Product · Partner Portal
Most photo programs leave the property partner (mall ownership, theme park operations, attraction management) without visibility into the program on their property. SP Photo Station ships a dedicated partner portal with its own auth, scoped data access, and audit log. The mall manager sees their KPIs without seeing other malls'.
Property partners — the mall ownership group, the theme park operator, the attraction property manager — are the people whose tenant agreement your photo program depends on. They want to know: how many guests is the program serving on our property? How is it rated? Is it generating incidents? Is it driving foot traffic, or just sitting in the corner?
The conventional answer is emailed PDF reports once a month, maybe a quarterly meeting where someone reads a deck off a laptop. The partner sees what you choose to show them when you choose to show it. There's no real-time view, no self-serve drill-down, and no audit trail of what you reported.
SP Photo Station's partner portal flips that. The partner logs in with their own email + PIN, sees their KPI dashboard in real time, can drill into specific dates / sessions / incidents, and can submit alerts that route directly to your regional manager.
Where it earns its license
Property partners get their own auth path at /partner/login. Email + six-digit PIN, mutually exclusive with operator staff sessions in the same browser tab. Partner sessions are JWT-cookie-backed, 7-day TTL, HttpOnly + Secure + SameSite=Lax.
Inventory: §B.13
A cron-driven generator builds daily and weekly KPI snapshots per partner per venue: visit counts, average rating, top-grossing package, photographer headline metrics, incident summary. Reports land in the portal with a notification email. No back-and-forth 'can you send me last week's numbers' — they're there at 6am local time every morning.
Inventory: §B.13
Partners submit alerts from the portal with severity + category + free-text description; the platform routes to the regional manager covering that venue via org-chart FKs from migration 086. RM gets a mall_alert_received urgent notification (in_app + email + SMS) within minutes.
Inventory: §B.13
Partner sessions key on the partner's property_partners row and its client_id. Every read enforces tenant scope at the API layer — the partner sees their own venue's flash reports, alerts, and visit session counts only. Cross-tenant leaks are impossible by construction.
Inventory: §B.13
Partner dashboard layout, KPI selection, alert categories — all configurable per partner from the admin portal. No JIRA ticket to add a new KPI to a specific partner's view; the studio owner picks from the catalog and ships in minutes.
Inventory: §B.13
Property partners often host member events: donor receptions, private brand activations, school-group tie-ins. The partner portal lets them request a private booking window directly, which materializes as a scheduled event on the operator's side without the six-back-and-forth-emails-in-a-thread workflow.
Inventory: §B.4 + §B.13
Under the hood
HS256-signed JWTs (separate signing secret from operator and customer sessions). 7-day TTL. HttpOnly + Secure + SameSite=Lax cookies scoped to the marketing domain. Mutually exclusive with operator login in the same browser tab.
Partner's property_partners.client_id scopes every read. The H6.1 cross-tenant CI gate runs static analysis on every PR to ensure no partner-bundle code path reads operator-tenant data.
partner_alerts writes route through notify() as severity=urgent. Recipient resolves via regional_manager_id from org-chart FKs. Routing rules live in feature code, not a central router.
A scheduled job per partner per venue computes daily and weekly KPI snapshots from visit_sessions, customer_ratings, pos_order_items, and partner_alerts. Snapshots persist so historical reports remain queryable as data evolves.
Partners self-serve PIN reset via email-based OTP. Lost-PIN flow doesn't require operator intervention; the studio owner only intervenes if the partner's email is compromised.
All partner portal actions (login, alert submission, report download, PIN reset) write to the per-tenant audit log. Partner can review their own trail; operator can review all audit events for that partner.
Common questions
Single shared URL at app.spphotostation.com/partner/login. The PIN + email combination scopes the session to the right partner row. Custom subdomains per partner are not on the roadmap.
Yes. One property_partners row can link to multiple location_landing_pages rows. The dashboard shows aggregate KPIs across all linked venues plus drill-down per venue.
The flash report generator can emit PDFs and email them directly. The portal is the default; PDF-email mode is configurable per partner. Most partners take a week to start using the portal and never look at the PDFs again.
No. The portal exposes aggregate counts, ratings, and program KPIs only. Per-customer PII stays on the operator-side surfaces. Partners see “47 sessions Saturday, average rating 4.7”, not individual customer names.
Alerts route to the regional manager. The RM decides whether to escalate to a photo critique, a reliability ding, or a conversation. The partner doesn't directly rate staff — that firewall preserves the operator's management authority over their own team.
Per-venue dashboards show the working staff roster for any given day (first name + role + critique-score range, not full identity). Helpful for “the photographer was great Saturday, can we have them again next weekend” requests routed back through the RM.
We'll set up a sample partner login, walk through the flash report, submit a test alert, and show how it routes back through the operator's notification system.
Schedule a demo