Privacy Policy

Updated: 05/08/2025

At About FI Europe, S.L., we are committed to ensuring that your personal data is protected and not used for purposes other than those indicated in this Privacy Policy. For this reason, in this section, we inform users and interested parties of all matters concerning the processing of their personal data, thereby complying with the applicable data protection regulations, in particular, Regulation (EU) 2016/679 of 27 April on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, "GDPR").

This Privacy Policy applies to the data processing carried out by About FI Europe, S.L. ("Centinel"), with Tax Identification Number (NIF) B75926840, and whose contact details are as follows:

We recommend that you read it carefully before using the Website and/or providing your data to Centinel. If you have any questions, you can contact us via email: support@centinel.finance

TABLE OF CONTENTS

  • Who is responsible for the processing of your data.
  • What requirements you must meet to provide us with your personal data.
  • What data processing activities we carry out through the Website and their main characteristics.
  • To whom your data is disclosed.
  • Whether your data is transferred internationally.
  • What your rights are and how to exercise them.
  • How we protect your personal information.
  • Changes to this Policy.

WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?

Your personal data will be processed by the company About FI Europe, S.L. ("Centinel"), with Tax Identification Number (NIF) B75926840, and whose contact details are as follows:

Address: Calle Cartagena 62, Planta Baja Izquierda, 28028, Madrid, Spain

Email: support@centinel.finance

WHAT REQUIREMENTS MUST YOU MEET TO PROVIDE US WITH YOUR PERSONAL DATA?

2.1. Minimum age

To provide us with your personal data, you must be at least 14 years old and/or have sufficient legal capacity to use this Website.

2.2. Accuracy

When you provide us with your data to use our services, you guarantee that the information and data provided are true, accurate, up-to-date, and that they belong to you and not to third parties.

You must also notify us of any changes to the data provided and are in any case responsible for the accuracy and truthfulness of the data supplied at all times.

2.3. Age and Identity Verification

At Centinel, we reserve the right to verify your age and identification information at any time, if necessary, including by requesting an official identification document or equivalent procedure. If fraud is detected or there is reasonable suspicion that you are under the required age, we may delete, temporarily deactivate, and/or cancel your account.

WHAT DATA PROCESSING ACTIVITIES DO WE CARRY OUT THROUGH THE WEBSITE AND WHAT ARE THEIR MAIN CHARACTERISTICS?

Below, we explain how we process your personal information and provide you, in detail, with all relevant information regarding your privacy:

1. When you contact us through our communication channels or request a demonstration of our services:

How do we collect the data?

  • Contact via Centinel's email addresses
  • "Book a Demo" form

What data do we collect?

  • Identification and contact information: We collect your name and surname, and email address.
  • Employment details: We may process the name of the entity you work for or represent, if you include it.
  • Other data: If you have contacted us via email, we may collect any other information that you voluntarily include in the messages you send us.

We may also request additional information if necessary to fulfill your request or inquiry.

What are the purposes of processing your personal data?

The main purpose of processing this data is to respond to your inquiries, provide the requested information, resolve your questions, and, if you request a demo, to schedule it and show you our services at the agreed time. In any case, we may conduct follow-up on your requests.

What is the legal basis that allows us to process your data? Is it mandatory to provide it?

Consent: The data provided for the above purposes will be processed based on your consent, which you grant when you voluntarily contact us through the means provided to request information, a demo, or make any request.

The information that must be provided as mandatory will be indicated with an asterisk (*) or similar. Without this information, it would not be possible to attend to your inquiries or requests.

How long do we retain your information?

All your personal information will be processed while we are handling your inquiries and, if necessary, to follow up on them. Once this period ends, Centinel will retain such information, in a blocked state, for the periods established by law to handle any possible responsibilities and to demonstrate compliance with our obligations.

To whom do we disclose your personal information?

We do not make any additional disclosures beyond those generally indicated in "Section 4: To whom do we disclose your personal information?". In this regard, some of the channels through which you can contact us are managed by service providers acting as Data Processors. You can find more information about these providers and their roles in Section 4.

2. When you access and use our services:

How do we collect the data?

  • "Start your free trial" form
  • Service subscription with Centinel

What data do we collect?

We may collect information from the legal representative and contact persons of the company you work for or represent, including:

  • Identification and contact information: Name, surname, national ID number (DNI), email address, and/or phone number
  • Employment details: Company information, job title, and/or department

What are the purposes of processing your personal data?

To execute and maintain the contractual relationship between the parties or to establish pre-contractual measures. The main purpose is to manage and execute the contractual relationship between the parties, which may include account registration and access to the platform and services, provision of the contracted services, invoicing and payment processing (where applicable), technical assistance and support, and communication of updates, improvements, or incidents related to the service. We may also process your data to send commercial communications related to our services by electronic means, unless you object to receiving them.

What is the legal basis that allows us to process your data? Is it mandatory to provide it?

Contract execution: Processing your data is necessary for the execution of the contract between the parties.

Legitimate interest: The sending of commercial communications is based on our legitimate interest when the recipient is a customer, in accordance with current legislation on electronic communications.

All data requested and processed by Centinel for the above purposes is necessary. If not provided, the services cannot be executed, nor the related administrative tasks performed.

How long do we retain your information?

All personal information will be processed during the duration of the contractual relationship between the parties. Once that period ends, Centinel will retain the data in a blocked state for the periods established by law to handle any potential liabilities and to demonstrate compliance with our obligations.

To whom do we disclose your personal information?

We do not make any additional disclosures beyond those generally indicated in "Section 4: To whom do we disclose your personal information?". In this regard, we may use service providers for the delivery of certain ancillary services (e.g., management software), who act as Data Processors. You can find more information about these providers and their roles in Section 4.

3. Integration with Gmail via Google API Services

If you choose to connect your Gmail account to Centinel, we will access and process certain Gmail data for the sole purpose of automating the extraction of invoice information. This functionality is entirely optional and only activated with your explicit authorization through Google's OAuth 2.0 flow.

What Gmail data we access

Once you authorize access, we may collect the following data from your Gmail account:

  • Email metadata: sender, recipient, subject line, date, and time.
  • Email body: limited to emails that appear to be related to invoicing (based on keywords or sender addresses).
  • Attachments: PDFs, images, or other documents that are likely to contain invoices.

We do not access, process, or store any emails that do not meet invoice-related criteria. We do not access your entire inbox. Our access is scoped, filtered, and restricted solely to fulfill the invoice-processing feature you have opted into.

Purpose of access and use

The Gmail data we access is used exclusively for:

  • Detecting invoice-related emails in your inbox
  • Extracting structured data from invoice attachments
  • Generating accounting entries, reports, or suggestions based on invoice content
  • Storing extracted invoice information in your Centinel account for your internal financial operations

We do not use Gmail data for marketing, advertising, profiling, or any purpose unrelated to invoice automation.

How we store and retain Gmail data

We do not store entire email messages or raw attachments. Only the extracted invoice data and minimal metadata (e.g. sender, date, invoice number) may be stored in your Centinel account if required for your bookkeeping records or as part of service delivery.

You may disconnect Gmail at any time, in which case we will delete all Gmail-derived data associated with your account within thirty (30) days, unless retention is required by applicable law.

Human access policy

Centinel personnel do not access your Gmail data unless:

  • You have explicitly requested support and provided consent for access
  • It is necessary to investigate abuse, fraud, or a security incident
  • Required by a valid legal obligation or enforceable government request

All access is monitored, logged, and subject to strict confidentiality and access control policies.

Revoking access

You may revoke Gmail access at any time via: (1) your Google Account settings: https://myaccount.google.com/permissions, and; (2) in Centinel app within "Settings > Service Integrations". You may also contact us at support@centinel.finance to request deletion of all Gmail-related data stored in your Centinel account.

Compliance with Google API Services User Data Policy

Centinel's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

This means:

  • We only access the data we need to deliver the invoice automation feature
  • We do not use Gmail data for advertising or user profiling
  • We do not transfer Gmail data to third parties except subprocessors that help deliver the service, under strict data protection terms
  • We do not allow human access unless explicitly authorized or required by law
  • We maintain strong security measures to protect Gmail data (e.g. encryption in transit and at rest)

Your rights

As with all personal data processed by Centinel, you have the right to access, rectify, erase, restrict, and object to the processing of your Gmail-derived data. You may also request data portability or lodge a complaint with the relevant data protection authority.

To exercise these rights, please contact us at: support@centinel.finance

Browsing the Website (Cookies)

We use cookies and other tracking and tracing tools on this Website to collect information about how users interact with the Website. For more information on the processing carried out through these tracking tools, please visit our Cookie Policy.

TO WHOM DO WE DISCLOSE YOUR PERSONAL INFORMATION?

In general, Centinel does not communicate your data to third parties. However, in addition to the specific disclosures indicated in the sections where we explain the characteristics of the various operations (Section 3), we inform you of the general disclosures we may make, which apply to all data processing activities previously mentioned and are based on the corresponding legal grounds.

  • Essential service providers required to deliver the service we offer you (for example, IT hosting companies). These entities have signed the corresponding confidentiality agreements and will only process your data in accordance with our instructions. They are not authorized to use the data for their own purposes or for purposes other than those required to provide the contracted service.
  • Public authorities: We may disclose data and any other information we have in our possession or accessible through our systems to the competent public authorities, when there is a legal obligation to do so. This includes, for example, when it is required to prevent or investigate abuse of the services or fraudulent activities on our Website or platform. In such cases, the personal data you provide would be retained and made available to administrative or judicial authorities.
  • In the event of a corporate transaction: In the case of a merger, acquisition, sale of all or part of our assets, or any other type of corporate operation involving a third party, we may share, disclose, or transfer users' data to the successor entity (including during the pre-transaction phase).
  • To third parties after aggregation or anonymization: We may disclose or use aggregated or anonymized data (i.e., data that is not linked or linkable to an identified or identifiable natural person) for any purpose.
  • To third parties with the user's consent or based on another legitimate basis: In the event that we wish to share data with third parties beyond the scope of this Privacy Policy, we will always request your consent beforehand or inform you of the data sharing and the corresponding legal basis.

We also inform you that this Privacy Policy only refers to the collection, processing, and use of personal data by Centinel. Access to third-party websites, platforms, or services that you may access through links on our Website or platform are subject to their own privacy policies, over which we have no control. Therefore, before providing any personal information to these third parties, we recommend that you carefully review their Privacy Policies.

ARE YOUR PERSONAL DATA TRANSFERRED TO THIRD COUNTRIES OUTSIDE THE EUROPEAN ECONOMIC AREA?

We may use service providers located in countries outside the European Economic Area ("EEA"). The location of these companies outside the EEA implies the existence of an international transfer of your personal data, which could result in a lower level of protection than that provided by European regulations. Nevertheless, at Centinel, we apply safeguards to ensure that such transfers do not result in a lower level of protection for your personal data.

Accordingly, we only enter into agreements with service providers located outside the EEA when they have a valid mechanism in place to lawfully carry out international transfers. This includes:

  • Being located in a country or territory that has been declared as providing an adequate level of protection by the European Commission (for example, U.S. companies certified under the EU-U.S. Data Privacy Framework); or
  • Having signed the relevant Standard Contractual Clauses approved by the European Commission ("SCCs"), an agreement between both parties by which the non-EU company guarantees the application of European data protection standards.

As a result, using these providers does not result in a lower level of protection than would be obtained by using providers located within the European Union.

WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

You may exercise the rights granted to you by law in relation to the processing of your personal data by contacting us via email at: support@centinel.finance.

We will resolve any rights-related requests as soon as possible, and in any case, within the maximum time period established by applicable regulations from the time we receive your request. In some cases, we may need to request a copy of your identity document or other identification if necessary to verify your identity.

As a data subject, you have the following rights:

Right to withdraw previously given consent

You may withdraw your consent at any time in relation to any processing based on it. However, withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

Right of access

You have the right to know whether your data is being processed, and if so, to obtain a copy of that data as well as information about:

  • the origin and recipients of the data;
  • the purposes for which it is being processed;
  • whether there is any automated decision-making, including profiling;
  • the data retention period; and
  • the rights provided under the applicable regulations.

Right to rectification

You have the right to obtain the correction of your personal data or to have it completed if it is incomplete.

Right to erasure

You have the right to request the deletion of your personal data if it is no longer necessary for the purpose for which it was collected or, where applicable, if we are no longer authorized to process it.

Right to data portability

You have the right to request the portability of your data in cases where processing is based on your consent or the execution of a contract, provided the processing is carried out by automated means. If you exercise this right, you will receive your personal data in a structured, commonly used, and machine-readable format. You may also request, where technically feasible, that your data be transferred directly to another company.

Right to restriction of processing

You have the right to restrict the processing of your personal data in the following cases:

  • When you have requested the correction of your personal data during the period in which we are verifying its accuracy.
  • When you believe that we are not authorized to process your data, in which case you may request that we restrict its use instead of deleting it.
  • When you believe that it is no longer necessary for us to continue processing your data but you wish us to retain it for the exercise or defense of legal claims.
  • When there is processing based on our legitimate interest and you have exercised your right to object, you may ask us to restrict the use of your data during the verification of whether our legitimate interests prevail over yours.

Right to object

You have the right to object at any time to the processing of your personal data based on our legitimate interest, including profiling.

Unsubscribing from commercial communications: Remember that you may object to receiving this type of communication at any time by sending us an email at support@centinel.finance. You may also opt out by following the instructions included at the bottom of each electronic communication we send you.

Right to lodge a complaint with the supervisory authority

Remember that at any time, if you believe your right to the protection of your data has been violated, you may file a complaint with the competent Supervisory Authority. In the case of Spain, this is the Spanish Data Protection Agency (www.agpd.es).

HOW DO WE GUARANTEE THE CONFIDENTIALITY OF YOUR INFORMATION?

The security of your personal data is a priority for us. For this reason, Centinel has implemented all necessary security measures to ensure the effective use and processing of the personal data provided by the user, safeguarding the privacy, confidentiality, and integrity of the data, and using the necessary technical means to prevent alteration, loss, unauthorized access, or processing of your data, according to the state of the art at all times.

Accordingly, we comply with recommended security standards to protect your data. However, it is impossible to fully guarantee the security of your data due to the inherent nature of the Internet and the possibility of malicious actions by third parties that are beyond our control.

We are committed to acting swiftly and diligently if the security of the data is compromised or endangered, and to informing you about such events if relevant.

CHANGES TO THIS POLICY

Centinel may modify the content of this Privacy Policy at any time, especially when legislative, jurisprudential, or regulatory changes by competent authorities occur that affect the data processing carried out by Centinel.

Any modification will be published on the Website and/or on our platform, and, if relevant, we will notify you of the changes through the available communication channels or means. The modifications will become effective at the time of their publication, unless otherwise stated.

We recommend that you review this Privacy Policy periodically to stay informed about how your personal data is processed and protected, as well as to understand your rights.

This Privacy Policy was last modified on March 8, 2025.