Legal

Privacy Policy

Last updated: 12 April 2025

PartnerFlo (“we”, “us”, or “our”) is operated by PartnerFlo Ltd. This policy explains what personal data we collect, why we collect it, and your rights regarding that data. By using our platform you agree to the practices described here.

1. Who we are

PartnerFlo is a B2B SaaS platform that helps technology vendors manage their channel partner relationships. References to “platform” mean the web application at partnerflo.io and its associated APIs.

2. Data we collect

Account & profile data

When you or your organisation signs up we collect your name, business email address, company name, and a hashed password. Vendors may also upload a company logo.

Usage data

We log authenticated actions within the platform (e.g. deal registration, MDF requests, file downloads) to provide audit trails and support. We do not track behaviour across third-party sites.

Payment data

Subscription billing is handled by Stripe. We store only a Stripe customer ID and subscription status — we never see or store raw card numbers.

Uploaded files

Documents uploaded to the platform (agreements, collateral, MDF proof files) are stored in encrypted AWS S3 buckets. Access is controlled by time-limited presigned URLs.

Communications

If you contact us by email we retain that correspondence to resolve your query.

3. How we use your data

  • To create and manage your account
  • To deliver the platform features you have subscribed to
  • To send transactional emails (deal approvals, commission updates, MDF notifications)
  • To process and reconcile subscription payments
  • To investigate security incidents or support requests
  • To comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising.

4. Legal bases for processing (GDPR)

For users in the UK and European Economic Area our processing relies on:

  • Contract performance — processing necessary to deliver the service you signed up for
  • Legitimate interests — security monitoring, fraud prevention, and product improvement
  • Legal obligation — where we are required to retain records by law

5. Data sharing

We share data only with the sub-processors necessary to run the platform:

  • AWS — cloud infrastructure and file storage (EU/US regions)
  • Neon — managed PostgreSQL database hosting
  • Stripe — subscription billing and invoicing
  • Resend — transactional email delivery

All sub-processors are bound by data processing agreements and appropriate safeguards.

6. Data retention

Account data is retained for the lifetime of your subscription plus 90 days after cancellation, after which it is permanently deleted. You may request earlier deletion (see Section 8). Financial records required for tax compliance are retained for 7 years.

7. Security

We use TLS in transit, AES-256 encryption at rest for database and file storage, bcrypt password hashing, and role-based access controls. See our Security page for more detail.

8. Your rights

Under UK GDPR and equivalent legislation you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data (“right to be forgotten”)
  • Restrict or object to certain processing
  • Data portability (receive your data in a machine-readable format)
  • Lodge a complaint with your national data protection authority

To exercise any of these rights, email us at privacy@partnerflo.io. We will respond within 30 days.

9. Cookies

We use a single session cookie (HttpOnly, Secure) to maintain authenticated sessions. We do not use tracking or advertising cookies. No third-party analytics scripts are loaded.

10. Changes to this policy

We will notify account administrators by email before making material changes to this policy. Continued use of the platform after changes take effect constitutes acceptance.

11. Contact

For privacy queries: privacy@partnerflo.io