Privacy Policy

Effective date: June 1, 2026

1. Who We Are

PartnerOS ("we," "us," or "our") operates the PartnerOS platform at partneros.xyz — an intelligence platform for sports, media, and entertainment partnerships. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

2. Information We Collect

Account information: When you sign up, we collect your email address and organization name.

Profile information: Role (brand or rights-holder), industry, and organization details you provide during onboarding.

Inventory and deal data: Partnership assets, pricing, deal terms, and related business data you enter into the platform.

Usage data: Pages visited, features used, and actions taken within the platform (used to improve the product).

Communications: Messages and proposals exchanged through the platform's deal workflow.

3. How We Use Your Information

We use your information to:

  • Provide and operate the PartnerOS platform
  • Match rights-holders with relevant brand partners
  • Generate AI-powered benchmarks and renewal intelligence
  • Send transactional emails (deal alerts, proposals, renewal reminders)
  • Improve the platform and develop new features
  • Comply with legal obligations

We do not sell your personal information to third parties.

4. Data Sharing

Within a deal: When a brand expresses interest in your inventory item, your organization name and asset details are shared with that brand. When you send a proposal, the terms are shared with the receiving party.

Service providers: We share data with the sub-processors listed in Section 12 solely to operate the platform. Each is bound by a data processing agreement (DPA). See Section 12 for the full list.

Anonymised benchmarks (opt-in): If you choose to contribute to the PartnerOS benchmark network, only category-level aggregate data is shared — no individual deal amounts, company names, or contact information.

5. Data Security

We implement industry-standard security measures including row-level security at the database layer, encrypted connections (TLS), and server-side session management. All sensitive credentials are stored in encrypted environment variables and never committed to source code.

Despite these measures, no internet transmission is 100% secure. We encourage you to use a strong password and keep your credentials confidential.

6. Data Retention

We retain different categories of data for different periods based on the legal basis for processing. The full schedule is documented in our Data Retention Policy. Key retention periods:

Data CategoryRetention PeriodBasis
Inventory itemsSubscription + 2 yearsContract
Deal records7 yearsLegal obligation
Audit log7 yearsLegal obligation
User profileUntil erasure request + 30 daysConsent
Email addressesUntil unsubscribe or erasureLegitimate interest
Analytics events24 monthsLegitimate interest
Consent log7 yearsLegal obligation

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Data portability

To exercise any of these rights, contact us at privacy@partneros.xyz.

8. Cookies

We use strictly necessary cookies for authentication (session management). We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required.

9. Children

PartnerOS is not directed at children under 18. We do not knowingly collect personal information from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice within the platform. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact

Questions about this Privacy Policy? Contact us at privacy@partneros.xyz.

12. Data Subprocessors

We use the following sub-processors to operate the platform. Each is bound by a Data Processing Agreement (DPA). None retain personal data beyond the purpose for which it was shared.

SubprocessorCategoryLocationData ProcessedDPA
SupabaseDatabase / AuthUSA (EU region available)All user and platform dataYes
VercelHosting / CDNUSA + global edgeRequest metadata, logsYes
StripePaymentsUSAPayment data, deal amountsYes
ResendEmail deliveryUSAEmail addresses, notification contentYes
AnthropicAI processingUSAInventory descriptions, deal summariesYes
PostHogAnalyticsEU (EU Cloud)Usage events, session metadataYes
CloudflareBot protectionGlobalIP addresses (not stored)Yes
UpstashRate limitingGlobalIP addresses, rate countersYes

Version 2 · Last reviewed: June 3, 2026