PermitWatchdog
← Home

Privacy Policy

Last updated: May 2026

PermitWatchdog ("we," "us") is committed to keeping your data safe and using it only to deliver the Service. This policy explains what we collect, how we use it, who we share it with, and how to exercise your privacy rights.

1. What we collect

Account data: email address, hashed password (we never see your plaintext password), business name, your name, phone, business address.

Permit data you provide: permits you mark as held (with expiry dates and permit numbers), documents you upload, GPS pins you set on your venues.

Payment data: we never see your full card number — Stripe handles payment collection. We see your subscription plan, billing status, and the last 4 digits of your card from Stripe.

Usage data: when you log in, which pages you visit, error logs. Used to keep the service running and debug issues.

What we DON'T collect: your EIN, driver's license number, Social Security number, full credit card details, or any government identifier. The pre-filler PDF tool asks for these, but we deliberately leave those fields blank for you to fill by hand — they're never transmitted to our servers.

2. How we use it

We use your data to: (a) provide the Service (compute which permits you need, send renewal reminders, generate pre-fills); (b) bill you for paid plans; (c) communicate with you about your account, including welcome emails and reset links; (d) debug bugs you encounter; (e) enforce our Terms of Service.

We don't use your data to train AI models, sell ad targeting, or share with third parties for marketing purposes. Period.

3. Who we share it with

Only these subprocessors, and only as needed to run the Service:

  • Stripe — payment processing. Privacy policy
  • Resend — transactional email delivery. Privacy policy
  • Google — only if you sign in with Google OAuth, we receive your email + display name + Google account ID. Privacy policy
  • DigitalOcean — server infrastructure (the box your data lives on). Privacy policy

All subprocessors are bound by data-processing agreements that prohibit using your data for any purpose other than serving you.

We may also share data when legally compelled by a court order, subpoena, or government request, but only to the minimum extent required.

4. Where it lives & how we protect it

Your data is stored on servers physically located in the United States. All network transmissions are encrypted via HTTPS / TLS. Database access is restricted to a single authenticated service account. Backups are encrypted at rest and retained for 30 days.

We do not transfer your data outside the United States.

5. How long we keep it

Account data lives as long as your account does. After you delete your account we keep it for 30 more days (in case of accidental deletion or fraud disputes), then permanently delete. Email log records may be kept for 90 days for deliverability debugging. Stripe payment records are kept per Stripe's policy (typically 7 years for tax compliance).

6. Your rights

Regardless of where you live, you can:

  • Access — ask us for a copy of all the data we have about you
  • Correct — tell us about errors and we'll fix them
  • Delete — delete your account from Settings; this permanently removes your data after the 30-day grace period
  • Export — we'll provide a JSON or CSV export on request
  • Opt out of email — transactional emails (renewal reminders, password resets, billing notices) are required for the Service to work; if you don't want them, you'll need to delete your account

California residents have additional rights under the CCPA (right to know, right to delete, right to non-discrimination). EU/UK residents have rights under GDPR (right of access, rectification, erasure, restriction, portability, objection). Email hello@permitwatchdog.io to exercise any of them — we'll respond within 30 days.

7. Cookies

We use a single signed session cookie (pw_session) to keep you logged in, and a transient OAuth state cookie (pw_oauth_state) when you sign in with Google. Both are HttpOnly + Secure. We don't use cookies for advertising, analytics, or cross-site tracking.

8. Children

The Service isn't directed at anyone under 18. We don't knowingly collect data from minors. If we learn we have such data, we'll delete it.

9. Changes

We may update this policy occasionally. Material changes will be announced via email at least 14 days before they take effect.

10. Contact

Privacy questions or requests: hello@permitwatchdog.io

PermitWatchdog · A Texas-based small-business compliance tool.