Privacy Policy

General information: The following notes provide a brief overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally.

Data collection on this website: Data processing on this website is carried out by the website operator. Contact details can be found in the section "Controller". Your data is collected on the one hand by you providing it to us (e.g. by entering it into a form or via Google Login). Other data (technical data such as IP address or browser) is collected automatically by our IT systems to ensure the error-free provision of the website.

Controller: The controller responsible for data processing on this website within the meaning of the GDPR and the Austrian Data Protection Act (DSG) is:

Mag. Adnan Ahmad Siddiqi
Supersonic Siddiqi Online Solutions
Mühlhausergasse 4/7
1220 Vienna, Austria
E-Mail: hq@supersonic-sos.com
Phone: +43 676 3606752

Hosting by IONOS: We host our application and databases with IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany). Data processing takes place in a certified data centre in Berlin, Germany.

• Data processing agreement: We have entered into a data processing agreement (DPA) with IONOS in accordance with Art. 28 GDPR. This guarantees that IONOS only processes your data in accordance with our instructions and in compliance with European security standards.
• Security: IONOS employs technical and organisational measures (TOMs) pursuant to Art. 32 GDPR to protect the confidentiality and integrity of your data.
• Legal basis: The use of IONOS is based on Art. 6(1)(f) GDPR (legitimate interest in the secure and stable provision of our online offering).

AI-powered analysis (xAI / Grok): As part of the "Analyzer", URLs you enter and publicly accessible website content (HTML, meta tags) are processed via the xAI API.

• No training: According to the xAI API Terms of Service, data transmitted via the API is not used for training public AI models. No private user data is transmitted to xAI.
• Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

Third-party tools (Google PageSpeed Insights): We use Google PageSpeed Insights for technical performance measurement. Only the target URL is transmitted to Google.

Google OAuth 2.0: You may log in via your Google account. During this process, we receive your name, email address, and profile picture from Google. No Google password is transmitted to us.

• Token processing: Access tokens are used exclusively in memory (RAM) for the duration of a single request and are immediately discarded afterwards.
• No database storage: OAuth tokens are never stored in our database.
• Legal basis: Art. 6(1)(a) GDPR (consent).
• Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy.

As an optional feature, you may connect your own Google Analytics 4 (GA4) property and your own Google Search Console (GSC) verified site to enrich the analysis report with real performance data. This is separate from any analytics tracking on our own website (see Section 6).

Scopes requested:

How we use the data:

• The data is fetched server-side once per analysis run and used solely to generate your AI marketing report.
• The data is not stored persistently in our database. It exists only in memory during report generation and is discarded afterwards.
• The report itself (containing aggregated insights, not raw data) may be cached for your dashboard if you are logged in.
• We do not share, sell, or transfer this data to third parties for advertising, profiling, or any purpose unrelated to the user-visible features.

Revocation: You can revoke our access at any time via your Google Account Permissions page: myaccount.google.com/permissions.

Google API Services User Data Policy — Limited Use Disclosure:
Supersonic Radar's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We use the following analytics tools. All tracking tools are loaded only after you give explicit consent via our cookie banner (“Accept all”). If you choose “Only essential”, no tracking cookies are set and no analytics scripts are loaded.

a) Google Analytics 4 (GA4)

We use Google Analytics 4, a web analytics service provided by Google Ireland Limited (“Google”). GA4 uses cookies to analyse your use of the website.

• Measurement ID: G-8M1214WDNW
• Data collected: Page views, scroll depth, outbound clicks, session duration, device type, browser, country (no city-level).
• IP anonymisation: GA4 does not store full IP addresses by design.
• Storage duration: Cookies expire after 14 months. Event data is retained for 2 months (Google default).
• Data transfer: Data may be transferred to Google servers in the USA. Google LLC is certified under the EU-US Data Privacy Framework.
• Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner).
• Opt-out: You can revoke consent at any time by clearing your cookies or clicking “Only essential” in the cookie banner. Alternatively, install the Google Analytics Opt-out Browser Add-on.
• Privacy Policy: https://policies.google.com/privacy

b) Matomo

We use Matomo, an open-source web analytics platform. Our Matomo instance is hosted at matomo.teamwebsuccess.com (Site ID: 2).

• Data collected: Page views, referrer, device type, browser, country.
• Hosting: European server — no data transfer to the USA.
• Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner).
• Opt-out: Revoke consent by clearing cookies or selecting “Only essential” in the cookie banner.

c) Vercel Analytics

We use Vercel Analytics, a privacy-friendly analytics service by Vercel Inc.

• No cookies: Vercel Analytics does not use cookies and does not track individual users across sessions.
• Data collected: Aggregated page views, referrer, country, device type, Web Vitals performance metrics.
• Legal basis: Art. 6(1)(f) GDPR (legitimate interest in understanding website performance).
• Privacy Policy: https://vercel.com/legal/privacy-policy

d) Cookie Banner and Consent Management

Upon your first visit, a cookie banner is displayed. You can choose between:

• “Accept all”: Enables GA4 and Matomo tracking cookies. Your preference is stored in localStorage (key: ss_cookie_consent, value: all).
• “Only essential”: No tracking scripts are loaded. Only technically necessary data (session, login) is stored. Preference stored as essential.

You can change your choice at any time by clearing your browser's localStorage or cookies — the banner will reappear on your next visit.

We only store personal data for as long as necessary for the respective purposes:

• Analysis cache: 24 hours (automatic expiry).
• Saved reports & analysis history: Stored until the account is deleted. Reports are retained to enable historical comparisons, benchmark tracking, and continuous improvement of your website score.
• Account data: Until the account is deleted. Statutory retention obligations remain unaffected (e.g. 7 years pursuant to § 132 BAO for accounting-relevant data).
• Analytics data (GA4): 2 months event retention (Google default).
• Analytics data (Matomo): As configured by the Matomo instance operator.

Under the GDPR and the Austrian Data Protection Act (DSG) you have the following rights:

• Access (Art. 15): Information about the data we store about you.
• Rectification (Art. 16): Correction of inaccurate data.
• Erasure (Art. 17): The "right to be forgotten".
• Restriction (Art. 18): Restriction of processing.
• Data portability (Art. 20): Receipt of your data in a common format.
• Objection (Art. 21): Objection to processing based on legitimate interests.
• Withdrawal: You may withdraw consent at any time.

Right to lodge a complaint with the supervisory authority: If you believe that the processing of your data infringes data protection law, you can lodge a complaint with the competent authority:

Austrian Data Protection Authority (DSB)
Barichgasse 40-42, 1030 Vienna
Web: https://www.dsb.gv.at/