Carv.com

The provider demonstrates partial compliance with GDPR and related regulations but exhibits significant gaps in high-risk areas. Key issues include insufficient consent mechanisms, undefined data retention periods, lack of automated decision-making transparency, inadequate safeguards for international transfers (Schrems II), and missing governance controls like DPIAs and RoPA. The absence of critical safeguards for AI systems and children’s data further elevates regulatory exposure.