Back to Home

Privacy Policy

Effective Date: February 8, 2026
Last Updated: February 8, 2026

This Privacy Policy explains how PermitTracker ("Company," "we," "us," "our") collects, uses, and discloses information when you access or use PermitTracker (the "Service"), including our website, web application, and related services.

The Service is intended for business and commercial use (e.g., contractors and construction-related professionals). If you do not agree to this Privacy Policy, do not use the Service.

1) Scope and Roles (B2B)

This Privacy Policy applies to:

  • website visitors;
  • users who create accounts or use the Service; and
  • individuals whose information may appear in data or documents uploaded to the Service ("Customer Content").

When an organization (company) uses the Service (a "Customer"), that Customer generally controls the Customer Content submitted to the Service. In many cases:

  • the Customer is the "controller" (or equivalent) of personal information in Customer Content; and
  • the Company acts as a "processor/service provider" for that Customer.

If you use the Service through a Customer, that Customer's administrators may access and manage workspace data and user accounts.

2) Information We Collect

2.1 Information you provide

We may collect:

  • Account information: name, work email, login credentials (stored in hashed form and/or via an authentication provider), role/permissions.
  • Workspace/organization information: organization name, team members, settings.
  • Project/permit data: project names, addresses, jurisdictions, permit identifiers, statuses, dates, inspection schedules, reminders, notes, and attachments.
  • Customer Content: documents/files you upload (e.g., PDFs, images) and related metadata.
  • Support and communications: messages you send us and any attachments.

2.2 Information collected automatically

We may collect:

  • Usage and log data: IP address, timestamps, pages viewed, feature usage, error logs, referring URLs.
  • Device data: browser type, OS, language settings, device identifiers (as available).
  • Cookies and similar technologies: for authentication, security, preferences, and analytics (see Section 6).

2.3 Information from third parties

We may receive:

  • Billing/payment information from payment processors (if enabled). We typically do not store full card numbers.
  • Message delivery signals from email providers (e.g., bounces, delivery errors).
  • Authentication assertions from SSO/identity providers (if enabled by Customer).

3) How We Use Information

We use information to:

  • Provide and operate the Service, including authentication, workspace administration, storage and organization of Customer Content, and collaboration features.
  • Send notifications and reminders you configure (email and, if enabled in the future, SMS or other channels).
  • Process documents, including conversion, indexing, search, and optional AI-assisted extraction features.
  • Provide support, respond to inquiries, and troubleshoot issues.
  • Secure and improve the Service, including analytics, monitoring, debugging, fraud prevention, and enforcing our policies.
  • Comply with legal obligations and protect rights, safety, and property of the Company, Customers, Users, and the public.

We may also use aggregated and de-identified data for analytics and product improvement.

4) AI / Automated Processing

The Service may offer features that analyze Customer Content to produce extracted or suggested fields (such as dates, permit numbers, conditions, or inspection milestones).

Important: Automated outputs may be inaccurate or incomplete. The Service is intended to assist workflows, not replace official verification or professional judgment. You are responsible for reviewing and confirming extracted information before relying on it.

Model training

We do not use Customer Content to train public or general-purpose AI models unless you explicitly opt in (for example via an affirmative setting or written agreement).

5) Communications

We may send:

  • Transactional/operational messages: account verification, security notices, configured reminders/alerts, service changes.
  • Support messages responding to your requests.

If additional communication channels (such as SMS or messaging platforms) are enabled in the future:

  • message frequency will vary based on your configuration;
  • message/data rates may apply;
  • opt-out will be available via in-app controls and/or channel-specific controls.

Customer responsibility for contact information: If you upload or enter contact information for employees, subcontractors, clients, inspectors, or other third parties, you represent you have provided appropriate notices and obtained any required consents to contact them via the Service.

6) Cookies & Analytics

We use cookies/similar technologies for:

  • essential functions: login, session management, security, fraud prevention;
  • preferences: saving settings;
  • analytics: improving performance and reliability.

You can control cookies via browser settings. Disabling essential cookies may prevent the Service from working properly.

7) How We Share Information

We may share information with:

  • Service providers (subprocessors): hosting, storage, authentication, analytics, email delivery, AI processing, billing. They may process information only to provide services to us and must protect it.
  • Within a Customer workspace: authorized users and admins, subject to permissions.
  • Legal/safety/enforcement: if required by law or legal process, or to protect rights/safety, investigate fraud/security, or enforce our terms.
  • Business transfers: merger, acquisition, financing, reorganization, bankruptcy, or sale of assets.

We do not sell personal information as defined under applicable U.S. privacy laws. We do not share personal information for cross-context behavioral advertising unless explicitly stated and required choices are offered.

8) Data Retention

We retain information as needed to provide the Service and for legitimate business purposes (security logs, backups for limited periods, compliance, dispute resolution). If you delete content or close an account, we delete or de-identify data within a reasonable time, subject to limited retention for backups, security, and legal obligations.

9) Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect information. No system is 100% secure, and we cannot guarantee absolute security.

10) International Data Transfers

We operate using infrastructure and service providers that may process and store data in the United States and other jurisdictions. Our personnel and contractors may access systems from locations outside the United States, which may include Israel and other countries.

If you access the Service from the EEA/UK/Switzerland or other regions with data transfer restrictions, your data may be transferred to jurisdictions that may not provide equivalent protections. Where required, we use appropriate safeguards (such as contractual protections with vendors). If your organization requires a Data Processing Addendum (DPA), contact us at privacy@permittracker.com.

11) Your Rights

Depending on your location, you may have rights to access, correct, delete, or obtain a copy of personal information, and to opt out of certain processing where applicable.

To submit a request: privacy@permittracker.com

If you use the Service through a Customer, the Customer may control requests relating to workspace data.

12) Children's Privacy

The Service is not intended for children under 16 (or the minimum age required by local law). We do not knowingly collect information from children.

13) Changes

We may update this Privacy Policy from time to time. If changes are material, we will provide notice. The "Last Updated" date reflects the most recent revision.

14) Contact

PermitTracker
Email: privacy@permittracker.com