Symson

The provider demonstrates moderate compliance risk (25%) with critical gaps in international data transfers (no safeguards), cookie compliance (missing banner/controls), and security measures (no encryption/2FA). High-risk areas include weak user consent mechanisms, undefined retention periods, and lack of transparency in automated decision-making. Immediate action is required to address GDPR, ePrivacy, and EU AI Act obligations.