Privacy Policy

PermitPrime helps short-term rental owners prepare and submit license applications. To do that, we collect personal and property information from you, and we communicate with local government clerks on your behalf when you ask us to.

This page explains, in plain English, what we collect, why we collect it, who sees it, and how to make us stop.

From you, when you sign up and use the product:

• Your name and email address (used to create your account and to identify you to local clerks).
• Property details: address, city, state, zip, ownership notes.
• Application documents: government IDs, ownership proof, sales tax licenses, fire inspection reports, notarized affidavits, floor plans — whatever your jurisdiction requires.
• Payment information processed by Stripe (we do not store full card numbers; Stripe handles that).
• If you connect Gmail: an OAuth refresh token that lets us send emails on your behalf. We never read your inbox.

From the web, automatically:

• Standard server logs (IP address, user agent, request path) kept for 30 days for debugging and abuse prevention.
• We do not currently use third-party analytics or advertising trackers.

• To prepare your application packet.
• To email packets to your local clerk on your behalf via your Gmail account, if you've connected it.
• To notify you about clerk replies, rule changes for your jurisdiction, and renewals.
• To process payment for our service fee.
• To debug and improve the product.

We do not sell your information. We do not share it with advertisers. We do not use it to train AI models.

• Local government clerks: when you click "Send to clerk", your application packet goes to the email address published by your jurisdiction. This is the explicit purpose of the product.
• Subprocessors we rely on to operate:
  • Vercel (hosting, file storage)
  • Neon (Postgres database)
  • Clerk (authentication)
  • Stripe (payments)
  • Google (Gmail send-on-behalf, when you connect it)
  • Anthropic (AI rule-change summaries; document content is redacted of personal identifiers before being sent)
  • DocuSign (when you use remote online notarization)

• TLS in transit; AES-256 at rest (Neon + Vercel Blob).
• Documents stored in private Vercel Blob storage, accessible only via authenticated requests through this app.
• OAuth tokens stored server-side and never exposed to your browser.
• Sensitive numbers (SSN-like patterns, bank account numbers) are redacted before any AI processing.

• Application records and supporting documents: kept for 7 years to match state recordkeeping laws.
• Inactive accounts (no logins for 24 consecutive months) are purged.
• Server logs: 30 days.

You can, at any time:

• Disconnect Gmail: myaccount.google.com → Security → Third-party access → revoke PermitPrime.
• Delete a property or application from within the app.
• Request full account deletion or data export by emailing privacy@permitprime.com. We respond within 30 days.
• California residents: you have the rights described under the CCPA. Same email above.

We'll update the "Last updated" date at the top whenever this policy changes materially. If a change reduces your rights, we email account holders before it takes effect.

Questions: privacy@permitprime.com.