V5 Ultimate
Legal

Privacy Notice

Last updated: May 12, 2026 · S.G. Systems, LLC · V5 Ultimate

1. Who we are

This Privacy Notice describes how S.G. Systems, LLC ("we", "us", "our"), trading as V5 Ultimate, collects, uses, and protects your personal data when you visit our website, sign up for an account, or use the V5 Ultimate platform (the "Service"). For data we collect to provide the Service to our customers, we act as the data controller. When customers use the Service to process data about their own users (e.g. their employees, suppliers, or end customers), we act as a data processor on their behalf.

2. What we collect and why

CategoryExamplesPurposeLegal basis
Account dataName, email, organisation, password hashCreate and secure your account; provide the ServiceContract
Profile and workspace dataRole, preferences, training records, e-signaturesOperate the regulated workflows you useContract
Support communicationsMessages, tickets, attachmentsRespond to support requestsLegitimate interest
Usage and telemetryPages visited, feature events, errors, timingsOperate, secure, and improve the ServiceLegitimate interest
Device and connection dataIP address, browser, device identifiersSecurity, fraud prevention, analyticsLegitimate interest / legal obligation
Marketing dataEmail address, preferences, engagementSend product updates and marketing where permittedConsent / legitimate interest
Billing identifiersSubscription IDs, plan, invoice referencesManage your subscription and entitlementsContract

Payment card and billing-address data is collected directly by our reseller and Merchant of Record, Paddle.com, and is not stored by us.

3. Who we share data with

  • Service providers and subprocessors who help us operate the Service, such as cloud hosting, database, email delivery, error tracking, analytics, and customer support tooling. They may only use personal data to provide their services to us.
  • Paddle.com, our Merchant of Record, for the sale of the Service, subscription management, payments, tax compliance, refunds, and invoicing. Paddle is an independent controller for the data it collects to fulfil these purposes — see Paddle's Privacy Policy.
  • Professional advisers such as our auditors, lawyers, and accountants, where necessary.
  • Authorities where we are legally required to disclose information, or where necessary to protect our rights, property, or safety, or that of others.
  • Successors in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

We do not sell your personal data and we do not use it for cross-context behavioural advertising.

3a. Subprocessors

We engage a small number of subprocessors to operate the Service. Current subprocessors include:

  • Cloudflare, Inc. (US / global edge) — CDN, DNS, DDoS protection, edge compute.
  • Supabase, Inc. (EU / US regions) — managed PostgreSQL database, authentication, and object storage.
  • Resend (US/EU) — transactional email delivery.
  • Paddle.com Market Limited (UK/EU) — Merchant of Record, payments, tax, invoicing.
  • Sentry (US/EU) — error tracking and performance monitoring.

The current list is available on request via our contact form. We will give customers reasonable prior notice of any new subprocessor so they can object on legitimate data-protection grounds.

4. International transfers

We are based in the United States and our subprocessors may be located in the US, the EU/EEA, the UK, and other jurisdictions. Where personal data is transferred from the UK or EEA to a country that has not been deemed adequate, we rely on appropriate safeguards, including:

  • The European Commission's Standard Contractual Clauses (SCCs) (Module 2 or 3 as applicable) for transfers from the EEA;
  • The UK International Data Transfer Addendum (IDTA) or the EU SCCs with the UK Addendum for transfers from the UK;
  • Reliance on the EU–US Data Privacy Framework and the UK Extension to it where the receiving organisation is self-certified; and
  • Documented transfer impact assessments (TIAs) and supplementary technical measures (encryption in transit and at rest, strict access controls) where required.

You can request a copy of the safeguards in place for any specific transfer via our contact form.

5. Retention

We keep personal data only as long as necessary for the purposes described above, to comply with legal, accounting, or reporting obligations, or to resolve disputes. Customer Data is retained for the life of your account plus a reasonable export window after termination. Records that must be kept for regulatory reasons (e.g. e-signatures and audit trails under 21 CFR Part 11) are retained for the period required by the applicable regulation.

6. Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict, or object to processing of your personal data, to receive a portable copy, and to withdraw consent at any time. UK and EEA residents also have the right to lodge a complaint with their supervisory authority. We will respond to verifiable requests within the period required by applicable law (typically one month).

To exercise any of these rights, use our . If your data was provided to us by an organisation that uses V5 Ultimate (e.g. your employer), please direct your request to that organisation in the first instance — we will help them respond.

7. Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit and at rest, role-based access controls, audit logging, multi-factor authentication for administrative access, and regular reviews of our security posture. No system is perfectly secure and we cannot guarantee absolute security.

8. Cookies and similar technologies

We use a small number of cookies and similar technologies. Essential cookies are required to operate the Service and cannot be turned off (e.g. authentication, load balancing, and remembering your selected region). Analytics cookies help us understand how the Service is used so we can improve it; these are only set after you give consent via our cookie banner. We do not use third-party advertising or cross-site tracking cookies. You can change your choice at any time by clearing the v5-cookie-consent entry in your browser storage, which will cause the banner to reappear on your next visit. You can also manage cookies through your browser settings.

9. Children

The Service is not directed to children under 16 and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Changes to this notice

We may update this Privacy Notice from time to time. If we make material changes we will give you reasonable notice (e.g. by email or in the Service). The "Last updated" date at the top reflects the most recent revision.

11. Contact & representatives

The data controller is S.G. Systems, LLC. Our group representatives are:

North America
SG Systems LLC
PO BOX 670056
Dallas, TX 75367
United States
Tel: +1 214 819 9570
United Kingdom (UK GDPR Art. 27 rep)
SG Systems Europe Ltd
Suite 3, 506 Walton Summit Centre,
Green Place, Four Oaks Road,
Bamber Bridge, Preston, PR5 8AY, United Kingdom
Company no. 09208889
Tel: +44 (0) 114 349 1480
European Union (GDPR Art. 27 rep)
SG Traceability Systems Ltd
31-32 Greenmount Office Park,
Harolds Cross,
Dublin D6, Ireland
CRO no. 732738
Tel: +44 (0) 114 349 1480

For any privacy question or request, use our . UK and EEA data subjects may contact the relevant representative above directly.

See also our Terms of Service and Refund Policy.