Skip to content
OpenPartner docs

Account + data

OpenPartner is GDPR-compliant by design. You own your data, you can take it with you, and you can delete your account on your terms.

Settings → Profile → Danger zone.

Download my data

Generates and downloads a complete JSON dump of everything we hold about you:

  • Your Creator row (profile, handle, email, all the fields you’ve filled in)
  • Every VendorAffiliation (each brand you’ve partnered with) with vendor metadata
  • Every PartnershipRequest (applications, accepted + rejected + cancelled) with offering
    • vendor metadata
  • Every Partnership (active relationships) with their share URL, slug, status

Triggered server-side, downloaded as a single JSON file. No size limit currently — your data is yours.

This export is GDPR Article 15 (right of access). If you ever migrate off the Network or audit what’s stored about you, this is the source of truth.

Delete my account

Two-phase, with a 30-day grace window for recovery.

Phase 1: schedule deletion

Click Delete my account. You’re asked to type your email to confirm — this is a one-time input (no password, since we never had one).

On submit:

  • Your pendingDeletionAt timestamp is set to now
  • All your active sessions are revoked — you’re signed out everywhere immediately
  • Each vendor instance you’ve partnered with gets a federation push to revoke your Partner row on their side (the brand keeps your past commissions on their books for 1099 / tax / audit purposes — the revoke just closes the active partnership)

You’ll get an email confirming the deletion is scheduled, with the hard-delete date (30 days from now).

Phase 2: hard delete

30 days after the schedule date, the daily scheduler hard-deletes:

  • Your Creator row
  • Cascades to VendorAffiliation, PartnershipRequest, Partnership, CreatorSession, CreatorMagicLinkToken, CreatorPlatform, CreatorShareDomain

Your data is gone from our DB at that point. Vendor instances retain only the historical financial records they’re legally required to keep (typically commissions paid, with your email as a reference for 1099s).

Recovering during the grace window

Within 30 days of scheduling deletion, you can recover. Sign in via magic link — the signin flow detects pending deletion and redirects you to a recovery prompt. Click Recover account:

  • pendingDeletionAt is cleared
  • Your account is fully active again
  • Active partnerships you had stay active (the federation revoke doesn’t run on the vendor side until the hard-delete)

Caveat: Partnerships the federation already revoked on the vendor side don’t auto-restore on recovery. If you recover quickly (within hours of scheduling), nothing’s been federated yet and everything’s fine. If you wait 28 days and then recover, some vendors may have already processed the revoke; you may need to re-apply for those programs.

Realistically: if you’re going to recover, do it within a day or two of the deletion request. The grace window is for cooling off + accidental deletion recovery, not long-term hesitation.

Inactive accounts

We don’t auto-delete accounts for inactivity. Sign in once a year and your account stays indefinitely.

Data sale / sharing

We don’t. The OpenPartner thesis is “your data stays yours” — we don’t ingest into a shared pool, train models on partner data, or share / sell to third parties. The full ToS is at openpartner.dev/terms.

Questions

Email [email protected] for anything not covered. GDPR data subject requests specifically: [email protected].