Privacy Policy

PermitPortal, Inc. (“PermitPortal,” “we,” “us,” or “our”) provides a site-selection and permitting intelligence platform for large-scale real estate development (the “Service”). This Privacy Policy applies to information we process through our website and application. It does not apply to third-party websites or services that we do not control.

PermitPortal is a business-to-business product. Most personal information we process belongs to the authorized users of our customers’ accounts rather than to individual consumers.

We collect the following categories of information:

• Account information. When you create an account or sign in, we collect your name, email address, and authentication identifiers. If you sign in with Google, we receive basic profile information from Google in accordance with the permissions you grant.
• Customer content. Project, parcel, jurisdiction, document, schedule, and workspace data that you and your team create or upload while using the Service.
• Usage and device data. Log data, pages viewed, features used, approximate location derived from IP address, browser and device characteristics, and similar telemetry collected through analytics.
• Communications. Information you provide when you contact us, request a demo, or submit a support request.

We do not intentionally collect special categories of personal data, and the Service is not directed to children under 16.

We use personal information to:

• provide, operate, secure, and improve the Service;
• authenticate users and manage access and sessions;
• perform the research, analysis, and document-processing functions you request;
• communicate with you about your account, support requests, and product updates;
• monitor usage, diagnose problems, and protect against fraud and abuse; and
• comply with legal obligations and enforce our agreements.

The Service uses third-party AI and large language model (LLM) providers to perform research, scenario analysis, document parsing, and related workflows. AI processing is performed server-side through our backend.

We do not use customer content to train foundation models, and we use AI providers under terms that prohibit them from training their models on data we submit through their APIs. The current list of AI and infrastructure providers appears in the Sub-Processors section below.

We do not sell personal information. We share information only as described here:

• Sub-processors. Service providers that process data on our behalf under contractual confidentiality and security obligations (see the table below).
• Within your organization. Customer content may be visible to other authorized users in your account or workspace according to the access controls you configure.
• Legal and safety. When required by law, legal process, or to protect the rights, property, or safety of PermitPortal, our users, or others.
• Business transfers. In connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

To operate the Service, we engage a limited number of service providers (sub-processors) that process data on our behalf under contractual confidentiality and security obligations. They fall into the following categories:

• Cloud hosting & infrastructure — application hosting, content delivery, and supporting cloud services.
• Database, authentication & storage — managed database, user authentication, and file storage.
• Background processing — execution of background jobs and data pipelines.
• AI & large language model providers — research, analysis, and document-processing features. We use these providers under terms that prohibit training their models on our data.
• Product analytics — usage telemetry to operate and improve the Service.
• Maps & geospatial — interactive maps and geospatial rendering.
• Authentication / single sign-on — optional federated login.
• Email delivery — transactional and notification email.

A current list of the specific sub-processors we use is available to customers on request at founders@permitportalapp.com.

We retain personal information for as long as your account is active or as needed to provide the Service. Customer content is deleted within ninety (90) days of contract termination once it is no longer needed for a legitimate business or legal purpose, unless a longer retention period is required by law. We will delete or return customer content earlier upon a verified request, subject to our agreements.

We protect personal information using administrative, technical, and organizational safeguards including encryption in transit and at rest, authenticated and role-scoped access, logical data segregation between tenants, logging and monitoring, and a documented incident response process. For more detail, see our Security page. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

We operate primarily in the United States, and information we process may be stored and processed in the United States or other countries where our sub-processors operate. Where required, we rely on appropriate safeguards for cross-border transfers.

Depending on your location, you may have the right to access, correct, delete, or port your personal information, or to object to or restrict certain processing. Because PermitPortal typically acts as a processor on behalf of our customers, we will direct requests about customer content to the relevant customer where appropriate. To exercise a right or ask a question, contact us at the address below.

We may update this Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice.

Questions about this Policy or our privacy practices can be sent to founders@permitportalapp.com, or by mail to:

PermitPortal, Inc.
2261 Market Street, STE 22159
San Francisco, CA 94114, USA