面向 SaaS 初创公司的 GDPR 快速扫描
初创公司工程师在产品发布或审计前,可快速排查风险最高的 GDPR 合规缺口。
查看输入和输出预览
输入
- Practices Description
- We collect user email, name, and usage analytics. Data is stored on AWS Frankfurt. We use Stripe for payments and Intercom for support chat. No explicit cookie consent banner yet; privacy policy mentions data is 'kept securely' but no retention period or DPO contact. Users can delete accounts by emailing support.
- Business Type
- saas
- Check Type
- quick
输出(节选)
GDPR Quick Check — 3 critical gaps found. 1) Missing lawful basis statement: specify consent/legitimate interest per processing purpose (Art. 6). 2) No cookie consent mechanism despite analytics — add a banner with granular opt-in (ePrivacy). 3) Data retention undefined: state how long data is kept (Art. 5). Strengths: EU data residency (Frankfurt) and a self-service deletion path support data subject rights. Recommended next: appoint/identify a DPO contact and add a Records of Processing entry.