Vesper

The provider demonstrates moderate compliance with key data protection regulations but exhibits significant risks in critical areas. The highest risks stem from missing security breach response protocols, inadequate logging mechanisms, and non-compliance with automated decision-making requirements under GDPR and the EU AI Act. Transparency and governance deficiencies, such as lacking Data Protection Impact Assessments (DPIAs) and Records of Processing Activities (RoPA), further elevate compliance risks. Immediate remediation is needed in security measures, automated decision disclosures, and transparency documentation to mitigate regulatory penalties.