Gladlane Privacy Policy
Last updated: 15 June 2026
1. Who we are
Gladlane Limited is a company registered in England and Wales (company number 16785799) with its registered office at Camburgh House, 27 New Dover Road, Canterbury, Kent CT1 3DN, United Kingdom.
When we say "Gladlane", "we", "us" or "our" in this policy, we mean Gladlane Limited.
For any privacy-related queries, contact us at security@gladlane.com.
2. What this policy covers
This policy explains how we collect, use and protect information when you use the Gladlane platform (the "Platform") — our AI-native accounts payable service that helps finance teams capture, review, approve and pay supplier invoices. This includes our web application at app.gladlane.com, our API, and any related services and integrations.
This policy applies to the personal data of:
- People at our customer organisations who use the Platform (for example, finance, AP and approver users).
- People whose details appear in the data our customers process through the Platform (for example, supplier contacts named on invoices).
- Visitors to our marketing website and people who contact us.
3. Our role: controller and processor
The Platform handles two broad categories of data, and our responsibilities differ for each.
When we act as a data processor. When you connect your accounting system, mailbox or other sources and Gladlane ingests and processes invoices, supplier records, payment information and related financial documents on your behalf, your organisation is the data controller and Gladlane is the data processor. We process that data only on your documented instructions, as set out in the data processing agreement (DPA) that forms part of your customer contract. If you are an individual whose data appears in a customer's account (for example, a supplier contact), please direct privacy requests to that customer in the first instance; we will support them in responding.
When we act as a data controller. For account administration, user authentication, billing, security, product analytics and our own marketing, Gladlane is the data controller. The rest of this policy describes that processing, while also explaining, for transparency, the categories of data we handle as a processor.
4. Information we collect
4.1 Account and user data
When your organisation sets up the Platform, we collect account and user details such as names, work email addresses, job titles, workspace identifiers, role and permission settings, and authentication data. We use this to provision access, secure accounts and operate the service.
4.2 Customer financial data (processed on your behalf)
To automate accounts payable, the Platform ingests and processes the financial data you or your connected sources provide, which may include:
- Invoices and the data they contain (supplier name, line items, amounts, tax, dates, invoice and PO numbers).
- Supplier records (business names, contact details, tax/registration identifiers and, where you choose to manage payments through the Platform, supplier bank/payment details).
- Supporting documents such as purchase orders, goods-received notes, statements and contracts.
- Approval activity, comments and audit trail data generated within the Platform.
Some of this may constitute personal data — for example, the contact details of an individual at a supplier, or the details of a sole trader. We process it as your data processor.
4.3 Integration and email-ingestion data
Where you connect third-party systems (such as accounting platforms, ERPs or mailboxes used to receive invoices), we collect the data and metadata needed to perform the integration — for example, invoices forwarded to a dedicated capture address, or records synced from your accounting system. We access only the data needed to provide the service and in line with the permissions you grant.
4.4 Usage and technical data
We collect technical and usage data such as log data, device and browser information, IP address, and information about how the Platform is used. We use this for security, troubleshooting, and to maintain and improve the service.
4.5 Marketing and contact data
If you contact us, request a demo or sign up for communications, we collect the details you provide (such as name, email and company) and our correspondence with you.
4.6 Information we do not collect
We do not knowingly collect special category data (such as health data), and we do not use the financial data you process through the Platform for advertising, profiling or credit scoring. We do not require, and you should not submit, personal data beyond what is necessary to operate accounts payable.
5. Legal basis for processing (UK GDPR)
Where we act as a controller, we rely on the following bases:
- Contract performance (Article 6(1)(b)) — to provide the Platform to you or your organisation and administer your account.
- Legitimate interests (Article 6(1)(f)) — to secure, maintain and improve the service, prevent fraud and misuse, and conduct limited B2B marketing, balanced against your rights.
- Consent (Article 6(1)(a)) — for certain marketing communications and any optional features that require it. You can withdraw consent at any time.
- Legal obligation (Article 6(1)(c)) — where we must process data to comply with applicable law.
Where we act as a processor, the legal basis for processing the underlying financial data is the responsibility of our customer (the controller).
6. How we use information
We use the information described above to:
- Capture, extract, validate, route for approval and prepare invoices for payment.
- Provide AI-assisted automation, matching and anomaly detection across your AP workflow.
- Authenticate users, manage permissions and secure the Platform.
- Operate integrations with the systems you connect.
- Provide support, troubleshoot issues and maintain an audit trail.
- Improve the reliability and accuracy of the service.
- Administer billing and communicate with you about the service.
We do not sell your data, and we do not use it for advertising, profiling or credit scoring, or for any purpose unrelated to providing the Platform.
AI processing
The Platform uses AI models to read and interpret documents and to assist with AP tasks. Where we use third-party AI providers, they act as our sub-processors under data processing agreements and are contractually prohibited from using your data to train their models or for their own purposes.
7. Data sharing and sub-processors
We do not sell or rent your data. We may share data with:
- Infrastructure providers who host and operate the Platform (such as cloud hosting and database providers), acting as our data processors under appropriate agreements.
- AI model providers who process document and invoice content to deliver automation features, acting as sub-processors under data processing agreements.
- Service providers supporting functions such as authentication, payments/billing, email delivery and analytics.
- Payment rails and partners, where you choose to execute payments through or via the Platform, to the extent needed to carry out your payment instructions.
- Professional advisers, regulators or authorities, where required by law or to protect our rights.
- A successor entity, in connection with a merger, acquisition or sale of assets, subject to this policy.
A current list of sub-processors is available to customers on request. We do not transfer data to third parties for their own independent purposes.
8. International transfers
Some of our infrastructure providers and sub-processors may process data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as standard contractual clauses (and the UK International Data Transfer Addendum) approved by the UK Information Commissioner's Office.
9. Data retention
- Customer financial data is retained for as long as your workspace account is active, in line with your contract and DPA, and is deleted or returned on termination or on a valid deletion request, subject to any legal retention requirements.
- Account and user data is retained for the life of the account and for a reasonable period afterwards for legal, security and audit purposes.
- Usage and log data is retained for a limited period consistent with security and operational needs.
We delete or return data within the timeframe agreed in your contract, and in any case respond to valid deletion requests within 30 days.
10. Your rights
Under UK data protection law, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate data.
- Erase your data ("right to be forgotten").
- Restrict or object to processing.
- Data portability.
- Withdraw consent at any time (where consent is the legal basis).
To exercise any of these rights, contact us at security@gladlane.com. Where the data relates to a customer's account and we act as processor, we will direct your request to the relevant customer and support them in responding. We will respond within one month.
11. Security
We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS) and at rest, access controls and least-privilege permissions, network security, logging and monitoring, and secure infrastructure. Access to customer financial data is restricted to personnel and systems that need it to provide the service.
12. Children
The Platform is a business service and is not directed at children under 13. We do not knowingly collect data from children.
13. Changes to this policy
We may update this policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page and, where appropriate, by other means. Continued use of the Platform after changes constitutes acceptance of the updated policy.
14. Complaints
If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
15. Contact
Gladlane Limited Camburgh House, 27 New Dover Road Canterbury, Kent CT1 3DN United Kingdom
Email: security@gladlane.com