Legal
This Privacy Policy describes how 25 Fathoms LLC dba PermitStack (“PermitStack,” “we,” “us,” “our”) collects, uses, and shares information when you visit permitstack.io or use the PermitStack application (the “Service”). It applies to information about visitors to our marketing site, prospects who contact us, and authorized users of the Service. Customer compliance data uploaded into a customer’s tenant base is governed primarily by the customer’s instructions and by our Terms of Use.
We collect information in three categories. First, account information you provide when you sign up, request a demo, or contact support: name, work email, company name, job title, phone number, and the sites or facilities you operate. Second, service usage data generated by your use of the Service: audit log entries, login records, IP address, browser type, pages viewed, features used, and timestamps. Third, customer compliance data that your organization uploads to its tenant base: permits, inspection records, monitoring results, training records, incident reports, and related documents. Compliance data may include the names and credentials of your employees, inspectors, and contractors.
We use account information to provide the Service, authenticate users, send service notifications, respond to support requests, and bill your subscription. We use service usage data to operate, secure, and improve the Service, including diagnosing errors, detecting abuse, and planning capacity. We use customer compliance data only to deliver the Service to your organization. We do not sell any of this information, and we do not use customer compliance data to train external machine-learning models.
Our marketing site uses cookies and similar technologies for basic functionality, traffic analytics, and conversion tracking on contact forms. The PermitStack application uses session cookies required for authentication. We use Google Analytics on the marketing site to understand which pages prospects visit. You can disable non-essential cookies through your browser settings; doing so will not affect your ability to use the Service.
We share information with the third-party subprocessors that operate the Service: Airtable (data layer), Noloco (customer portal), n8n Cloud (workflow automation), AWS S3 (document storage), and Mailgun (transactional email). Customers who purchase the SharePoint Sync add-on authorize PermitStack to send and receive metadata through Microsoft Graph for the specified document libraries. We share information with law enforcement or other authorities only when required by law or to protect rights, property, or safety. We do not sell personal information.
You own all compliance data uploaded to your tenant base. We act as a processor of that data on your behalf and under your instructions. Our handling of that data is governed by our Terms of Use. On termination, we will export your data on request in a portable format within 30 days and delete it from active systems within 90 days; backup copies age out per the underlying subprocessor’s retention policy.
Account information is retained for the life of your subscription plus a reasonable period afterward for billing, dispute resolution, and legal compliance. Service usage data is retained for at least 24 months for security and audit purposes; Operator and Regional tiers retain audit log data indefinitely while the subscription is active. Marketing prospect data is retained for two years from last contact unless you ask us to delete it sooner.
We protect information using reasonable technical and organizational measures including encryption in transit (TLS), encryption at rest where supported by the subprocessor, role-based access controls inside the Service, and segmentation between customer tenant bases. No system is perfectly secure. If we become aware of a breach that affects your information, we will notify you without undue delay and in compliance with applicable law.
Depending on where you live, you may have rights to access, correct, delete, or port the personal information we hold about you, and to object to or restrict certain processing. California residents have rights under the California Consumer Privacy Act, including the right to know what personal information we collect and the right to opt out of any sale of personal information (we do not sell personal information). To exercise any of these rights, contact us using the information at the end of this policy. We will respond within the time required by applicable law.
PermitStack and our primary subprocessors are based in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. Where required, we rely on standard contractual clauses or other approved transfer mechanisms.
The Service is intended for business use by adults. We do not knowingly collect personal information from anyone under the age of 18. If you believe we have collected information from a minor, contact us and we will delete it.
We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated revision date and, where the change affects an active customer, communicated by email at least 30 days in advance. Continued use of the Service after the effective date of a change constitutes acceptance.
If you have questions about this policy or your information, contact us:
25 Fathoms LLC dba PermitStack
Email: privacy@permitstack.io
Website: https://permitstack.io