PermitSentry
Sign inGet Started

Privacy Policy

Last Updated: March 14, 2026

1. Introduction

This is the Privacy Policy for PermitSentry AI ("we", "us", "our", or the "Company"). It applies to permitsentry.com and all related services (the "Service").

By using the Service, you agree to the practices described in this Privacy Policy. If you disagree with any part of this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, company name, job title.
  • Business and project data: permit details, compliance documents, business entity type, industry, and location you enter into the Service.
  • Payment information: processed by Stripe. We do not store full credit card numbers, only a tokenized reference and last four digits.
  • Communications: support tickets, feedback, and emails you send us.

2.2 Information Collected Automatically

  • Usage data: pages visited, features used, actions taken, session duration, timestamps.
  • Device and browser information: IP address, browser type and version, operating system, device type, screen resolution.
  • Referral data: how you arrived at our site (referring URL, search terms).
  • Cookies and similar technologies (see Section 8).

2.3 Information from Third Parties

  • Authentication providers (if you sign in via Google or other OAuth providers).
  • Payment status and subscription events from Stripe.

3. How We Use Your Information

  • To provide, operate, maintain, and improve the Service.
  • To process your permit compliance scans and generate AI-powered checklists and recommendations.
  • To process payments and manage your subscription.
  • To send transactional communications (account confirmations, billing receipts, renewal reminders, security alerts).
  • To provide customer support and respond to your inquiries.
  • To analyze usage patterns in aggregate to improve the Service and AI features.
  • To detect, investigate, and prevent fraud, abuse, or security incidents.
  • To comply with legal obligations, law enforcement requests, and regulatory requirements.
  • To enforce our Terms of Service.

We do NOT use your individual project data, permit information, or business details to train or fine-tune AI models without your explicit, prior written consent. AI processing of your queries occurs via the Anthropic Claude API in real time and is not retained by the AI provider for training purposes.

5. Data Sharing and Third Parties

We share personal data only as described below. We do NOT sell your personal data. We do NOT share data with third parties for their own marketing purposes.

5.1 Service Providers (data processors acting on our behalf)

  • Supabase: database hosting, authentication, and cloud infrastructure (US-based).
  • Vercel: application hosting and deployment (US-based, global edge).
  • Anthropic: AI model provider. Permit queries are processed via the Claude API. See Anthropic's data usage policy for details.
  • Stripe: payment processing. See Stripe's privacy policy.
  • Resend: transactional email delivery.
  • Twilio: SMS notifications for permit deadline reminders.

5.2 Legal and Safety Disclosures

We may disclose information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud.

5.3 Business Transfers

If PermitSentry is acquired, merged, or sells assets, user data may be transferred as part of that transaction. We will notify you via email and in-app notice before your data becomes subject to a different privacy policy.

6. Data Retention

  • Account and profile data: retained while your account is active, plus 90 days after a deletion request to allow for recovery.
  • Project and permit data: retained according to your subscription tier; deleted within 30 days of account closure unless you export it first.
  • Billing and transaction records: retained for 7 years as required for tax and legal compliance.
  • Usage and analytics logs: retained for 12 months, then aggregated or deleted.
  • Support correspondence: retained for 3 years after resolution.
  • You may request early deletion of non-legally-required data at any time (see Section 7).

7. Your Rights

Depending on your location, you may have some or all of the following rights:

7.1 All Users

  • Access your personal data.
  • Correct inaccurate or incomplete data.
  • Request deletion of your data (subject to legal retention requirements).
  • Export your project and permit data in a machine-readable format (JSON/CSV).
  • Opt out of marketing communications at any time via email link or account settings.

7.2 California Residents (CCPA/CPRA)

  • Right to know what personal information is collected, used, and disclosed.
  • Right to delete personal information.
  • Right to opt out of the sale or sharing of personal information (note: we do not sell your data).
  • Right to non-discrimination for exercising your privacy rights.
  • Right to limit the use of sensitive personal information.
  • Authorized agents may submit requests on your behalf with written authorization.

7.3 EU/UK Residents (GDPR)

  • Right to data portability.
  • Right to restrict processing.
  • Right to object to processing based on legitimate interests.
  • Right to withdraw consent at any time (without affecting the lawfulness of prior processing).
  • Right to lodge a complaint with your local supervisory authority.

7.4 Other US State Residents

If you reside in a state with a comprehensive privacy law (including but not limited to Virginia, Colorado, Connecticut, Delaware, Iowa, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Indiana, Kentucky, Rhode Island, Minnesota, Maryland, Nebraska), you may have rights similar to those described above. Contact us at privacy@permitsentry.com to exercise your rights.

7.5 How to Exercise Your Rights

  • Email: privacy@permitsentry.com
  • In-app: Account Settings > Privacy > Data Requests
  • We will verify your identity and respond within 30 days (45 days if an extension is needed, with notice).

8. Cookies and Tracking Technologies

  • Essential Cookies: required for authentication, session management, and security. Cannot be disabled.
  • Analytics Cookies: help us understand usage patterns and improve the Service. You may disable these in your cookie settings.
  • We do NOT use advertising or behavioral tracking cookies. We do NOT serve third-party ads.
  • We honor Global Privacy Control (GPC) browser signals and Do Not Track (DNT) signals where required by applicable law.

9. Data Security

  • All data is encrypted in transit using TLS 1.2 or higher.
  • All data is encrypted at rest using AES-256 encryption.
  • We enforce role-based access controls and multi-factor authentication for internal systems.
  • Supabase Row Level Security (RLS) ensures strict tenant isolation in our multi-tenant database.
  • We conduct regular security reviews and vulnerability assessments.
  • We maintain an incident response plan and will notify affected users within 72 hours of discovering a breach that affects their personal data, as required by GDPR and applicable US state laws.

10. International Data Transfers

  • PermitSentry is based in the United States. Your data is primarily stored and processed in the US.
  • If you are located in the EU, UK, or another jurisdiction with data transfer restrictions, your data is transferred to the US under Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Vercel may process data at global edge locations. See Vercel's data processing agreement for details.

11. Children's Privacy

  • PermitSentry is a business-to-business service not directed to individuals under the age of 13 (or under 16 in the EU/UK).
  • We do not knowingly collect personal data from children.
  • If we learn that we have collected data from a child, we will delete it promptly. Contact us at privacy@permitsentry.com if you believe a child has provided us data.

12. AI-Specific Data Practices

  • When you use PermitSentry's AI compliance scan, your business type, industry, and location are sent to the Anthropic Claude API to generate permit recommendations.
  • We do not send your name, email, payment information, or other personally identifiable information to the AI model.
  • AI query data is not retained by Anthropic for model training under our enterprise data processing agreement.
  • AI outputs are generated probabilistically and may contain errors. See our Terms of Service for important disclaimers.

13. Changes to This Policy

  • We may update this Privacy Policy from time to time.
  • Material changes will be communicated via email and in-app notification at least 30 days before they take effect.
  • Your continued use after the effective date constitutes acceptance.
  • We will maintain a change log of significant revisions.

14. Contact Us

  • Privacy inquiries: privacy@permitsentry.com
  • General support: support@permitsentry.com
  • Mailing address: [Company Name], [Street Address], [City, State ZIP]
  • If you have an unresolved privacy concern, you may also contact your local data protection authority.
Back to top