Legal and policy information#
Policies#
Coming soon
This section will in the future provide an overview of policies that apply to partners.one.
Data policy#
This section will explain what type of (personal) information is collected by partners.one, why and how long this information is retained.
The table below lists the categories and nature of data we process, alongside with information on retention period and processor. The table first lists categories of data that are or may contain PII, and is then sorted by retention period.
| Type of data | PII?1 | Description and grounds for processing | Retention period | Processor |
|---|---|---|---|---|
| Contains PII | ||||
| Information about the legal entities of our partners, such as company names, VAT proofs or names of representatives | In order to lawfully provide our partners with our (digital) services, we need to have an understanding using which legal entities they operate. This information may contain personal data, such as names of natural persons. | The legally required term2 | Us (database) |
|
| Audit logging, which mainly include historical representations of any data listed in this table | In order to safeguard our systems and provide evidence of actions taken on the platform, records of nearly all database mutations are stored. The audit logging also includes logging of certain predefined events, such as logins or password changes. | Indefinitely | Us (database; Reversion) |
|
| Outgoing email logs (including full email copies) | For our own records, we keep track of outgoing email communication dispatched by the platform. | Indefinitely | Us (database) |
|
| Platform analytics; including identifiers such as email addresses to link data | We use an external service to conduct analysis of user behavior and interactions as well as logging of predefined events. | 2 years | Mixpanel | |
| Information about user accounts (including a name and email address) | We need to know who our users are for auditing purposes and to address them. In order to facilitate a secure login and authentication process, we also need an email address. | Up to 3 years after last login | Us (database) |
|
| Back-ups of all data listed in this table | In order to ensure continuity of our business, we make regular and scheduled automated back-ups of all our durable data. | About 30 days | Us (infra) |
|
| Exports containing partner and end customer information | When you request an export, we store the result in order to make it temporarily available to you. Sometimes we generate exports on our own initiative. | About 7 days | Us (service; S3) |
|
| Likely inclusion of PII | ||||
| Debug and error information | To improve our service, fix issues and monitor the performance of our platform we collect data on exceptions that occur on our platform and aggregate metrics for analysis. | 91 days | Sentry | |
| Detailed logs about actions on the platform | To provision digital services and to support core components of the platform, we keep detailed logs on workflows and a record of all interactions we have with our vendors. | Up to 90 days | Us (service; Temporal) |
|
| Generic logging | We collect, route and temporarily retain logs produced by the systems handling reuqests for our platform in order to monitor, assess performance and solve bugs. | Up to 30 days | Us (infra) |
|
| Caching data | In order to improve performance of the platform, we may temporarily cache data. | About 24 hours | Us (infra) |
|
| No PII | ||||
| Password breach data | To safeguard our users' passwords, we may check if used password are breached. We use an external service to do so. This happens anonymously: the users' password is not revealed in any way. | Ephemeral | HIBP | |
| Feature flag information | Managing and controlling feature rollout on our platform. | Indefinitely | Us (database; Waffle) |
|
| Business data | We aggregate and report commercial (business) data for analytics. | Indefinitely | Us (service; S3) |
|
| Information about subscriptions, digital resources and invoicing data, such as start and end dates or domain names | We need this information in order to provide and invoice our services, and to comply with regulations surrounding keeping sound records about our business. | Indefinitely | Us (database) |
|
| Authorization information | We need to determine for each user which objects on the platform they are able to view and modify, and which actions they may take. | Indefinitely | Us (service; OpenFGA) |
This table was last updated or validated on: 2025-12-07
Processors#
While most data is processed by ourselves (marked as Us in the table above), we may make use of subprocessors.
| Name of subprocessor | PII?1 | Website | Policy |
|---|---|---|---|
| Sentry | https://sentry.io/welcome/ | Privacy policy | |
| Mixpanel | https://mixpanel.com/ | Privacy policy | |
| Have I Been Pwned (HIBP) | https://haveibeenpwned.com/ |
Component list#
When we process data ourselves, this data may live in a number of sub-systems or components of the platform. Roughly, the following division can be made:
- Most data lives in a durable database, marked with
database; this database is self-hosted and self-managed - Some data lives within our infrastructure, marked with
infra; this mostly concerns copies of data, such as caching or backups - We may use services that are internally self hosted but still process our data; they are marked with
service
Questions and requests#
If you have any questions or would like to submit a request regarding the policies on this page, please see the help page for more information on how to reach out.
-
If this concerns personally identifiable information (PII); indicates this concerns PII, indicates a likely accidental inclusion of PII, indicates this does not concern PII ↩↩
-
Depending on the kind of data, this term is usually between 7 and 10 years after which our (legal) relationship with the partner ends ↩