Privacy Policy

Last updated: May 2026

Controller

SUPERFREY FlexCo
Liniengasse 2a, Top 4a
1060 Vienna, Austria
E-Mail: cixtra@superfrey.com

Scope of this policy

This policy describes how SUPERFREY FlexCo ("we") processes personal data on cixtra.ai. It does not cover the CIXTRA product platform itself, which is governed by separate data processing agreements with our customers.

Data collection on this website

This website does not use marketing cookies, tracking pixels, or cross-site advertising. We use a privacy-friendly, cookieless analytics tool (Vercel Web Analytics) — no cookies, no localStorage, no fingerprinting. Details below under "Web analytics."

Server logs

Like any web service, our hosting provider records technical access logs (IP address, user agent, requested URL, timestamp, response status). These logs are used to operate, secure, and debug the website. Legal basis: legitimate interest in operating a secure service (Art. 6(1)(f) GDPR). Logs are retained for up to 30 days.

Web analytics

We use Vercel Web Analytics to understand aggregate traffic patterns (pageviews, referrer, country, device class). The tool is cookieless: it does not write cookies or access information stored on your device, does not use cross-site identifiers, and does not fingerprint visitors. IP addresses are processed transiently to derive a coarse country/region and are not stored. Data is aggregated and retained for up to 12 months.

Legal basis: legitimate interest in understanding how the site is used (Art. 6(1)(f) GDPR). Because no information is stored on or read from your device, no consent under § 165(3) TKG / ePrivacy Directive is required. You can object to this processing at any time by writing to cixtra@superfrey.com.

Contact form

When you submit our contact form, the data you provide (name, email, company, message) is sent to us by email and stored only for the purpose of responding to your inquiry. Legal basis: pre-contractual measures and our legitimate interest in handling inquiries (Art. 6(1)(b) and (f) GDPR). We do not share this data with third parties beyond the email processor listed below.

Whitepaper download

When you request the CIXTRA whitepaper, we process the following data:

  • Name, work email, organisation, and role — used to send you the download link and to qualify the request.
  • Language preference and consent record — required for delivery and to document your consent.
  • A SHA-256 hash of your IP address and your user agent — used solely for abuse prevention and rate limiting. The raw IP address is not stored.
  • Request timestamp.

Legal basis: your consent (Art. 6(1)(a) GDPR) and our legitimate interest in protecting the service from abuse (Art. 6(1)(f) GDPR). The download link itself is a signed token valid for 24 hours and contains no personal data on our servers beyond what you submitted.

Data retention

Contact form messages and whitepaper lead records are retained for up to 24 months unless a contractual relationship requires longer storage or you ask us to delete them earlier. Server logs: up to 30 days. Email delivery logs at our email processor: up to 30 days.

Subprocessors

We use the following processors to operate this website. Data processing agreements (Art. 28 GDPR) are in place with each.

  • Vercel Inc. — website hosting, edge delivery, and Web Analytics. Processing takes place on EU infrastructure where available; cross-border transfers occur under the EU-U.S. Data Privacy Framework and Standard Contractual Clauses.
  • Neon, Inc. — managed EU database for whitepaper lead storage. Database instances are located within the EU (eu-central / Frankfurt region).
  • Resend, Inc. — transactional email delivery (whitepaper confirmation, contact replies). Resend may transfer data to the United States under the EU-U.S. Data Privacy Framework and Standard Contractual Clauses.

Hosting

Application servers and the lead database are operated within the European Union. Some subprocessors (e.g. our email delivery provider) may transfer message metadata to the United States under appropriate safeguards as listed above.

Your rights

Under the GDPR you have the following rights regarding your personal data:

  • Right of access (Art. 15) — confirmation of whether we process your data and a copy of it.
  • Right to rectification (Art. 16) — correction of inaccurate data.
  • Right to erasure (Art. 17) — deletion when no longer required.
  • Right to restriction of processing (Art. 18).
  • Right to data portability (Art. 20).
  • Right to object to processing based on legitimate interest (Art. 21) and to withdraw consent at any time (Art. 7(3)) without affecting the lawfulness of prior processing.

To exercise any of these rights, write to cixtra@superfrey.com. You also have the right to lodge a complaint with a supervisory authority — for Austria, the Datenschutzbehörde (dsb.gv.at).

Updates to this policy

We may update this policy to reflect changes to our service or legal requirements. Material changes will be communicated on this page with an updated date.