Privacy Policy

1. Introduction

PermitZap ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at permitzap.co and associated subdomains (the "Service").

Important: PermitZap is designed for and available only to users based in the United States. Our Service provides analysis of NYC Department of Buildings permit data and is not intended for international use. We do not comply with GDPR or other international data protection regulations.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password, company name (optional), and role/title (optional)
• Profile Information: Any additional information you choose to add to your profile
• Payment Information: Billing details processed securely through Stripe (we do not store full credit card numbers)
• Communications: Messages sent through our team messaging feature, support inquiries, and feedback
• Custom Data: Alerts you create, documents you generate, searches you perform, and filters you apply

2.2 Information Collected Automatically

We use a proprietary analytics system to understand how users interact with our Service. This system tracks and stores:

• Usage Data: Pages viewed, features used, buttons clicked, and time spent on different sections
• Search Activity: Search queries, filters applied, sort preferences, and search results
• Data Interactions: Permits viewed, exports performed, documents created, and alerts configured
• Session Information: Session ID, session duration, and frequency of visits
• Device Information: IP address, browser type, operating system, device type (mobile/tablet/desktop), and user agent string
• Technical Data: Error logs, performance metrics, and API response times

This analytics data is stored in our database and used exclusively to improve the Service, fix bugs, understand feature usage, and enhance user experience. We do not sell or share this data with third parties for advertising purposes.

2.3 Third-Party Analytics

We also use Vercel Analytics for basic web analytics, including page views and performance monitoring. Vercel Analytics is privacy-focused and does not use cookies or collect personal information.

3. How We Use Your Information

We use the information we collect to:

• Provide and maintain the Service: Process your searches, deliver alerts, generate documents, and enable collaboration features
• Process transactions: Handle subscription payments and billing through Stripe
• Authenticate and secure your account: Verify your identity using Clerk authentication services
• Communicate with you: Send transactional emails (account notifications, team invitations, subscription updates), marketing emails (product updates, feature announcements, tips), and respond to support inquiries
• Improve the Service: Analyze usage patterns, identify bugs, optimize performance, and develop new features
• Product development: Understand which features are most valuable, identify user pain points, and prioritize development roadmap
• Enhance AI features: Improve alert matching accuracy and document generation quality using Anthropic and OpenAI AI models
• Prevent fraud and abuse: Monitor for suspicious activity and enforce our Terms of Service

4. Marketing Communications

By creating an account, you agree to receive marketing emails from PermitZap. These emails may include:

• Product updates and new feature announcements
• Tips and best practices for using the Service
• Special offers and promotions
• Surveys and feedback requests to help us improve the Service

You can unsubscribe from marketing emails at any time by clicking the "Unsubscribe" link at the bottom of any marketing email or by adjusting your email preferences in your account settings. Note that you will still receive transactional emails (such as subscription receipts and security alerts) even if you unsubscribe from marketing communications.

5. Third-Party Services

We use the following third-party services to operate PermitZap:

6. Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your information in the following circumstances:

• Within Your Organization: If you're part of an organization workspace, other members can see your name, email, messages, and shared documents
• Service Providers: With third-party vendors listed above who help us operate the Service
• Legal Requirements: If required by law, court order, or government regulation
• Business Transfers: In connection with a merger, acquisition, or sale of assets (users will be notified)
• With Your Consent: When you explicitly agree to share your information

7. Data Security

We implement industry-standard security measures to protect your data, including:

• HTTPS encryption for all data in transit
• Encrypted database storage
• Secure authentication through Clerk
• Regular security audits and updates
• Access controls and role-based permissions

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

• Account Data: Retained until you delete your account
• Analytics Data: Stored indefinitely for product improvement purposes
• Billing Records: Retained for 7 years for tax and accounting purposes
• Communications: Retained as long as relevant for support or legal purposes

If you delete your account, we will delete or anonymize your personal information within 90 days, except where we're required to retain it for legal or regulatory purposes.

9. Your Rights and Choices

You have the following rights regarding your information:

• Access: View and download your personal data from your account settings
• Correction: Update your profile information at any time
• Deletion: Request deletion of your account and associated data by contacting support
• Marketing Opt-Out: Unsubscribe from marketing emails via the unsubscribe link or account settings
• Data Portability: Export your alerts, documents, and search history

To exercise any of these rights, contact us at privacy@permitzap.co

10. Children's Privacy

PermitZap is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately so we can delete it.

11. International Users

PermitZap is available only to users in the United States. Our Service is designed for analyzing NYC Department of Buildings permit data and is not intended for international use. We do not comply with GDPR, PIPEDA, or other international data protection regulations. If you are located outside the United States, you may not use the Service.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your login session
• Remember your preferences (theme, filters, sort order)
• Track anonymous analytics via Vercel Analytics
• Store session IDs for our internal analytics system

Most browsers allow you to refuse cookies, but this may limit your ability to use the Service. Session storage is used to maintain continuity across page views and is essential for the Service to function properly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page
• Updating the "Last Updated" date at the top
• Sending an email notification for significant changes

Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: