The Permit Pilot

Privacy Policy

Last updated May 31, 2026

This Privacy Policy explains what information The Permit Pilot ("we") collects, how we use it, and your choices.

1. What we collect

  • Account info: email, password hash, name, sign-in metadata.
  • Company profile: company name, contact person, trade type, phone, address, logo.
  • Customer Data you upload: customer names, emails, phone numbers, job addresses, permit documents, contracts, signed PDFs, notes, photos, inspection results.
  • Signatures: PNG images of signatures you draw, plus the timestamp and IP address when you agreed to apply them.
  • Billing: subscription status, plan, payment processor customer ID, last 4 digits of card (stored by our payment processor, not by us).
  • Usage & logs: IP address, browser/user agent, page views, error logs, Co-Pilot prompts and responses, email delivery events.

1a. Detailed data inventory

  • Permits: permit numbers, types, statuses, fees, job addresses, scopes of work, internal notes, timestamps for every status change, override events.
  • Inspections: scheduled dates, inspector names, pass/fail results, reinspection flags, notes, optional photos you upload.
  • Contractor credentials: COI carrier and policy number, license numbers, BTR/registration numbers, expiration dates, scanned PDFs or images.
  • Municipalities: contact names, emails, phones, portal URLs, virtual inspection notes, required documents, average approval days, your private notes.
  • E-signature requests: recipient name and email, document title, status, sent / opened / signed timestamps, signing IP address, signed PDF artifact.
  • Email send log: message IDs, recipients, template names, send/delivery/open/bounce events, unsubscribe state.
  • Smart Alerts: alert type, severity, due date, snooze/resolve history.
  • AI Co-Pilot conversations: messages you send, tool calls executed on your behalf, and tool arguments + results. Stored in copilot_activity for auditing.
  • Security audit log: role grants/revocations, admin overrides, billing changes, plus IP and user agent. Stored in audit_logs.
  • Customer-facing tokens: short-lived signed URLs for sign requests and unsubscribe links.

1b. What we do NOT collect or sell

  • We do not sell, rent, or trade your data or your customers' data.
  • We do not use your data or your Co-Pilot prompts to train third-party AI models.
  • We do not run advertising trackers, ad networks, or behavioral profiling.
  • We do not store full payment card numbers — our payment processor handles all card data.

2. How we use it

  • To provide and operate the Service.
  • To process payments.
  • To send transactional and support emails.
  • To power the AI Co-Pilot.
  • To detect abuse, fix bugs, and improve the Service.
  • To comply with legal obligations.

3. Who we share it with

We share data only with the third-party processors needed to run the Service: payment processors, email delivery providers, cloud hosting and database providers, identity providers (for OAuth sign-in), and AI model providers. We do not sell your data and we do not share it with advertisers. We will disclose data when legally required (e.g. subpoena, court order).

4. AI Co-Pilot

Messages you send to Co-Pilot, plus relevant account context, are sent to third-party large language model providers to generate responses. We do not use your prompts to train any model.

5. Retention

We retain Customer Data while your account is active. After cancellation we retain data for a commercially reasonable period to allow export, then delete it. We may keep aggregated, de-identified data indefinitely. Billing records are kept as required by tax law.

6. Security

Data is encrypted in transit (TLS) and at rest on our hosting provider. Access is gated by per-user row-level security policies. No system is 100% secure; you are responsible for keeping your password safe.

7. Your choices

  • Update your profile and preferences in account settings.
  • Cancel your subscription from the billing page.
  • Request export or deletion by emailing support@thepermitpilot.com.
  • Opt out of marketing emails using the unsubscribe link in each email.

8. Children

The Service is not intended for anyone under 18.

9. Changes

We may update this policy. Material changes will be highlighted in-app. Continued use after changes means you accept them.

10. Contact

Privacy questions? Email support@thepermitpilot.com.

See also: Terms of Service · Service Disclaimer

© 2026 The Permit Pilot