PRICING

PartnerPortal.io Data Processing Agreement (DPA)

Version: 1.6
Effective Date: February 15, 2026

This Data Processing Agreement (“DPA”) forms part of and is incorporated into the Subscription Agreement between PartnerPortal LLC (“Processor”) and the customer entity using the Services (“Controller” or “Customer”).

This DPA is intended to satisfy the requirements of applicable data protection laws, including the EU General Data Protection Regulation (EU) 2016/679 (“GDPR”), UK GDPR, and applicable U.S. privacy laws including the California Consumer Privacy Act (“CCPA/CPRA”), where applicable.

1. Scope and Processing Instructions

Processor shall process Personal Data only:

  • on documented instructions from Customer;
  • as necessary to provide the Services; or
  • as required by applicable law.

Customer is responsible for determining the lawful basis and purposes for processing Personal Data.

2. Roles of the Parties

  • Customer acts as the Data Controller.
  • Processor acts as the Data Processor (or “Service Provider” under CCPA/CPRA where applicable).

Processor does not sell or share Personal Data for its own commercial purposes.

3. Description of Processing

Processor processes Personal Data solely to provide and support the PartnerPortal.io platform, including:

  • hosting partner portals
  • authentication and account management
  • integrations and workflow processing
  • analytics, monitoring, and security
  • onboarding, support, and troubleshooting

Data Subjects

  • Customer administrators and users
  • partners and affiliates invited by Customer
  • employees or representatives of Customer or its partners

Categories of Personal Data

  • names and contact information
  • account and profile data
  • portal activity and usage data
  • integration-related data
  • support communications

Processor does not intentionally process special categories of personal data.

Duration

Processing continues during the subscription term and thereafter only as required for backup retention or legal obligations.

4. Confidentiality and Security

Processor shall:

  • ensure persons authorized to process Personal Data are bound by confidentiality obligations;
  • implement appropriate technical and organizational security measures designed to protect Personal Data against unauthorized access, loss, or disclosure;
  • maintain security practices appropriate to the risk and nature of the Services.

Additional security documentation may be available via:

https://partnerportal.safebase.us/

5. Assistance with Data Subject Rights and Compliance

Processor shall assist Customer, taking into account the nature of processing, by:

  • helping respond to data subject requests (access, deletion, correction, portability, etc.);
  • assisting with data protection impact assessments and regulatory inquiries where reasonably requested;
  • providing such assistance in a timely manner so Customer can meet applicable legal deadlines.

6. Personal Data Breach Notification

Processor shall notify Customer without undue delay after becoming aware of a Personal Data Breach and, where reasonably feasible, within seventy-two (72) hours of confirmation.

Such notification shall include available information reasonably necessary for Customer to meet applicable reporting obligations.

7. Subprocessors

Customer authorizes Processor to engage subprocessors necessary to provide the Services.

Current subprocessors include:

  • Amazon Web Services (AWS) — infrastructure hosting
  • Stripe — billing and payments
  • HubSpot — CRM and communications
  • Google Workspace — internal operations
  • Intercom — support communications
  • ChartMogul — analytics
  • Okta — identity and access management
  • Integration.app — integration framework
  • SafeBase — trust center platform

Processor shall:

  • impose data protection obligations on subprocessors equivalent to those in this DPA;
  • provide prior notice of material subprocessor changes;
  • allow Customer a reasonable opportunity to object on legitimate data protection grounds.

If the parties cannot resolve a good-faith objection, Customer may terminate affected Services consistent with the Subscription Agreement.

8. International Transfers

Where Personal Data is transferred outside the EEA or UK, transfers shall be governed by appropriate safeguards, including:

  • EU Standard Contractual Clauses adopted under European Commission Implementing Decision (EU) 2021/914; and
  • the UK International Data Transfer Addendum or International Data Transfer Agreement (IDTA), where applicable.

These safeguards are incorporated by reference where required by law.

9. Audit Rights

Processor shall make available reasonable information necessary to demonstrate compliance with this DPA.

If such information is insufficient for Customer’s legal obligations, Processor will allow reasonable audits or inspections by Customer or an independent auditor, subject to:

  • reasonable advance notice;
  • confidentiality obligations;
  • limitation to once annually unless required by law or following a security incident;
  • minimization of operational disruption.

10. Return or Deletion of Data

Upon termination of Services, Processor shall delete or return Personal Data at Customer’s request, unless retention is required by law or standard backup retention practices.

11. Liability

The liability of each party arising under or in connection with this DPA shall be subject to, and included within, the limitations and exclusions of liability set forth in the Subscription Agreement, unless otherwise required by applicable law.

Nothing in this DPA expands either party’s liability beyond the limits established in the Subscription Agreement.

12. Term

This DPA remains effective for the duration of the Subscription Agreement.

<< Previus Page All Features Next Page >>

Ready to Launch?

Claim Your Custom Portal Claim Your Custom Portal
Easy Set-Up All Integrations Customizable