Privacy Policy

PartnerStack Privacy Policy

Effective: January 19, 2018

1. Introduction and Definition

1.1. PartnerStack (“PartnerStack”, “we”, ”us”) is committed to protecting your data and your customers’ data. We review this policy regularly to ensure continued compliance with applicable regulatory and legislative regimes governing personal information and data collection. This Data Security and Privacy Policy describes how we collect, store, use and distribute information and data that you submit to us through the use of our Services, including without limitation, the Personal Information of your end users (“Customer Data”).
1.2. “Companies”, “Company”, or “You” refers to the companies that are using PartnerStack for their Partner Programs.
1.3. “Partners” refers to the Partners in the Companies’ Partner Programs. Partners include, but are not limited to, resellers, affiliates, advocates, and ambassadors.
1.4. “End Users” refers to the customers that are referred to Companies by Partners in their Partner Programs.
1.5. “Services” refers to PartnerStacks’s collection, processing and storage of data which is used to facilitate Partner Programs for Companies.
1.6. “Customer Data” refers to the information collected from End Users. This may include, but is not limited to, first name, last name, email address, IP address, and transactions on the Company’s website.
1.7. “Partner Data” refers to the information collected from Partners. This may include, but is not limited to, first name, last name, email address, the location of posted referral links, and performance statistics within the Partner Program.

2. Consent

2.1. By using our Services, the Company consents to the use of Partner Data and Customer Data described in this Data Security and Privacy Policy.
2.2. Except as set forth in this Data Security and Privacy Policy, Partner Data and Customer Data will not be used for any other purpose without consent. We do not collect Partner Data and Customer Data for the purpose of sales or marketing in a way that specifically identifies individuals.

3. Collection of Information

3.1. We aim to collect only such information as is required to enable us to manage Company and Partner accounts, to provide the Services, and for service improvement.
3.2. We will maintain the confidentiality of any Partner Data and Customer Data provided to us in using the Services and we will use it only for the purposes for which we have collected it (subject to the exclusions and disclosures we have listed below).
3.3. Two types of information may be collected and processed through our Services: Personal Information and Non-Personal Information. This information is collected by PartnerStack, by Companies directly or through third parties that Companies integrate with. The basis for collecting this information is to provide our Services.
3.4. Personal Information refers to information that may personally identify an individual. This includes, but is not limited to, first name, last name, e-mail, IP address, postal address, date of birth, phone number and subscriptions to the Companies’ services. We may collect such information about Partners and End Users.
3.5. Non-Personal Information refers to information of an anonymous nature and aggregate information. Aggregate information may include, but is not limited to, usage statistics and demographic statistics with regards to Partners and End Users.

4. Use and Processing of Information

4.1. We use collected information in order to provide and improve our Services.
4.2. Partner Data and Customer Data may be shared with third parties only to the extend which is necessary to provide our Service. This information is sent using secured methods to third parties.
4.3. We collect statistics about the Companies’ and Partners’ use of our Services. This information will be kept confidential, however, Non-Personal Information that does not personally identify an individual will be kept by us and may be made available to other members or third parties.
4.4. If we plan to use Customer Data in the future for any other purposes not identified above, we will only do so after informing you by updating this Data Security and Privacy Policy. See further the section of this Data Security and Privacy Policy entitled ‘Amendment of this Policy’.

5. Cookies

5.1. We collect both "persistent" cookies and "session" cookies. A persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date. A session cookie will expire when the web browser is closed.
5.2. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
5.3. Our service providers may use cookies and those cookies may be stored on Partner or Company computers when our website is visited by those individuals.
5.4. We use cookies in order to provide and approve upon our services. We use cookies for the following reasons: authentication, status, personalisation, security, analysis, and consent.
5.5. Cookies may be refused by the website visitor.

6. Security

6.1. The security of Partner Data and Customer Data is important to us. We use commercially reasonable efforts to store and maintain Partner Data and Customer Data in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Customer Data, including the encryption of data and secure storage.
6.2. We use Amazon Inspector to automate security assessment and improve the security and compliance of our applications.
6.3. We share Partner Data and Customer Data only with our agents and partners such as service providers, and database hosts. We use the cloud based server Amazon Web Services, and accordingly Partner Data and Customer Data may be available to governments or its agencies anywhere in the world, under a lawful order, irrespective of the safeguards we have put in place for the protection of your Partner Data and Customer Data.
6.4. We have implemented procedures designed to limit the dissemination of Partner Data and Customer Data to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.
6.5. From time to time we may employ third parties to help us improve the Services. These third parties may have limited access to databases of user information solely for the purpose of helping us to improve the Services and they will be subject to contractual restrictions prohibiting them from using the information about our members for any other purpose.
6.6. Disclosures & Transfers: We have put in place contractual and other organizational safeguards with our agents to ensure a proper level of protection of Partner Data and Customer Data. In addition to those measures, we will not disclose or transfer Partner Data and Customer Data to third parties except as specified in this Data Security and Privacy Policy (see further Important Exceptions below).

7. Requests for Data

7.1. We will provide sufficient means to allow the Company to implement appropriate measures in order to meet their data and security duties, including honouring Partner and End Users’ rights, including but not limited to, the right to erasure. 7.2. In the event that a Company or Partner requests, we will delete or return all personal information that we have collected to the Company or to the Partner.
7.3. You have the right to access the Partner Data and Customer Data we hold about your end users. Upon receipt of your written request, we will provide you with a copy of your Customer Data although in certain limited circumstances, we may not be able to make all relevant information available to where such disclosure would result in a breach of our confidentiality obligations to our other Customers. In such circumstances we will provide reasons for the denial to you upon request. We will endeavour to deal with all requests for access in a timely manner.

8. Important Exceptions

8.1. We may disclose Company, Customer and/or Partner Data where such disclosure is required by and in accordance with the lawful order by a court of competent jurisdiction, tribunal or other government agency.
8.2. We may also disclose Company, Customer and/or Partner Data in connection with a corporate re-organization, a merger or amalgamation with another entity, a sale of all or a substantial portion of our assets or stock, including any due diligence exercise carried out in relation to the same, provided that the information disclosed continues to be used for the purposes permitted by this Data Security and Privacy Policy by the entity acquiring the information.

9. Data Retention

9.1. Our data retention policies are designed to ensure that we can provide our Services and remain legally compliant.
9.2. Personal data that we process for any purposes will not be kept for longer than is necessary for that purpose.
9.3. All Personal Information will remain subject to the terms of this Data Security and Privacy Policy.
9.4. We will keep Customer Data for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, nonpersonally-identifiable data, account recovery, or if required by law. All retained Customer Data will remain subject to the terms of this Data Security and Privacy Policy. If you request that certain Customer Data be removed from our databases, it may not be possible to completely delete all your Customer Data due to technological and legal constraints.

10. Amendment of this Policy

10. Amendment of this Policy
10.1. We reserve the right to change this Data Security and Privacy Policy at any time. If we decide to change this Data Security and Privacy Policy in the future, we will notify Companies by e-mail.
10.2. Any non-material change, such as clarifications, to this Data Security and Privacy Policy will become effective on the date the change is posted and any material changes will become effective 30 days from the date of notification.
10.3. Unless stated otherwise, our current Data Security and Privacy Policy applies to all Partner Data and Customer Data that we collect and process in the course of providing our Services to Customers. The date on which the latest update was made is indicated at the bottom of this document. We recommend that you print a copy of this Data Security and Privacy Policy for your reference. Your continued use of the Services signifies your acceptance of any changes.

11. International Data Transfers Privacy Shield And Contractual Terms

11.1 PartnerStack may transfer your Personal Data to countries other than the one in which you live. We deploy the following safeguards if PartnerStack transfers Personal Data originating from the European Union or Switzerland to other countries not deemed adequate under applicable data protection law:
E.U.-U.S. Privacy Shield and Swiss-U.S. Privacy Shield. To comply with European Union and Swiss data protection laws, GrowSumo Inc. (“PartnerStack”) has self-certified under the E.U.-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to enable companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. For more information, including the types of Information covered, see PartnerStack's Privacy Shield Notice. To learn more about the Privacy Shield Program, please see

12. Contact & Data Protection Officer

11.1. If you have any questions about this Data Protection and Privacy Policy, or if you would like to contact the Data Protection Officer please contact: security (at)

Last updated: January 19, 2018    |   Download Copy