the positive side, according to the website, Mesmer and Tritium were developed with a focus on data protection and security; data processing takes place locally whenever possible; encrypted and secure data processing is mentioned; and the website repeatedly refers to GDPR compliance and international privacy standards. In addition, the website describes its own robotics software platform comprising Tritium, Tritium OS, and a user-side Python IDE, which suggests a certain degree of technical control.
Negative
On the negative side, the website provides no concrete evidence of EU/EEA hosting, no specific data centers are named, no Data Processing Agreement (DPA), no subprocessors, no statement regarding international data transfers, no product-specific statement on the retention of interaction data, and no clear assurance that user inputs, uploads, or conversation data are not used to train general models. Furthermore, certifications are not reliably documented on the Mesmer and Tritium pages found.
Server location
Not specified on the website. The only information found was that Tritium AI is described as a cloud-based solution and that data processing takes place locally whenever possible; specific server or data center locations in the EU/EEA are not mentioned.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"Generative AI Tools & Digital Assets for Creators"

Artlist is a creative platform for music, SFX, footage, templates, and AI tools. According to Artlist, the AI Suite includes, among other things, AI Video, AI Images, AI Music, AI Voiceover, and Artlist Studio.Artlist AI Suite

Generative AI Tools & Digital Assets for Creators

6.1/10 | Solid

Music Generation, Sound Effects, Text-to-Speech, Video Generation, Video Editing

Subscription AI Starter AI credits for the AI Toolkit; depending on the credit tier, AI voiceover, AI image, AI video, AI music, and Artlist Studio.

AI Professional Higher AI credits, Artlist Studio, end-to-end AI production, character/location/shot control, team credit control, priority generation, and up to several team members.

Artlist Max Combination of stock catalog and AI tools for music, SFX, footage, templates, LUTs, plugins, as well as AI image, AI video, AI music, and AI voiceover.

Max Business Business offering for companies and agencies with stock catalog, AI products, commercial license, legal protection, security/compliance features, SSO, curation service, and account manager.

Enterprise Customized solution for global teams with AI products, stock, scalable features, tailored enterprise license, support, security, and control. Other AI Credits Credits are renewed monthly and used across AI products/models; additional credits can be booked.

Voice Cloning / Custom Voices Creation of personalized voices based on authorized audio samples; rights and consents must be secured by the user.

Location: Israel Artlist UK Limited, Suite 4 St Giles House, 27 St Giles Street, Norwich, Norfolk, UK, NR2 1JN. For other countries: Artlist Ltd, Kibbutz Afikim 1, Afikim, 1514800, Israel.

GDPR: Partly The website highlights several positive aspects regarding data protection and compliance for users throughout the EU/EEA: Artlist states that it complies with the GDPR, lists an EU representative office in Luxembourg, describes international data transfers using SCCs, mentions ISO 27001 certification, and provides information on the storage of prompts and project data in a “private cloud.” At the same time, crucial information required for clear and comprehensive GDPR compliance is missing directly from the website: No specific server or data center location within the EU/EEA is mentioned; no reliable EU data residency is guaranteed; no freely accessible Data Processing Agreement (DPA) is provided for customers; and no list of subprocessors is published. Additionally, Artlist itself states that some integrated third-party models may use inputs/outputs for training or model improvement, provided this is indicated in each case. Thus, from an EU/EEA perspective, GDPR-compliant use appears possible only under certain conditions, particularly with careful model selection and the user’s own contractual review.
Positive
The website features a privacy policy, an EU representative in Luxembourg, a reference to SCCs for international data transfers, ISO 27001 certification, and statements that data is stored in encrypted environments within a “private cloud.” Regarding AI content, the product page also states that prompts, uploads, and outputs are not used for training; the privacy help article specifies that third-party models are generally contractually excluded from training, unless Artlist explicitly indicates otherwise for individual models. Uploads for AI generation are supposed to be stored only temporarily and then deleted; according to the website, only the generated assets are stored.
Negative
The website does not specify a specific EU/EEA server location or data center. There is no evidence of an explicit EU data residency for the service. A Data Processing Agreement (DPA) accessible to customers is not listed on the website. A list of subprocessors is not provided on the website. The help page also explains that some models may use inputs and outputs for AI training or model improvement if this is indicated; thus, “no training” is not consistently guaranteed across the board. On-premises, self-hosting, or other local deployment options are not listed on the website.
Server Location
The specific server location or data center location is not specified on the website. It is only stated that data is stored “in encrypted environments within our private cloud.” Relevant for EU/EEA users: The website does not provide a binding assurance of EU data residency or an EU/EEA data center.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"Turn text into videos with AI voices"

Fliki is an AI video and voiceover tool that turns prompts, scripts, blog articles, and presentations into videos with AI voices, visuals, music, and subtitles. According to the provider, Fliki supports 2,000+ AI voices in 80+ languages, text-to-video, blog-to-video, PPT-to-video, AI Avatars, Voice Cloning, translation, screen recording, and auto-editing.Fliki

Turn text into videos with AI voices

7.6/10 | Good

Avatarerstellung, Social media content, Voice output, Subtitling, Video generation

Free Free entry without a credit card; limited audio/video creation, 720p export, short export length, limited workflows, and restricted media/AI features. Subscription Standard For creators with more credits, 1080p videos, more voices, premium stock media, translation into 80+ languages, longer videos, Make/Zapier integration, limited avatars, voice cloning, AI Playground, YouTube publishing, and commercial rights.

Premium For professional teams and studios with significantly more credits, longer videos, multiple voice cloning/custom voice options, AI video clips, all AI avatars, brand kits, custom fonts, photo avatars, and priority support.

Enterprise Custom plan with custom credits, bulk discounts, higher quotas, invoiced billing, API access, personalized avatars, professional voice cloning, custom templates, dedicated account manager, and team collaboration. Other Credits Fliki uses a credit system; credit consumption depends, among other things, on video length, media source, AI Avatar, and AI Video Clips.

Integrations / API Make and Zapier integration in Standard/Premium; API access is officially mentioned in the Enterprise plan.

Location: USA 1013 Centre Road, Suite 403-B, Wilmington, DE, 19805, USA

GDPR: Partly For the EU/EEA region, GDPR-compliant use, based on the information provided on the website, can only be substantiated to a limited extent. Positive aspects include references to an Enterprise DPA, EU data residency options, and statements that content will not be used for training without explicit consent. However, a negative aspect is that the general privacy policy states that the servers and central databases are located in the U.S. and does not provide evidence of general, standard EU data residency for all pricing plans. Therefore, no clear and comprehensive GDPR compliance is documented for standard SaaS usage; a viable approach appears to lie more in utilizing enterprise features with a DPA and EU data residency.
Positive
The website includes references to a data processing agreement for Enterprise plans, data residency options in the “US, EU,’ SOC 2 Type II certification for Enterprise, and a statement that uploaded scripts, voice recordings, and exported videos will not be used to train AI models without explicit consent. Consent and withdrawal rights are also mentioned in connection with voice cloning.
Negative
The privacy policy lists the U.S. as a location where information may be transferred, stored, or processed, and states that servers or central databases are located in the U.S. A public subpage listing subprocessors was not provided on the website. A generally available DPA page for all customers, a default EU data residency for regular SaaS use, and on-premises/self-hosting options were not specified on the website.
Server Location
The privacy policy states that information may be transferred to, stored, or processed in the U.S. when accessed from outside the U.S., and that servers or central databases are located in the U.S. Additionally, data residency options in “US, EU” are mentioned on Enterprise subpages. No specific EU/EEA data center or country is specified on the website.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“The AI community building the future.”

Hugging Face is not a single proprietary LLM provider, but a platform for hosting, discovering, distributing, evaluating, and deploying AI and LLM models. The Model Hub is used for storing, discovering, and using model checkpoints; LLMs can be used via Inference Providers, Inference Endpoints, or locally through libraries such as Transformers.Hugging Face

LLM “The AI community building the future.”

7.5/10 | Good

Endpoints, EU-Storage, Function Calling, Inference, LLM API, MLOps, Modellrouter, Open-Source-LLMs, PrivateLink, Providerwechsel, SSO, Structured Outputs

Free You can test API access with a free Hugging Face account. There are monthly free credits. According to the current Hugging Face documentation, free users receive monthly credits, currently listed as $0.10, subject to change. After that, you need additional credits or pay based on usage. Subscription PRO With Hugging Face PRO, you get significantly more included inference credits. The pricing page lists, among other things, 20× included inference credits for PRO; the Inference docs currently mention $2.00 in monthly credits for PRO users.

Team & Enterprise For organizations, there are Team and Enterprise. These plans also include Inference Provider benefits or credits per seat and enable centralized billing, limits, and administration. According to Hugging Face, Team/Enterprise organizations currently receive $2.00 per seat in monthly credits. Other Pay-as-you-go If your credits are used up, you can continue making API requests by purchasing additional credits or paying based on usage. The costs depend on the specific model, provider, and usage.

Your own provider key In some cases, you can also use your own API keys from external providers. In that case, billing does not go through Hugging Face, but directly through the respective provider; according to the documentation, Hugging Face does not charge for this call.

Location: France Hugging Face, Inc.: USA / Delaware Corporation; EU main establishment: Hugging Face SAS, 9 rue des Colonnes, 75002 Paris, France.

GDPR: Partly For users throughout the EU/EEA, GDPR-compliant use is generally possible according to the information provided on the website, but only under certain conditions. Positive aspects include the documented EU data residency for Team and Enterprise plans, the reference to GDPR-compliant use with datasets, models, and inference endpoints stored in EU data centers, and the availability of an AVV exclusively through the Enterprise plan. At the same time, the general privacy policy mentions the company’s servers in the U.S. and describes third-party providers and subprocessors, some of which are located in the U.S. For standard use without a Team or Enterprise plan, repositories are always stored in the U.S., according to the website. Therefore, use within the EU/EEA is not universally compliant with the GDPR, but is only compliant depending on the plan and configuration.
Positive
The website features several positive elements: EU storage regions for Team and Enterprise organizations; an explicit statement that EU companies can use the ML development hub in a GDPR-compliant manner with storage in EU data centers; DPA/AVV for Enterprise; SOC 2 Type 2; according to the documentation, inference endpoints do not store payloads or tokens, only logs for 30 days; according to the documentation, inference provider routing does not store request bodies or responses for training purposes.
Negative
The general privacy policy states that the company and its servers are located in the U.S. and that personal data may be processed in the U.S. or other countries. It also lists several subprocessors based in the U.S. According to the website, repositories for users outside of Team/Enterprise are always stored in the U.S. The website does not provide evidence of a blanket, universally applicable “EU-only” hosting policy. A general, platform-wide opt-out from AI training is not clearly stated on the website; it is only specified for certain inference services that user data is not stored for training purposes.
Server Location
Information presented inconsistently on the website: The privacy policy states that the company and its servers are located in the U.S. At the same time, Hugging Face documents EU storage regions for Team and Enterprise plans and specifies GDPR-compliant use for EU companies, with datasets, models, and inference endpoints located in EU data centers. The list of subprocessors/service providers includes, among others, the U.S., France, and EMEA; specific individual EU data center locations are not specified in more detail on the pages found.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"The all-in-one AI platform for businesses — Turnkey, Secure & GDPR-compliant"

Omnifact is a B2B AI platform for the secure use of generative AI in businesses. It combines team chat with multiple LLM providers, document-based AI assistants via Spaces, integrations, API access, privacy filters, role/team management, and optional enterprise deployment up to on-premise. The platform is clearly focused on data sovereignty, compliance, and integration into enterprise IT.Omnifact

The all-in-one AI platform for businesses — Turnkey, Secure & GDPR-compliant

7.4/10 | Good

Automation, Chatbot, AI agents, Text generation, Knowledge Base

Subscription Pro Access to the entire Omnifact platform including Chat and Spaces, leading AI models with monthly usage credits, unlimited base-tier models after the credits are used up, Omnifact Privacy Filter™, teams up to a certain size, Knowledge Spaces with a page limit, email support, and onboarding materials. Other Enterprise Everything in Pro plus no team size limit, custom usage credits, self-hosted LLMs, Bring Your Own API Key, usage analytics, API access to Spaces, Enterprise SSO, custom SLAs, on-premise deployment, and a dedicated account manager.

Spaces API / Self-Hosted LLMs / BYOK For enterprise integrations, internal knowledge assistants, your own model infrastructure, and controlled model usage.

Location: Germany Omnifact GmbH, Hansaallee 154, 60320 Frankfurt am Main, Germany

GDPR: Yes Omnifact presents several building blocks on its own website for GDPR-compliant use throughout the EU/EEA: DPA pursuant to Art. 28 GDPR, hosting of customer data in Microsoft Azure in the Germany West Central region (Frankfurt), EU-hosted model options, privacy filters to reduce external data sharing, a documented subprocessor register, as well as self-hosting/on-premise options. Since on-premise, private cloud, and EU hosting are also expressly offered, a straightforward path to GDPR-compliant use is clearly described. As a limitation, Omnifact itself points out that for certain activatable providers and US-related subprocessors, additional assessments pursuant to Art. 44 et seq. GDPR may be necessary depending on the configuration.
Positive
Particularly positive are the DPA that becomes effective automatically upon registration, the documented data processing in Frankfurt, the option for EU-hosted models via Google Vertex AI in the 'europe-west' region, the statement 'We never use your data to train our models', the self-hosting/on-premise deployment up to and including air gap, as well as the ISO/IEC 27001:2022 certification.
Negative
Negative or limiting is that Omnifact itself points out possible third-country risks on its own website: For subprocessors headquartered in the USA, US access cannot be ruled out despite EU data storage. In addition, for certain activatable providers such as Groq, it is explicitly noted that currently no DPA is provided and use therefore takes place under the customer's own responsibility. GDPR compliance therefore depends in part on the specific provider and hosting configuration selected.
Server location
For customer data on the Omnifact platform, the website states Microsoft Azure, Germany West Central region (Frankfurt). In addition, the website mentions EU-hosted models via Google Vertex AI with hosting in the 'europe-west' region. Furthermore, Omnifact promotes EU cloud, private cloud, and on-premise; other specific data center locations are only partially specified on the website.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“Thought. Done.” For its AI offerings, STRATO also uses the tagline: “What used to take hours, AI does for you in minutes.”

STRATO offers domains, email, website builders, online stores, WordPress hosting, servers, cloud storage, and security products. In the SmartWebsite builder, AI can generate an initial website, including design, images, and text. Text optimization, image generation, and an AI SEO assistant complement the classic drag-and-drop editing.STRATO

What used to take hours, AI can now do for you in minutes.

7.8/10 | Good

API Integration, Automation, Image generation, Email creation, Customer Support, Paraphrase, SEO, Voice assistant, Speech recognition, Telephone Assistant, Scheduling, Text generation, Translation, Website Development, Knowledge Base, Summary

Subscription SmartWebsite Basic Domain, SSL certificate, email accounts, limited website size, and AI website generator.

SmartWebsite Plus Basic features plus significantly more subpages, AI text generator and optimizer, AI SEO assistant, and marketingRadar.

SmartWebsite Pro Plus features, larger page quota, and rankingCoach for advanced search engine optimization.

Smart AI Phone Assistant Unlimited Monthly cancellable AI phone service with unlimited calls, call forwarding, appointment booking, and advanced API integration. Other AI Email Assistant Optional add-on for STRATO plans that include an email account; includes drafts, summaries, replies, rephrasing, and translations.

WordPress Hosting with AI Setup WordPress hosting with AI-assisted initial setup of websites and content.

SmartWebshop E-commerce packages with website/shop creation and integrated AI support for setup and content.

V-Server for LLM Hosting Virtual servers for independent operation of small and medium-sized open-source language models.

Dedicated Servers for LLM Hosting Dedicated hardware for larger models, custom AI services, agents, and controlled enterprise applications.

OpenClaw and n8n Hosting Server offerings for self-hosted AI agents and workflow automation.

Location: Germany STRATO GmbH, 7 Otto-Ostrowski-Straße, 10249 Berlin, Germany.

GDPR: Yes Overall assessment:
Well-suited for GDPR compliance, depending on the STRATO product used and the specific AI feature. STRATO is a German limited liability company (GmbH) based in Berlin and provides a data processing agreement in accordance with Article 28 of the GDPR, as well as documented technical and organizational measures. For contracts concluded since July 18, 2022, the DPA is automatically included according to STRATO; for older contracts, it can be completed and downloaded via the customer login.

Positive aspects include the German data centers, an ISO/IEC 27001-certified information security management system, TLS/SSL encryption, access controls, access logging, and documented security measures. STRATO specifies its own certified data centers in Berlin and Karlsruhe. Regarding the Smart AI Phone Assistant, STRATO explicitly states that the infrastructure is operated on servers in Germany and that data is processed within the EU.

A negative aspect, or one requiring further review, is that the same technical specifications are not publicly documented for every integrated AI feature. According to STRATO, the AI email assistant is based on ChatGPT. No publicly available, clearly formulated product-specific information regarding storage duration, non-training, and the specific location of inference was found for its prompt and content processing. STRATO’s general privacy policy also permits the processing of data for the use and training of its own AI applications; according to STRATO, aggregated data is generally used for this purpose, and deletion routines are supposed to apply to personal data.

Server location: The classic hosting, server, and cloud services are primarily operated in Germany or Europe. STRATO’s own data centers are located in Berlin and Karlsruhe. For the Smart AI phone assistant, hosting in Germany is explicitly confirmed. For individual AI modules such as email, website, image, or text generation, the complete technical data flow is not publicly disclosed separately for each function.

Conclusion: STRATO has a solid foundation for GDPR compliance and hosting. Self-hosting of open models on a STRATO server is particularly privacy-friendly because prompts and documents do not need to be transmitted to an external U.S. AI API. For integrated AI assistants, the General Terms and Conditions (GTC), information obligations, recording rules, retention periods, and the respective model processing should be reviewed in advance.

Privacy Notice

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"Your finances. Under control." / "Here is your AI tax advisor"

Accountable is a tax, accounting, invoicing, and banking app for self-employed people in Germany. The integrated AI tax advisor answers tax questions, takes the user's personal Accountable situation into account according to the provider, and assists with receipt recognition, expense categorization, tax checks, and tax returns.Accountable – AI tax advisor

Your finances. Under control. / Here is your AI tax advisor

6.4/10 | Solid

Buchhaltung, Chatbot, Invoicing, Tax Return

Free Free entry into e-invoicing via smartphone, a linked bank account, unlimited ZUGFeRD and XRechnungen, limited expense booking and business account features. No full-fledged AI tax advisor access apparent as a core service. Subscription Invoices Plus Includes everything from Free plus web access for income, unlimited e-invoices on smartphone and laptop, quotes, installment invoices, recurring invoices, as well as limited AI tax advisor access.

Accounting For complete bookkeeping and expense management; includes web and mobile access, multiple bank accounts, unlimited expense booking, tax overview, small business year-end closing features, and limited AI tax advisor access.

Taxes Includes accounting and invoicing tools plus VAT advance return, annual financial statements, income tax/EÜR/trade tax/annual VAT return, and significantly expanded AI tax advisor access.

Max Highest Accountable tier with advanced tax and support features, personal onboarding, tax coach access, extended tax guarantee, and unlimited AI tax advisor access. Other Tax advisor services
Separate tax advisory services such as consultations with certified tax advisors, income tax returns, or support during tax audits; not identical to the AI tax advisor.

Location: Belgium Accountable SA, Square Victoria Régina 1, 1210 Saint-Josse-ten-Noode, Belgium. German location: Accountable SA Germany, Pappelallee 78–79, 10437 Berlin.

GDPR: Partly Based on the information found on the website, use in compliance with the GDPR within the EU/EEA is generally possible, but this is not fully and clearly documented. Positive aspects include a published privacy policy, a data controller based in the EU (in Brussels), references to servers in Frankfurt, and general statements regarding transfers to third countries pursuant to Art. 44 et seq. of the GDPR. At the same time, the website lacks information regarding data processing agreements (DPAs), subprocessors, a specific EU data residency for all processing activities, and a clear contractual exclusion of the use of user-provided data for AI training. Therefore, from an EU/EEA perspective, the use of the service should be classified as subject to conditions rather than clearly substantiated.
Positive
A privacy policy was found, along with the designation of Accountable SA in Brussels as the data controller, a note that Accountable’s servers are located in Frankfurt, as well as statements regarding encrypted transmission, encrypted backups, privately controlled servers, and compliance with third-country rules pursuant to Art. 44 et seq. of the GDPR.
Negative
The following are not specified or cannot be found on the website: a Data Processing Agreement (DPA), a list of subprocessors, a reliable statement regarding EU data residency for all data flows, a clear opt-out or exclusion of AI training using user data, or relevant certifications such as ISO 27001 or SOC 2.
Server Location
The website states that Accountable’s servers for the AI tax advisor are located in Frankfurt. Additionally, the Help Center refers to a private, secure server that is fully controlled by Accountable. Comprehensive, centralized documentation regarding infrastructure and data residency for all services and subcontractors is not provided on the website.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ"Your AI team that's there for you around the clock."

Notion AI is the AI integrated into Notion for knowledge work, research, writing, search, and automation.

The system can use content from your own workspace, connected apps, and in some cases the web to create texts, build pages and databases, generate meeting notes, analyze PDFs/images, and automate tasks with agents.Notion AI

AI for knowledge work, research, writing, search, and automation.

7.4/10 | Good

Task Management, Note Management, Project Management, Text Generation, Translation, Knowledge Base, Summarization

Free For individuals and personal projects; unlimited pages/blocks for solo use, basic organization, and limited team/upload features. Subscription Plus Plan For small teams; more collaboration, more guests, longer version history, and larger uploads; available for students/educators under certain conditions.

Business Plan For businesses; includes unlimited Notion AI usage, Advanced Integrations, and advanced team features. Other Enterprise Plan For larger organizations with Notion AI, SSO, SCIM, audit logs, advanced admin/security controls, and data residency options.

Notion AI / AI Agents / Ask Notion AI features are integrated or expanded depending on the plan; Enterprise offers stronger privacy and governance controls.

Location: USA Notion Labs, Inc., 685 Market Street, San Francisco, CA 94105, USA

GDPR: Partly Notion documents GDPR-related measures, a privacy policy, a DPA/AV agreement, as well as an EU data residency option for Enterprise customers. For the EU/EEA area, privacy-compliant use is therefore generally possible, but only under conditions: EU data residency applies only to certain customer data categories and only for Enterprise with migration/setup; at the same time, Notion states that it continues to store and process all data categories in the USA and other international locations. This means that use is not consistently and automatically fully EU-local.
Positive
The website includes privacy notices, reference to a DPA/AV agreement, subprocessor information, reference to SCCs for data transfers, EU data residency with European AWS regions Frankfurt and Ireland, contractual exclusion of training by AI subprocessors, as well as certifications such as ISO 27001 and SOC 2 Type 2.
Negative
According to the website, hosting remains in the USA by default unless migration is set up. According to the website, EU data residency is limited to Enterprise and does not cover all data categories or all product areas. Notion also states that it continues to store and process data in the USA and other international locations. An on-premise or self-hosting option is not indicated on the website.
Server location
For data residency in Europe, the website names AWS regions EU-Central-1 in Frankfurt and EU-West-1 in Ireland. According to the website, a workspace remains hosted in the USA by default until a migration takes place. In addition, Notion states that it continues to store and process all data categories in the USA and other international locations.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“When something feels off, Buoy it”

Buoy Health is a U.S. digital health/AI tool for symptom checking, initial clinical assessment, triage, and care navigation.

End users can enter symptoms via chat/quiz and receive possible causes, guidance on urgency, and recommendations for next steps in care. In addition, Buoy offers clinically editorially supervised health content, disease-specific AI quizzes, as well as an API for integration into apps, websites, and patient portals.Buoy Health

When something feels off, Buoy it

3.4/10 | Insufficient

Chatbot, Symptom Check

Free Free to use; account creation is free according to the Help Center. Includes AI-powered symptom checking, clinical guidance, and indications of possible next steps. Other Buoy API / Enterprise Programs Symptom-checking and triage engine for integration into websites, apps, or organizational programs; demo/contract model for organizations.

Third-Party Services / Care Navigation Buoy can direct users to third-party providers, health services, or care pathways; availability and terms depend on the respective partner.

Location: USA Buoy Health, Inc., 580 Harrison Ave., Suite 1W, Boston, MA 02118, USA

GDPR: No Although the website includes a privacy policy and general security information, it does not provide any reliable details regarding EU/EEA data residency, EU data centers, data processing agreements (DPAs), subprocessors, or a GDPR-specific processing framework. On the contrary, the privacy policy explicitly states that Buoy is operated from the United States and that data processing is subject to U.S. law. For users throughout the EU/EEA, the website therefore does not demonstrate fully GDPR-compliant use.
Positive
Positive aspects include a publicly accessible privacy policy, references to technical and organizational security measures such as encryption, firewalls, identity management, and intrusion prevention/detection, as well as a mentioned HITRUST certification. In addition, Buoy describes options for filing complaints and contacting the company via email.
Negative
A particular negative factor for an EU/EEA GDPR assessment is that the website describes Buoy as being controlled and offered in the U.S., and the privacy policy explicitly states that U.S. law—and not the law of other jurisdictions—applies. Furthermore, the Terms of Service state that users must be located in the U.S. to use the services. The website does not specify EU server locations, EU data residency, SCCs/transfer mechanisms, AVV/DPA, a list of subprocessors, the option to opt out of AI training for general models, or on-premises/self-hosting options.
Server Location
Not specified on the website. The Privacy Policy merely states that Buoy is controlled and offered from the United States; specific server or data center locations in the EU/EEA are not mentioned.

– ★★★★★★★★★★ (0)

Link

Link

ⓘMicrosoft Copilot Studio is a graphical low-code platform for creating, customizing, publishing, and managing AI agents and agent flows.

The agents can access business data, use knowledge from SharePoint, websites, Dataverse, or enterprise connectors, perform tasks via flows/prompts/APIs, and be published in Microsoft 365, Teams, websites, apps, or additional channelsMS Copilot Studio

Create, customize, and launch AI agents effortlessly

6.8/10 | Solid

Automation, Chatbot, AI agents, Customer Support, Knowledge Base

Free Individuals can use a free trial version to create agents and test them in the test chat; however, according to Microsoft, agents cannot be published with the trial license. Subscription As a standalone Copilot Studio subscription for agents on supported channels, premium connectors, and production use; Copilot Studio is also included in certain Microsoft 365/Teams contexts or with Microsoft 365 Copilot to extend Microsoft 365 Copilot with agents. Other Pay-as-you-go via Azure billing; Pre-Purchase Plan with pre-purchased Copilot Credit Commit Units; Copilot Credit Capacity Packs as tenant-wide capacity. Copilot Credits measure usage depending on the agent response, action, and complexity.

Location: USA Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

GDPR: Partly Microsoft’s website lists several key GDPR-relevant components for Microsoft Copilot Studio in the EU/EEA region: EU Data Boundary, geographic data residency in EU/EFTA data centers, a DPA/AVV via the Microsoft Products and Services Data Protection Addendum, and compliance and governance features. At the same time, Microsoft itself states that the EU Data Boundary applies only under certain configuration requirements and that there are limited exceptions for transfers outside the EU Data Boundary. According to the website, this means that GDPR-compliant use is possible for EU/EEA customers, but not across the board without conditions.
Positive
The website documents the EU Data Boundary, selectable geographic data residency, DPA/AVV, references to GDPR support, and certifications such as ISO 27001 and SOC. For Copilot Studio, it is explicitly stated that EU/EFTA tenants with environments within the EU Data Boundary fall within the scope of coverage. Regarding prompt functions, it is also stated that customer data, prompts, and model responses are not used to train or improve the Azure OpenAI Service Foundation models.
Negative
The website makes EU/EEA-compliant data processing contingent on certain conditions, specifically the billing address and the creation of all environments within the EU Data Boundary. Furthermore, Microsoft itself refers to limited cases in which data may be transferred outside the EU Data Boundary. The website does not mention true on-premises or self-hosted operation of Copilot Studio.
Server Location
According to the website, for EU Data Boundary Services, customer data and pseudonymized personal data are stored and processed in data centers located in EU or EFTA countries. Data centers mentioned include those in Austria, Belgium, Denmark, Finland, France, Germany, Greece, Ireland, Italy, the Netherlands, Norway, Poland, Spain, Sweden, and Switzerland. According to the website, this applies to Copilot Studio if a tenant with a billing address in the EU or EFTA is provisioned and all environments are created within the EU Data Boundary.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“The only E-CAD software with AI support.”

ELECTRIX AI is a professional E-CAD platform for electrical engineering, control panel design, fluid technology, process engineering, electrical installation, and building automation. The integrated AI copilot provides support for bill of materials, terminal diagrams, macro placement, translations, technical assistance, requirements checking, and the creation of control cabinet layouts, among other features.Electrix WSCAD

The only AI-powered E-CAD software

5.6/10 | Limited

Elektro-CAD, Schaltungsdesign

Free Full trial access including all six engineering disciplines, add-ons, interfaces, and AI features.

ELECTRIX Education Free license for verified universities and educational institutions. Subscription ELECTRIX AI Rental License
Time-limited license with updates; standard term is one year according to the provider, with additional multi-year contract options available. Other ELECTRIX AI Purchase License Perpetual license for the E-CAD software.

Maintenance and Support Software updates, support, and access to the WSCAD parts database.

Engineering Modules Electrical Engineering, Cabinet Engineering, P&ID, Fluid Engineering, Electrical Installation, and Building Automation.

Add-ons ProjectWizard, Automation, Interfaces, Manufacturing Integration, and other add-on modules.

Consulting and Training Onboarding, project consulting, training, and video tutorials via WSCADEMY.

Location: Germany WSCAD GmbH, Dieselstraße 4, 85232 Bergkirchen, Germany.

GDPR: Partly For the European market, GDPR-compliant use is only feasible under certain conditions. On a positive note, WSCAD describes a privacy-focused architecture on the ELECTRIX website: Project content is not stored or transferred to third parties, chat histories are deleted after each session, text entries are end-to-end encrypted, and customer-specific guidelines and documents remain locally or on the customer’s own servers. At the same time, the privacy policy for AI features mentions that inputs are processed by AI and that anonymized inputs are used to improve the AI, and it refers to OpenAI Ireland Limited and, additionally, Perplexity AI, Inc. The website does not specify a concrete server or data center location for ELECTRIX AI within the EU or the EEA, nor does it provide a Data Processing Agreement (DPA), a list of subprocessors, or clearly documented EU data residency. Therefore, its use is not clearly and fully substantiated; rather, it is justifiable only on the condition that no personal or confidential data is entered into the AI and that local/in-house data storage for documents is indeed sufficient.
Positive
The product page emphasizes that personal data and IP addresses are not shared, project content is not stored or transferred to third parties, chat history is deleted after each session, and individual policies/documents remain entirely within the user’s IT environment—either locally or on the user’s own servers. From an EU/EEA perspective, this supports data-minimal and locally oriented processing steps.
Negative
At the same time, the privacy policy states that input data is processed for AI and used in anonymized form to improve the AI or to train AI models. Furthermore, OpenAI Ireland Limited and Perplexity AI, Inc. are mentioned. The website does not specify a specific ELECTRIX AI server location within the EU/EEA, EU data residency, a Data Processing Agreement (DPA), a list of subprocessors, an explicit opt-out from AI training, or certifications such as ISO 27001 or SOC 2. As a result, essential GDPR evidence for EU/EEA users remains incomplete.
Server Location
Not specified on the website. The privacy policy lists OpenAI Ireland Limited in Dublin, Ireland, as the provider of the AI platform; additionally, it mentions an interface provided by Perplexity AI, Inc. in the U.S. for wscaduniverse.com. The website does not specify a specific server or data center location for ELECTRIX AI itself within the EU/EEA.

– ★★★★★★★★★★ (0)

Link

Link

ⓘ“EDA’s premier code-based, AI-driven PCB design tool.”

JITX is a code-based platform for the development and optimization of complex printed circuit boards, particularly high-frequency systems. Requirements are described in Python; AI can generate or revise the code. JITX uses this to generate schematics and layouts, employs routing and optimization methods, and can initiate and evaluate electromagnetic simulations using Ansys HFSS.JTIX

Software-defined electronics

6.3/10 | Solid

Programming, Schaltungsdesign

Free Permanent free access to designs under the CERN OHL Permissive License; unlimited design complexity, routine automation, technical design checks, and component optimization. Other Enterprise Locally hosted platform for proprietary designs, choice of design license, PLM integration, KiCad, Altium, and Siemens Expedition connectivity, air gap, and dedicated support.

Trial / Demo / Training Customized demonstrations, trial accounts, and training programs.

Consulting Consulting for automated hardware design and implementation of the JITX methodology.

Custom Development Custom development, company-specific design libraries, verification rules, and integrations.

Location: USA JITX Inc., 1207 10th Street, Berkeley, CA 94710, USA

GDPR: Unclear For the entire EU/EEA region, compliance with the GDPR as stated on the provider’s website is not sufficiently substantiated. On the positive side, according to the website, JITX can run on local hardware or the provider’s own infrastructure. At the same time, the privacy policy for the services mentions hosting and processing in the U.S. as well as transfers from Europe to the U.S. The website does not provide an AVV/DPA, EU data residency, specific EU/EEA data centers, a list of subprocessors, or an explicit exclusion of the use of customer data for AI training.
Positive
The website describes JITX as running locally or on the user’s own infrastructure: “Runs on your hardware,” “JITX runs on your local computer,” and “JITX runs on your infrastructure with your approved AI.” In addition, the privacy policy lists European data subject rights and, regarding international transfers, refers to appropriate safeguards as well as the option to request contractual guarantees.
Negative
The privacy policy explicitly states that the services are hosted in the U.S. and that personal data from Europe is transferred to the U.S., among other destinations. For a robust GDPR assessment, the website lacks a Data Processing Agreement (DPA), information on EU/EEA data residency, specific data center locations in the EU/EEA, a list of sub-processors, a documented opt-out from AI training, and relevant certifications.
Server Location
According to the privacy policy, the services are hosted in the United States, and personal data is processed and stored in the United States. The website does not specify a specific EU/EEA server location or EU data residency.

– ★★★★★★★★★★ (0)

Link

Link

ⓘAlibaba Cloud Qwen is Alibaba Cloud's LLM/multimodal model family. Through Model Studio / DashScope, developers can use Qwen models via API, including text models, multimodal models, reasoning models, coding models, translation models, and open-source/open-weight variants. The API is OpenAI-compatible and can be used via different endpoints depending on the region.Alibaba Cloud Qwen API

LLM “one-stop model service platform”,

7.2/10 | Good

Function calls, LLM API, Multimodal AI, open-source model, Programming, Reasoning model, Language model, Text generation

Free Free quotas for certain models/regions; Free Quota applies only to real-time inference and not to batch calls, context cache, fine-tuning, deployment, or custom models. Other Pay-as-you-go / Model Invocation Usage-based billing by model, input/output tokens, thinking/non-thinking mode, region, and deployment mode.

Batch Calls Separate processing of large workloads; not covered by the Free Quota.

Context Cache Cache function to reduce repeated context costs; not covered by the Free Quota.

Fine-Tuning / Deployment / Custom Models Model customization and deployment of proprietary or fine-tuned models; billed separately and not covered by the Free Quota.

OpenAI-/Responses-compatible API Qwen models support OpenAI-compatible interfaces and the Responses API for agentic applications.

Location: China Alibaba Group: 699 Wang Shang Road, Binjiang District, Hangzhou 310052, Zhejiang Province, China.

GDPR: Partly For use within the EU/EEA, the provider’s website offers clear building blocks for a configuration that may be more GDPR-compliant: Model Studio offers an explicit “European Union” deployment mode, in which data storage is tied to the Germany (Frankfurt) region and, according to the documentation, inference is limited to the EU. In addition, there is a published privacy policy and a Data Processing Addendum referencing the GDPR and EU Standard Contractual Clauses. At the same time, the documentation is not robust enough to warrant a fully positive assessment: A verifiable list of subprocessors was not found on the website; no explicit ISO 27001 certification for Model Studio was documented on the pages reviewed; and, according to the product pages reviewed, the service does not offer a clearly documented on-premises/self-hosting option for the commercial API. Therefore, “conditional” seems to be the most appropriate rating for the entire EU/EEA region.
Positive
Positive aspects include a separate privacy policy for Alibaba Cloud International, a published DPA, an explicit EU deployment mode for Model Studio with data storage in Germany (Frankfurt) and EU-restricted inference, as well as the statement that customer data is not used for model training. Additionally, the product documentation mentions SOC 2 for Model Studio and specifies that no conversation data is stored during direct API calls.
Negative
A negative or limiting aspect is that, while cross-border processing is addressed in the privacy and product documentation, no reliable subpage with a list was found on the website for the specific point of interest, “subprocessors.” For the Assistant API path, the documentation also mentions that conversation history is stored with no current expiration date. A clear on-premises/self-hosting option for the commercial API was not specified on the website.
Server Location
The website specifies for the “European Union” deployment mode that the associated data region is Germany (Frankfurt) and that model inference is limited to the EU. The model and pricing documentation also states that, in EU mode, endpoints and data storage are located in Germany (Frankfurt). For Global/International, however, cross-border computing paths are described.

– ★★★★★★★★★★ (0)

Link

Link