External access — read-only links for lawyers and auditors

Create scoped, time-limited links so third parties can review your documents, DSAR log, and subprocessors without account access.

An external access link is a read-only, time-limited URL you can share with a third party — a lawyer auditing your privacy posture, a compliance consultant, an enterprise customer doing due diligence — without giving them your miniterms account credentials.

What the auditor can see

You choose the scope at link creation time. Available views:

  • Documents — your generated and published documents, without any ability to edit or regenerate.
  • DSAR log — the list of requests and their statuses. Requester email addresses are hidden by default; you can enable them at creation time.
  • Subprocessors — your full subprocessor list, including regions and DPA URLs.

The auditor cannot access Settings, the business profile form, API tokens, or any surface that would let them modify data.

Creating a link

  1. Open Settings → External access.
  2. Click + New link.
  3. Enter a label — for your own reference; the auditor sees it too.
  4. Toggle the views the auditor should have access to.
  5. Choose expiry: 7 days, 30 days, 90 days, or no expiry.
  6. Click Create and copy the link.

Treat the link URL like a credential — anyone with it can access the selected views. Send it via a secure channel (encrypted email, password manager share).

Revoking access

On the same page, click Revoke next to any active link. Revocation is immediate; the URL stops working within seconds. Any active auditor session is invalidated — the next request redirects to an "access ended" page.

Expired links are pruned automatically and cannot be reactivated. Create a new link if access is needed again.

Español