Privacy Policy
Sanklad Digital Ltd (“Sanklad”, “we”, “us”) operates the Partli platform. This Privacy Policy explains what personal data we collect when you use partli.app, how we use it, who we share it with, and your rights. We comply with the UK General Data Protection Regulation (UK GDPR), the EU GDPR where applicable, and the UK Data Protection Act 2018.
1. Who this policy applies to
This policy covers three categories of people:
- Merchants — people and companies who sign up for a Partli workspace to run a partner program.
- Partners — people who apply to or are approved into a merchant’s partner program via Partli.
- Website visitors — anyone browsing partli.app or a program’s public apply page.
When Partli is used by a merchant to run their partner program, the merchant is the data controller for partner applications and partner data; Sanklad processes that data on the merchant’s behalf as a processor under a Data Processing Agreement (contact us for a copy).
2. What we collect
| Category | Examples | Purpose |
|---|---|---|
| Account data | Name, email, authentication identifiers (via Clerk) | Provide the Service, secure your account |
| Workspace data | Workspace name, brand assets, program details | Operate your workspace |
| Billing data | Company name, billing address, tax ID, last 4 of card (held by Stripe, not by us) | Process subscription payments |
| Partner data | Name, email, website, country, answers to the merchant’s application form | Let the merchant review applications and issue payouts |
| Usage data | Click events, IP hash, user-agent, country, referer, page timings | Attribution tracking, analytics, fraud detection |
| Communications | Emails to/from support, in-app messages | Customer support, service announcements |
3. Cookies & tracking
We use a small number of essential cookies to operate the Service (authentication, referral attribution). Partli does not use advertising cookies or third-party trackers for marketing. See our Cookie Policy for the full list.
For referral attribution, we record hashed IP addresses (salted with a key known only to us) — never the raw IP. This lets us detect duplicate clicks and bot traffic without identifying individual visitors.
4. Legal bases we rely on
- Contract — to deliver the Service to merchants and process payouts to partners.
- Legitimate interests — to secure the Service, detect fraud, and keep operational logs. We balance these interests against your rights.
- Consent — where specifically required (e.g. for non-essential cookies or marketing emails to merchants).
- Legal obligation — to retain financial records and respond to lawful requests.
5. How we share data
We share your data only with the processors that help us run the Service:
| Processor | What | Where |
|---|---|---|
| Stripe Inc. | Payment + Stripe Connect payouts | US (SCCs + EU-US DPF) |
| Clerk Inc. | Authentication + user identity | US (SCCs) |
| Resend Inc. | Transactional email delivery | US/EU (SCCs) |
| Hetzner Online GmbH | Hosting (application + database) | Germany |
| Cloudflare Inc. | DNS + content delivery | Global (SCCs) |
| Google LLC (Google Analytics 4) | Aggregate site analytics — only when you consent via the cookie banner. IP anonymization enabled. | US (SCCs + EU-US DPF) |
We do not sell your data. We only disclose data to third parties when (a) you instruct us to, (b) a processor listed above handles it for us under a written agreement, or (c) we’re legally required to (e.g. court order, tax compliance).
6. International transfers
Some processors listed above are outside the UK/EEA. Transfers to those countries are protected by appropriate safeguards — Standard Contractual Clauses, the UK IDTA, or equivalent — as required by UK/EU GDPR.
7. Retention
We keep account and workspace data for the lifetime of your subscription plus 30 days after cancellation (to allow data export). Financial records are kept for 6 years to comply with UK statutory requirements. Usage logs (clicks, events) are retained for 24 months in raw form, then aggregated or deleted.
8. Your rights
Under UK/EU GDPR you have the right to:
- Access the data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your data (“right to be forgotten”) — subject to our legal retention obligations.
- Restrict or object to processing based on legitimate interests.
- Receive your data in a portable machine-readable format.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with a supervisory authority — in the UK that’s the Information Commissioner’s Office (ICO).
To exercise any of these rights, email [email protected]. We respond within 30 days.
9. Security
We take data security seriously. Measures include: TLS 1.2+ in transit, encrypted database at rest, IP hashing for visitor data, role-based access control, short-lived authentication tokens, and regular dependency and security updates. No system is perfectly secure — if we become aware of a breach affecting your data, we will notify affected users and the ICO as required by law.
10. Children
Partli is not directed to children under 18. We do not knowingly collect personal data from children. If we learn we have collected such data, we will delete it.
11. Changes to this policy
We may update this Privacy Policy. The “Last updated” date at the top reflects the current version. For material changes we’ll notify active customers by email.
12. Contact
Privacy questions: [email protected]. Postal: Sanklad Digital Ltd, 7 Brookfields Place, CV6 4QF, United Kingdom.
See also: Terms of Service · Cookie Policy