Logo
Join Waitlist

Privacy Policy

Our privacy policy and how we use your data

I. Fundamentals

Here we inform you about the processing of personal data when using our online presence. This online privacy policy applies to our website as well as our social media profiles.

Personal data is all data that can be personally related to you, such as name, address, email, IP address, or user behavior.

II. Who is the responsible party?

We are responsible for processing your data:

SISU digital GmbH
Kleine Spitzengasse 2-4
50676 Cologne, Germany
Phone: +49 221 98 65 05 80
Email: mail@sisudigital.de

III. How to reach our Data Protection Officer?

We are not legally required to appoint a Data Protection Officer. For questions regarding the processing of your data, you can contact us at any time (contact details above).

IV. Who is affected by data processing?

When you visit our website as a prospective customer, customer, supplier, service provider, or other visitor, your personal data will be processed within the framework of legal regulations and this declaration. All visitors to our website are referred to as "users".

V. What data do we collect and for what purposes do we process it?

When you visit our website without registering or otherwise providing information to us, only the personal data that your browser transmits to our server is processed:

  • IP address of the requesting computer
  • Date and time of the request
  • Name and URL of the retrieved file
  • Access status / HTTP status code
  • Amount of data transferred
  • Website from which the request comes (referrer URL)
  • Browser used
  • Operating system

Google Analytics Data Processing

When you register for SISUX and connect your Google Analytics accounts, we process the following data:

  • Google Analytics account data
  • Google Analytics property information
  • Metrics and dimensions from your GA4 properties
  • Audit results and recommendations

The legal basis for this processing is Art. 6 para. 1 lit. b GDPR (contract fulfillment). The data is used exclusively to provide our audit functions.

VI. To whom do we transfer your data?

We regularly work with the following recipients:

  • Supabase - Database and authentication (EU hosting)
  • Vercel - Web hosting (CDN with EU servers)
  • Google Cloud Platform - OAuth and Analytics API access

VII. Is your data transferred to third countries?

In certain cases, your personal data may be transferred to third countries:

  • Google Cloud Platform: Uses EU Standard Contractual Clauses and Google's Data Processing Amendment
  • Vercel: CDN with primary EU hosting, uses EU Standard Contractual Clauses

VIII. How long do we process your data?

The duration of storage of your personal data is regularly based on existing legal retention periods:

  • Account data: Until deletion of your account
  • Google Analytics data: As long as your properties are connected
  • Audit results: Until manual deletion or account deletion
  • Log data: Maximum 30 days

IX. What are your rights?

Regarding the processing of your personal data, you have the right to:

  • Access to your personal data processed by us (Art. 15 GDPR)
  • Rectification of inaccurate or completion of your personal data stored by us (Art. 16 GDPR)
  • Erasure of your personal data stored by us (Art. 17 GDPR)
  • Restriction of processing of your personal data (Art. 18 GDPR)
  • Data portability: To receive your personal data in a structured, commonly used, and machine-readable format (Art. 20 GDPR)
  • Object to the processing of your personal data (Art. 21 GDPR)
  • Complaint to a supervisory authority (Art. 77 GDPR)
  • Withdrawal of your consent (Art. 7 para. 3 GDPR)

X. Right to Object

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the data processing at any time.

XI. Withdrawal of Consent

You can withdraw your consent to us at any time. This means that we may not continue to process your personal data based on this consent in the future.

XII. Right to Lodge a Complaint

Regarding the processing of your personal data by us, you have the right to lodge a complaint with a data protection supervisory authority.

XIII. Provision of Data

The provision of your personal data is partly required by law or necessary for the performance of (pre-)contractual measures.

To use SISUX, the provision of the following data is mandatory:

  • Email address (for account creation)
  • Google OAuth authorization (for Analytics access)
  • Your organization name

XIV. Automated Decision-Making

Automated decision-making including profiling does not take place.

XV. Contact

You can contact us by post, phone, or email (see above). If you contact us by email or via our contact form, we automatically store the personal data you voluntarily provide to us for the purpose of processing your request or contacting you.

XVI. Security Measures

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk (Art. 32 GDPR):

  • SSL/TLS encryption for all data transmissions
  • Supabase Row Level Security (RLS) for database access
  • OAuth 2.0 for secure Google API authorization
  • Regular security updates

XVII. Cookies

We currently only use cookies that are technically necessary to provide our service (e.g., to store login status). The legal basis for using cookies is Art. 6 para. 1 sentence 1 lit. f GDPR.

Technical cookies used:

  • Supabase Auth: Authentication tokens (session-based)

We currently do not use marketing pixels, tracking cookies, or analytics cookies on our own website.