Last Updated: April 15, 2026
Permits Pilot Software ("we," "our," or "us"), doing business as PermitsPilot, is committed to data privacy and transparency. This Privacy Policy describes how we collect, use, and share your personal information when you use our Service. We comply with applicable privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and relevant U.S. state privacy laws. This Privacy Policy forms part of, and is incorporated into, our Terms of Service.
PermitsPilot is not intended to serve as a system of record for regulatory compliance. You are responsible for maintaining independent records of your compliance obligations.
We collect account data (name, email, phone), billing information (billing address and payment metadata), and permit data (documents, names, issuing authorities, expiration dates) that you provide directly.
If you choose to sign up or log in via Google SSO, we collect your name, email address, and profile picture from Google as permitted by your Google account settings.
When you upload documents for AI extraction, we process the contents of those documents. We do not use your permit documents to train public AI models. You represent that you have the legal right to upload and process any personal data included in your permit documents.
We collect IP addresses, browser types, device identifiers, and usage patterns for security, bot detection, and audit logging purposes.
We process personal data based on:
We use Google Gemini AI to extract structured data from your permit documents. Your documents are sent to Google for transient processing. AI processing may occur on infrastructure located outside Canada, including the United States. Data submitted for AI processing is handled in accordance with our agreements with service providers and is not used to train public foundation models.
AI DATA PROTECTION:
We utilize enterprise-tier AI APIs. Under our current configuration, Google does not use data submitted via these APIs to train their global foundation models.
We use the following third-party sub-processors to provide the Service. These sub-processors act as data processors and are contractually obligated to process personal data only on our instructions.
| Entity | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud Hosting, Storage & Marketing Email (SES) | US/Canada |
| Stripe, Inc. | Payment Processing | Global |
| Twilio, Inc. | SMS Notifications | US |
| Google Cloud (Gemini & SSO) | AI Data Extraction & Authentication | US |
| Cloudflare, Inc. (Turnstile) | Bot Detection & Security | Global |
| Plausible Analytics | Privacy-first Analytics | EU |
Note on Third-Party Integrations: If you voluntarily enable integrations (e.g., Slack, Microsoft Teams, WhatsApp), you are directing us to share specific permit notification data with those providers. Those services are governed by their own respective privacy policies.
Active Accounts: We retain your data as long as your account is active.
Cancellation & Termination: Following account cancellation or termination, we will retain your User Content for a grace period of ninety (90) days. After this period, we will delete your User Content, except where retention is required for legal, regulatory, or legitimate business purposes.
Backups: Residual data may exist in encrypted backups for up to an
additional 30 days.
We use commercially reasonable efforts to secure your data and implement industry-standard security controls, including:
While we implement industry-standard safeguards, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
Depending on your location, you have the right to:
To exercise these rights, contact privacy@permitspilot.com.
PermitsPilot is based in Canada. However, we use sub-processors located in the United States (e.g., AWS, Google, Twilio, Cloudflare) to provide the Service. By using the Service, you acknowledge that your personal information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.
With your consent, we may send you occasional marketing emails about new features or industry news. We use tracking technologies (such as web beacons/pixels) to monitor delivery, open rates, and click-through rates to improve our communications. You may opt-out of these communications at any time by:
Please note: You cannot opt-out of system-related emails (e.g., password resets, billing receipts, or permit expiration alerts) while your account is active.
Our Service is intended for business use and is not directed at children. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that a child has provided us with personal information, we will take steps to delete such information immediately.
We use essential cookies for session management and security. We also use Cloudflare Turnstile, which may collect telemetry data (such as browser fingerprinting and environment data) to distinguish humans from bots. This is a privacy-preserving alternative to traditional CAPTCHAs and does not track you for advertising purposes. We do not currently respond to "Do Not Track" browser signals. We do not use analytics data for behavioral advertising or cross-site tracking.
In the event of a security breach involving personal data, we will notify affected users via email without undue delay and in accordance with applicable law.
We may update this Privacy Policy from time to time. We will notify users of material changes via email or through the Service.
Privacy Officer: privacy@permitspilot.com
Legal Address: PO Box 37006, Winnipeg, MB R2M 5R3, Canada
Press ? anytime to see these shortcuts