1. Who we are
This Privacy Notice describes how S.G. Systems, LLC ("we", "us", "our"), trading as V5 Ultimate, collects, uses, and protects your personal data when you visit our website, sign up for an account, or use the V5 Ultimate platform (the "Service"). For data we collect to provide the Service to our customers, we act as the data controller. When customers use the Service to process data about their own users (e.g. their employees, suppliers, or end customers), we act as a data processor on their behalf.
2. What we collect and why
| Category | Examples | Purpose | Legal basis |
|---|---|---|---|
| Account data | Name, email, organisation, password hash | Create and secure your account; provide the Service | Contract |
| Profile and workspace data | Role, preferences, training records, e-signatures | Operate the regulated workflows you use | Contract |
| Support communications | Messages, tickets, attachments | Respond to support requests | Legitimate interest |
| Usage and telemetry | Pages visited, feature events, errors, timings | Operate, secure, and improve the Service | Legitimate interest |
| Device and connection data | IP address, browser, device identifiers | Security, fraud prevention, analytics | Legitimate interest / legal obligation |
| Marketing data | Email address, preferences, engagement | Send product updates and marketing where permitted | Consent / legitimate interest |
| Billing identifiers | Subscription IDs, plan, invoice references | Manage your subscription and entitlements | Contract |
Payment card and billing-address data is collected directly by our reseller and Merchant of Record, Paddle.com, and is not stored by us.
3. Who we share data with
- Service providers and subprocessors who help us operate the Service, such as cloud hosting, database, email delivery, error tracking, analytics, and customer support tooling. They may only use personal data to provide their services to us.
- Paddle.com, our Merchant of Record, for the sale of the Service, subscription management, payments, tax compliance, refunds, and invoicing. Paddle is an independent controller for the data it collects to fulfil these purposes — see Paddle's Privacy Policy.
- Professional advisers such as our auditors, lawyers, and accountants, where necessary.
- Authorities where we are legally required to disclose information, or where necessary to protect our rights, property, or safety, or that of others.
- Successors in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.
We do not sell your personal data and we do not use it for cross-context behavioural advertising.
3a. Subprocessors
We engage a small number of subprocessors to operate the Service. Current subprocessors include:
- Cloudflare, Inc. (US / global edge) — CDN, DNS, DDoS protection, edge compute.
- Supabase, Inc. (EU / US regions) — managed PostgreSQL database, authentication, and object storage.
- Resend (US/EU) — transactional email delivery.
- Paddle.com Market Limited (UK/EU) — Merchant of Record, payments, tax, invoicing.
- Sentry (US/EU) — error tracking and performance monitoring.
The current list is available on request via our contact form. We will give customers reasonable prior notice of any new subprocessor so they can object on legitimate data-protection grounds.
4. International transfers
We are based in the United States and our subprocessors may be located in the US, the EU/EEA, the UK, and other jurisdictions. Where personal data is transferred from the UK or EEA to a country that has not been deemed adequate, we rely on appropriate safeguards, including:
- The European Commission's Standard Contractual Clauses (SCCs) (Module 2 or 3 as applicable) for transfers from the EEA;
- The UK International Data Transfer Addendum (IDTA) or the EU SCCs with the UK Addendum for transfers from the UK;
- Reliance on the EU–US Data Privacy Framework and the UK Extension to it where the receiving organisation is self-certified; and
- Documented transfer impact assessments (TIAs) and supplementary technical measures (encryption in transit and at rest, strict access controls) where required.
You can request a copy of the safeguards in place for any specific transfer via our contact form.
5. Retention
We keep personal data only as long as necessary for the purposes described above, to comply with legal, accounting, or reporting obligations, or to resolve disputes. Customer Data is retained for the life of your account plus a reasonable export window after termination. Records that must be kept for regulatory reasons (e.g. e-signatures and audit trails under 21 CFR Part 11) are retained for the period required by the applicable regulation.
6. Your rights
Depending on where you live, you may have the right to access, correct, delete, restrict, or object to processing of your personal data, to receive a portable copy, and to withdraw consent at any time. UK and EEA residents also have the right to lodge a complaint with their supervisory authority. We will respond to verifiable requests within the period required by applicable law (typically one month).
To exercise any of these rights, use our . If your data was provided to us by an organisation that uses V5 Ultimate (e.g. your employer), please direct your request to that organisation in the first instance — we will help them respond.
7. Security
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit and at rest, role-based access controls, audit logging, multi-factor authentication for administrative access, and regular reviews of our security posture. No system is perfectly secure and we cannot guarantee absolute security.
8. Cookies and similar technologies
We use a small number of cookies and similar technologies. Essential cookies are required to operate the Service and cannot be turned off (e.g. authentication, load balancing, and remembering your selected region). Analytics cookies help us understand how the Service is used so we can improve it; these are only set after you give consent via our cookie banner. We do not use third-party advertising or cross-site tracking cookies. You can change your choice at any time by clearing the v5-cookie-consent entry in your browser storage, which will cause the banner to reappear on your next visit. You can also manage cookies through your browser settings.
9. Children
The Service is not directed to children under 16 and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
10. Changes to this notice
We may update this Privacy Notice from time to time. If we make material changes we will give you reasonable notice (e.g. by email or in the Service). The "Last updated" date at the top reflects the most recent revision.
11. Contact & representatives
The data controller is S.G. Systems, LLC. Our group representatives are:
Dallas, TX 75367
United States
Green Place, Four Oaks Road,
Bamber Bridge, Preston, PR5 8AY, United Kingdom
Company no. 09208889
Harolds Cross,
Dublin D6, Ireland
CRO no. 732738
For any privacy question or request, use our . UK and EEA data subjects may contact the relevant representative above directly.
See also our Terms of Service and Refund Policy.
