Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Advertising and conversion tracking platform that drops third party cookies on publisher and advertiser sites for audience segmentation and ad attribution.
Sonar is positioned in the advertising category as an ad tech and conversion tracking platform. Publishers and advertisers add a Sonar pixel or JavaScript tag to their pages so the platform can record clicks, page views and conversion events, match them against audience segments and report on campaign performance across publishers.
Sonar drops third party advertising cookies that hold a unique user identifier, click identifiers and timestamp data. Each cookie is associated with the Sonar tracking domain so the same identifier can be read across every site that integrates the pixel. The pixel collects IP address, user agent, referrer URL, page URL and any custom event parameters sent by the advertiser. This information is sent server side to the Sonar infrastructure and can be enriched with partner data for audience segmentation.
Advertising pixels store and read information on the visitor terminal, which engages Article 5(3) of the ePrivacy Directive and requires prior, freely given, specific, informed and unambiguous consent. The advertiser is the controller for the visitor data, Sonar acts as a separate controller or joint controller depending on the contractual setup. Legitimate interest is not an acceptable legal basis under EDPB Guidelines 8/2020 and CNIL doctrine for this kind of behavioural advertising activity.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Sonar processes data in the United States and replicates identifiers to advertising partners that may also operate outside the EEA. Transfers must rely on the EU US Data Privacy Framework where the recipient is certified, or on Standard Contractual Clauses combined with a Schrems II transfer impact assessment. Document the safeguards in your record of processing activities.
Block the Sonar tag until the visitor explicitly consents through a compliant Consent Management Platform. Use IAB TCF v2.2 signals or a server side gateway to relay consent to Sonar. Run a DPIA covering tracking, profiling and US transfers. Restrict retention, document recipients and offer a clear withdrawal mechanism. Update your privacy notice and cookie policy whenever Sonar tags or partners change.
Websites using Sonar must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA under Article 35 GDPR is strongly recommended whenever Sonar is deployed, because the activity combines large scale online tracking, behavioural profiling for advertising and likely transfers to the United States. Document the categories of identifiers collected, the matching and enrichment logic, the retention periods, the audience segmentation outputs, the recipients and the safeguards. Include a Schrems II transfer impact assessment for any US recipient.
Sample consent text
We use Sonar advertising cookies to measure the performance of our campaigns and to show you more relevant ads on partner sites. These cookies are set only after you click Accept. They share information with Sonar and its advertising partners in the United States. You can refuse, withdraw or change your choice at any time from the cookie preferences link in the footer.
Third-party domains contacted
sonar.comtr.sonar.compixel.sonar.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| sonar_uid | advertising | 13 months | Third party advertising cookie that stores a unique visitor identifier used by Sonar to recognise the same browser across sites that embed the Sonar pixel, for audience segmentation and ad measurement. |
| sonar_click | advertising | 30 days | Third party click identifier cookie set when a visitor clicks a Sonar tracked ad. Used to attribute downstream conversions to the originating campaign and creative. |
| sonar_sync | advertising | 90 days | Cookie used for partner cookie syncing. Allows Sonar to match its user identifier with identifiers from advertising partners for cross device and cross site audience extension. |
Sonar places tracking cookies for advertising — comply with GDPR using FlowConsent.
Sonar sets third party advertising cookies on the visitor browser when the Sonar pixel fires. These typically include a user identifier cookie, a click identifier cookie and a session timestamp cookie, scoped to the Sonar tracking domain. Additional partner cookies may be set through cookie syncing.
Yes. Sonar processes information stored on the terminal of the visitor and uses it for behavioural advertising and audience segmentation. Both Article 5(3) of the ePrivacy Directive and Article 6(1)(a) GDPR require freely given, specific, informed and unambiguous opt in consent before the tag loads.
Consent under Article 6(1)(a) GDPR is the only acceptable legal basis. Legitimate interest is explicitly excluded by the EDPB Guidelines 8/2020 and by national regulators such as the CNIL for behavioural advertising activities of this scale.
Yes. Sonar infrastructure and many of its advertising partners process data in the United States. You must rely on the EU US Data Privacy Framework for certified recipients or on Standard Contractual Clauses backed by a Schrems II transfer impact assessment for everyone else.
Yes. The combination of systematic large scale online monitoring, behavioural profiling, audience matching and likely US transfers meets the criteria under Article 35(3) GDPR. Run a full DPIA and consult your DPO before going live.
Load the Sonar tag only after explicit consent through your CMP, pass the consent signal to Sonar via TCF v2.2 or a server side gateway, limit data collection to what is necessary, sign a Data Processing Agreement or joint controller arrangement, and keep an up to date record of processing activities.
Cookieless conversion APIs from advertising networks, first party server side tracking with deterministic identifiers under consent, contextual advertising solutions and EU hosted privacy first analytics such as Matomo or Piwik PRO provide lower risk options for measuring campaigns.
List each Sonar cookie with its purpose, duration and recipients. Mention cookie syncing partners and the United States transfer mechanism. Refresh the document whenever Sonar adds or removes a partner, and reference the policy from your consent banner and footer.