I couldn’t help but notice that you did not yet updated your Privacy Policy. I can imagine that with all the activities that come with a young startup company, the PP is not highest on your priority list.
Maybe you’d be helped by using a Privacy Policy generator. A quick search showed that there are multiple choices that can deliver GDPR-compliant PP text. You could try those and maybe the only additional thing that is needed is a quick glance by your lawyer, and you are ready to go.
The site Termly looked promising to me:
Free Privacy Policy Generator (U.S.)
Generate a customized privacy policy for your website, mobile app, and Facebook app. Crafted by attorneys, our software can help you comply with state, federal, and international laws like the GDPR. Create your policy for free, or sign up for a premium account to access even more compliance features and upgrades.
I did not vet the site for how they use the information you provide when generating the PP. Maybe, if you decide to using a PP generator site, you could do that and report your experience to this forum?
Edit: Just tried Termly 6 months after posting this. It is terrible. You go through a complete form with questions about what you track. Then when ready… you have to register with them to get the text.