PermiTrak Logo

Privacy Policy

PermiTrak Construction Permit Management Platform

Effective Date: January 1, 2024

Last Updated: January 1, 2024

This Privacy Policy describes how PermiTrak ("we," "our," or "us") collects, uses, and protects your personal information when you use our construction permit management platform and services.

Table of Contents

1Introduction

PermiTrak is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered construction permit management platform, including our website, mobile applications, and related services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this policy. We are committed to compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant data protection regulations.

2Information We Collect

2.1 Information You Provide Directly

Account Information:

  • • Name, email address, phone number, company name
  • • Professional credentials and certifications
  • • Job title, timezone, and role (Admin, PM, Client, Team)
  • • Billing and payment information
  • • User preferences, notification settings, and account settings
  • • Authentication credentials (hashed passwords, JWT tokens)

Project and Permit Data:

  • • Construction project details, specifications, and timelines
  • • Permit applications, permit numbers, and permit status
  • • Property information, addresses, and geographic coordinates
  • • Contractor, client, and project manager information
  • • Communication logs, notes, and project comments
  • • Task assignments, task status, and task progress
  • • Jurisdiction information and API integration data
  • • Feasibility analysis results and AI-generated insights

Support and Communication:

  • • Customer support inquiries and correspondence
  • • Feedback, surveys, and testimonials
  • • Training and webinar participation records
  • • Chat messages, mentions, and reactions within projects
  • • Team invitations and collaboration data

File and Document Data:

  • • Uploaded documents, drawings, specifications, and certificates
  • • File metadata (name, size, type, upload date)
  • • Document tags, categories, and organization data
  • • File access logs and sharing permissions

2.2 Information Collected Automatically

Technical Information:

  • • IP address, browser type, and device information
  • • Operating system and version
  • • Pages viewed and time spent on our platform
  • • Clickstream data and navigation patterns
  • • Log files and error reports

Usage Analytics:

  • • Feature usage patterns and frequency
  • • Performance metrics and load times
  • • Search queries and filter preferences
  • • Integration usage with third-party services
  • • Activity logs and user action tracking
  • • Session duration and platform engagement metrics

2.4 Email Integration Data

When you connect your email accounts (Gmail, Outlook, or IMAP) to our platform, we collect and process:

  • OAuth Tokens: Access and refresh tokens for email account authentication
  • Email Content: Subject lines, body text, and email metadata from permit-related emails
  • Email Attachments: Documents and files attached to permit-related emails
  • Email Addresses: Sender and recipient email addresses from permit communications
  • Unique Email Addresses: Generated unique email addresses for permit forwarding (e.g., permit-12345@permittrak.com)
  • Email Threading: Email conversation threads linked to specific permits
  • Forwarded Emails: Content of emails forwarded to permit-specific addresses via SendGrid

Note: We only access emails that are permit-related or forwarded to our unique permit email addresses. We do not access your entire email inbox. You can revoke email access at any time through your account settings.

2.5 AI Processing Data

Our platform uses AI services (OpenAI) to process and analyze your data for the following purposes:

  • Document Analysis: Text extraction and analysis from PDFs, images, and documents
  • Email Content Analysis: Parsing permit information from email content
  • Feasibility Analysis: Zoning compliance checks and permit requirement generation
  • Task Generation: AI-generated task breakdowns from project descriptions
  • Data Extraction: Extracting permit numbers, dates, addresses, and other structured data
  • Content Classification: Categorizing documents and emails by type and relevance

AI Data Processing: When you use AI features, your content (documents, emails, project data) is sent to OpenAI for processing. OpenAI processes this data according to their privacy policy and terms of service. We do not use your data to train OpenAI's general models. You can opt out of AI processing features in your account settings.

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Municipal and Government APIs: Permit status, requirements, and regulatory data from 200+ jurisdiction APIs
  • Email Service Providers: Gmail, Outlook, and IMAP services for email integration
  • SendGrid: Email delivery and inbound email processing via webhooks
  • Map Services: Mapbox and Google Maps for address geocoding and map visualization
  • File Storage: Vercel Blob Storage for document and file storage
  • AI Services: OpenAI for document analysis and AI-powered features
  • Business Partners: Referral sources and integration partners
  • Data Enhancement Services: Business verification and data enrichment services

3How We Use Your Information

We use the information we collect for the following purposes:

Service Provision and Management

  • • Provide and maintain our permit management platform
  • • Process permit applications and track status updates via jurisdiction APIs
  • • Enable AI-powered document parsing, analysis, and feasibility assessments
  • • Facilitate communication with government agencies and jurisdictions
  • • Manage user accounts, authentication, and role-based access control
  • • Process and store email communications related to permits
  • • Generate unique email addresses for permit forwarding
  • • Provide team collaboration tools, chat, and messaging features
  • • Store and manage documents, files, and attachments

Communication and Support

  • • Send service-related notifications via email, in-app, and SMS (when enabled)
  • • Provide customer support and technical assistance
  • • Respond to inquiries and requests
  • • Send important security and policy updates
  • • Deliver deadline reminders and permit status change notifications
  • • Send team invitations and collaboration notifications
  • • Process and deliver emails via connected email accounts

Platform Improvement and Analytics

  • • Analyze usage patterns and improve our services
  • • Develop new features and functionality
  • • Conduct research and statistical analysis
  • • Monitor and ensure platform security

Legal and Compliance

  • • Comply with legal obligations and regulations
  • • Protect against fraud and security threats
  • • Enforce our Terms of Service
  • • Resolve disputes and legal issues

4Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:

Government Agencies and Jurisdictions

We share permit-related information with relevant municipal and government agencies as necessary to process your permit applications and maintain compliance with local regulations.

Service Providers and Business Partners

We may share information with trusted third-party service providers who assist us in operating our platform, conducting business, or providing services to you, provided they agree to maintain confidentiality. These include:

  • Cloud Infrastructure: Hosting and data storage providers (Vercel, MongoDB Atlas)
  • Email Services: SendGrid for email delivery, Gmail/Outlook APIs for email integration
  • AI Services: OpenAI for document analysis and AI-powered features
  • Mapping Services: Mapbox and Google Maps for geocoding and map features
  • File Storage: Vercel Blob Storage for document and file storage
  • Analytics: Usage analytics and performance monitoring services
  • Payment Processors: Payment processing services (when applicable)

Legal Requirements

We may disclose information when required by law, regulation, legal process, or government request, or when we believe disclosure is necessary to protect our rights, property, or safety, or that of others.

Business Transfers

In the event of a merger, acquisition, or sale of business assets, user information may be transferred as part of the transaction, subject to the same privacy protections.

Consent

We may share information when you have given explicit consent for specific purposes not covered by this policy.

4.1Third-Party Service Providers

Our platform integrates with the following third-party services. Each service has its own privacy policy that governs how they handle your data:

OpenAI

We use OpenAI's API for AI-powered document analysis, email parsing, and feasibility analysis. Your content is processed according to OpenAI's privacy policy. We do not use your data to train OpenAI's general models.

View OpenAI Privacy Policy →

SendGrid (Twilio)

We use SendGrid for email delivery and processing inbound emails via webhooks. Email content is processed according to SendGrid's privacy policy.

View SendGrid Privacy Policy →

Google (Gmail API)

When you connect your Gmail account, we use Google's Gmail API to access permit-related emails. This is governed by Google's privacy policy and OAuth consent.

View Google Privacy Policy →

Vercel Blob Storage

We use Vercel Blob Storage for secure file and document storage. Files are stored according to Vercel's security and privacy standards.

View Vercel Privacy Policy →

Mapbox / Google Maps

We use mapping services for address geocoding and map visualization. Address data may be processed by these services according to their privacy policies.

5Data Security

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security program includes both technical and organizational safeguards:

5.1 Technical Safeguards

  • Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
  • Access Controls: Multi-factor authentication and role-based access controls
  • Network Security: Firewalls, intrusion detection systems, and network monitoring
  • Regular Security Audits: Penetration testing and vulnerability assessments
  • Secure Infrastructure: SOC 2 Type II compliant cloud infrastructure
  • Data Backup: Regular automated backups with secure storage

5.2 Organizational Safeguards

  • Employee Training: Regular privacy and security awareness training
  • Access Management: Principle of least privilege and regular access reviews
  • Incident Response: Documented procedures for security incident handling
  • Vendor Management: Due diligence and contractual security requirements
  • Compliance Monitoring: Regular compliance assessments and audits

Important: While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security but are committed to protecting your information using reasonable and appropriate measures.

6Your Privacy Rights

Depending on your location and applicable laws, you may have the following rights regarding your personal information:

AAccess and Portability

Request access to your personal information and receive a copy in a structured, machine-readable format.

CCorrection and Update

Request correction of inaccurate or incomplete personal information we hold about you.

DDeletion

Request deletion of your personal information, subject to legal and contractual obligations.

RRestriction and Objection

Request restriction of processing or object to certain uses of your personal information.

WWithdrawal of Consent

Withdraw your consent for processing where our processing is based on consent.

How to Exercise Your Rights

To exercise any of these rights, please contact our Privacy Officer at:

Email: privacy@permittrak.comPhone: 1-800-PERMITS (1-800-737-6487)Mail: PermiTrak Privacy Officer, [ADDRESS]

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

7Data Retention

We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our retention periods vary based on the type of information:

Account Information:

Retained for the duration of your account plus 7 years after account closure for legal and tax purposes.

Permit and Project Data:

Retained for the duration of your account plus up to 10 years to support ongoing projects and legal requirements.

Usage and Analytics Data:

Typically retained for 2-3 years or until no longer needed for business purposes.

Communication Records:

Retained for 3-7 years depending on the nature of the communication and legal requirements.

Note: In some cases, we may retain information for longer periods when required by law, regulation, or to protect our legal interests. We regularly review our retention practices and securely delete information when it is no longer needed.

8International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. When we transfer your personal information internationally, we implement appropriate safeguards to protect your information:

Adequacy Decisions

We transfer data to countries that have been deemed to provide adequate protection by relevant authorities.

Standard Contractual Clauses

We use European Commission-approved Standard Contractual Clauses for transfers to countries without adequacy decisions.

Certification Programs

Our service providers participate in recognized certification programs such as the Privacy Shield framework (where applicable).

For more information about our international transfer safeguards or to obtain copies of relevant documents, please contact our Privacy Officer using the contact information provided in this policy.

9Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform:

Essential Cookies

Required for the platform to function properly, including authentication tokens (JWT), session management, and security features.

Functional Cookies

Remember your preferences, settings, and role selections to personalize your experience.

Analytics Cookies

Help us understand how you use our platform to improve performance and user experience.

Cookie Management: You can control cookies through your browser settings. However, disabling essential cookies may limit platform functionality. We use HTTP-only cookies for authentication tokens to enhance security.

9Children's Privacy

Age Restriction

Our Services are not intended for children under the age of 18. We do not knowingly collect, use, or share personal information from children under 18 years of age.

If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information as soon as possible. If you believe that we may have collected information from a child under 18, please contact us immediately using the contact information provided in this policy.

Parents and guardians are encouraged to monitor their children's internet usage and to help enforce this policy by instructing their children never to provide personal information through our Services without permission.

10Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

Update the "Last Updated" date at the top of this policy

Notify you through our Services or by email for material changes

Provide a summary of key changes when significant modifications are made

Your Continued Use: Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with the changes, you should discontinue use of our Services and may request deletion of your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

11Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us using the information below:

Privacy Officer

Phone

1-800-PERMITS (1-800-737-6487)

Postal Address

PermiTrak Privacy Officer

[COMPANY ADDRESS]

[CITY, STATE ZIP]

United States

Data Protection Authority

If you are located in the European Union, you have the right to lodge a complaint with your local data protection authority if you believe your privacy rights have been violated.

Response Time: We will acknowledge receipt of your inquiry within 2 business days and provide a substantive response within 30 days (or as required by applicable law). For urgent security or privacy concerns, please call us directly.

PermiTrak

Committed to protecting your privacy and securing your data.

This Privacy Policy was last updated on January 1, 2024