Table of Contents
- 1. Overview
- 2. Data Controller Information
- 3. Processing of User Personal Data
- 4. Processing of Invoice Data
- 5. Use of Google APIs
- 6. Data Sharing and Third-Party Processors
- 7. Your Rights Under GDPR
- 8. Data Security and Breach Notification
- 9. Cookies and Tracking Technologies
- 10. Contact Information and Complaints
1. Overview
In short: We explain what data we collect, why, and how you control it.
G5L Ventures (currently in creation process) ("we", "our", "us", "Procelyn") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use the Procelyn AI-powered invoice processing and spreadsheet management application ("Service").
Important Distinction:
Procelyn processes personal data in two different capacities:
- • As Data Controller: For user account management, service provision, and website analytics
- • As Data Processor: For invoice data processing on behalf of our users
This Privacy Policy applies to all users of Procelyn and should be read in conjunction with our Terms and Conditions.
2. Data Controller Information
| Data Controller | G5L Ventures (currently in creation process) |
| Contact Email | hello@g5l.ventures |
| Jurisdiction | Spain (GDPR compliant) |
| DPO Contact | Available upon request at hello@g5l.ventures |
| Legal Representative | Available upon request |
3. Processing of User Personal Data by Procelyn (as Data Controller)
3.1 When Procelyn Acts as Data Controller
This section covers personal data processing where Procelyn determines the purposes and means of processing, including:
- • User account creation and management
- • Service provision and billing
- • Customer support and communications
- • Website analytics and improvement
3.2 Data Categories, Purposes, and Legal Basis
| Data Category | Examples | Legal Basis (GDPR) | Retention Period |
|---|---|---|---|
| Account Data | Name, email, password, profile info | Contract performance | Account lifetime + 30 days |
| Business Data | Company name, VAT number, address | Contract performance | Account lifetime + 7 years (tax obligations) |
| Usage Data | Features used, session duration | Legitimate interest | 5 years maximum |
| Technical Data | IP addresses, browser type | Legitimate interest | 12 months |
3.3 Specific Processing Activities
Service Provision and Management
- • Authenticate users and maintain account security
- • Process payments and manage subscriptions
- • Provide technical support and customer service
- • Manage contractual relationships
Service Improvement
- • Analyze usage patterns to enhance functionality
- • Develop new features based on user behavior
- • Conduct A/B testing and product optimization
- • Debug issues and optimize performance
4. Processing of Invoice Data on Behalf of Users by Procelyn (as Data Processor)
4.1 When Procelyn Acts as Data Processor
When processing invoice data uploaded by users, Procelyn acts as a data processor. Users (our customers) act as data controllers and determine the purposes and means of processing their invoice data.
4.2 Invoice Data We Process on Your Behalf
Input Data (What You Upload)
- • Invoice PDF files, images (JPG, PNG)
- • Receipt documents and financial records
- • Vendor and customer information contained in documents
- • Amounts, dates, and transaction details
- • Any personal data contained within business invoices
Output Data (What Our AI Extracts)
- • Vendor names and addresses
- • Customer/client information
- • Invoice numbers and dates
- • Line items and descriptions
- • Amounts, taxes, and totals
- • Payment terms and conditions
4.3 Our Obligations as Data Processor
As a data processor, Procelyn commits to:
- 1. Limited Purpose Processing: Process invoice data solely for AI extraction and spreadsheet population services
- 2. No Unauthorized Use: Not use invoice data for our own purposes or share with unauthorized third parties
- 3. User Instruction Compliance: Process data only according to your documented instructions
- 4. Security Measures: Implement appropriate technical and organizational security measures
- 5. Breach Notification: Promptly notify you of any data security incidents
- 6. Data Subject Rights Support: Assist you in responding to data subject rights requests
- 7. Data Return/Deletion: Return or delete data upon service termination as instructed
4.4 Your Responsibilities as Data Controller
When using Procelyn's invoice processing services, you are responsible for:
- • Ensuring you have legal basis to process invoice data
- • Obtaining necessary consents from data subjects where required
- • Providing privacy notices to individuals whose data appears in invoices
- • Responding to data subject rights requests
- • Ensuring invoice data uploads comply with applicable data protection laws
- • Determining retention periods for your business data
5. Use of Google APIs
5.1 Google API Integration
Procelyn integrates with various Google services through official APIs.
5.2 Google API Compliance
Your use of Procelyn constitutes adherence to:
- • Google API Services User Data Policy
- • Google Cloud Privacy Notice
- • Google Workspace Privacy Notice
5.3 Google Data Access
When you connect your Google account, Procelyn may access:
- • Profile Information: Name, email address, profile picture
- • Google Sheets: Create, read, and modify spreadsheets you authorize
- • OAuth Tokens: To maintain secure API connections
We only access Google data necessary for service functionality and in accordance with the permissions you explicitly grant.
6. Data Sharing and Third-Party Processors
6.1 Authorized Subprocessors and Service Providers
| Service | Purpose | Location | Safeguards |
|---|---|---|---|
| Google Cloud Platform | Data hosting, storage | EU (Ireland) | GDPR compliance, SCCs |
| Google Gemini AI | Invoice data extraction | EU/US | GDPR compliance, SCCs |
| Google Sheets API | Spreadsheet integration | EU/US | GDPR compliance, SCCs |
| Google Analytics | Web analytics | EU/US | IP anonymization, GDPR |
Important:
We do not sell, rent, or trade personal data for marketing purposes.
6.2 International Data Transfers
When data is transferred outside the European Economic Area, we ensure appropriate safeguards:
- • Standard Contractual Clauses (SCCs): For transfers to countries without adequacy decisions
- • Adequacy Decisions: Where the European Commission has determined adequate protection levels
7. Your Rights Under GDPR
7.1 Data Subject Rights
You have the following rights regarding your personal data:
Access Right (Article 15)
Request copies of personal data we hold about you and information about processing purposes, categories, and recipients.
Rectification Right (Article 16)
Request correction of inaccurate or incomplete personal data.
Erasure Right (Article 17) - "Right to be Forgotten"
Request deletion of your personal data under certain circumstances.
Data Portability Right (Article 20)
Request a copy of your data in a structured, machine-readable format.
Objection Right (Article 21)
Object to processing based on legitimate interests or for direct marketing purposes.
7.2 Exercising Your Rights
- • Contact: hello@g5l.ventures with subject line "Privacy Rights Request"
- • Response Time: Within 30 days of verified request
- • Verification: We may require identity verification for security
- • Free Exercise: Generally free (excessive requests may incur reasonable administrative fees)
8. Data Security and Breach Notification
8.1 Security Measures
We implement comprehensive security measures. Anyway, no system is 100% secure. While we implement robust security measures, we cannot guarantee absolute security and you use the Service at your own risk.
10. Contact Information and Complaints
10.1 Privacy Questions and Requests
For questions about this Privacy Policy or to exercise your rights:
Primary Contact
- • Email: hello@g5l.ventures
- • Subject line: "Privacy Policy Inquiry" or "Data Rights Request"
- • Response time: Within 5 business days for general inquiries, 30 days for rights requests
Data Protection Authority
If you have concerns about our data processing practices:
- • Spanish Data Protection Agency: https://www.aepd.es/
- • Your local EU data protection authority: https://edpb.europa.eu/about-edpb/members_en
We are committed to resolving privacy concerns promptly and transparently. We will investigate all complaints thoroughly and respond with appropriate action.
11. Children's Privacy
Procelyn is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover collection of child data:
- • Immediate deletion of the information
- • Account termination
- • Parent/guardian notification (if contact information available)
- • Review of processes to prevent future occurrences
Legal Framework and Compliance
This Privacy Policy ensures compliance with:
- • GDPR: Regulation (EU) 2016/679
- • Spanish LOPD: Organic Law 3/2018
- • ePrivacy Directive: 2002/58/EC
- • Other applicable data protection laws
Effective Date: August 9, 2025
Data Controller: G5L Ventures (currently in creation process)
Jurisdiction: Spain
Next Scheduled Review: August 2026