Privacy Policy
Last updated: June 10, 2026
1. Who we are
PermitMiner LLC ("PermitMiner," "we," "our," or "us") is a limited liability company organized under the laws of the State of Utah, with its principal place of business in St. George, Utah. We operate a subscription software-as-a-service platform that aggregates publicly available Utah building-permit data, enriches it with contractor, engineer, and owner information from public records and public business sources, and delivers lead reports to our subscribers. We may also facilitate outreach email automation sent from a subscriber's own connected Gmail account.
This Privacy Policy describes how we collect, use, disclose, and protect information about you when you access or use our website and service (collectively, the "Service"). By using the Service, you agree to the practices described in this policy.
2. Information we collect
2a. Account information
When you create an account, we collect your name, email address, and a password (stored in hashed form). If you sign in through Google OAuth, we receive your name, email address, and profile picture from Google in lieu of a password.
2b. Payment information
Billing and payment processing is handled entirely by Stripe, our third-party payment processor. When you subscribe, Stripe collects and stores your payment card details directly. We do not receive or store your full card number, CVV, or other sensitive payment credentials. We retain only non-sensitive billing metadata that Stripe provides to us, such as the last four digits of your card, card brand, billing zip code, and subscription status.
2c. Gmail authorization tokens
If you choose to connect your Gmail account on the Outreach plan, we request OAuth authorization from Google for the narrow purpose of sending outreach emails on your behalf through the Gmail API. We store the OAuth access token and refresh token necessary to send email through your account. We use these tokens only to send the outreach emails you authorize through the Service. We do not read, index, store, or analyze the content of your Gmail inbox, drafts, sent mail, or any other mailbox data beyond what is strictly necessary to log send status and detect bounces on messages we send on your behalf. You can revoke this authorization at any time from your Google account settings or from within the Service, at which point we will stop sending and delete your stored tokens.
2d. Usage and analytics data
We collect information about how you interact with the Service, including pages visited, features used, search filters applied, reports generated, and session duration. We use this data to improve the Service, diagnose technical problems, and understand usage patterns. We may use cookies, local storage, and similar technologies for this purpose, as described in Section 6.
2e. Communications
If you contact us by email or through a support channel, we retain the content of that correspondence and any information you choose to include.
3. What we do not collect from you
The permit records, contractor information, engineer details, owner information, and business contact email addresses that appear in your lead reports are sourced from publicly available government permit records and publicly available business information. This data is not derived from or attributable to any individual subscriber's personal information. We do not collect or use your personal data to construct lead records. Permit and contact data is a product output based on public sources, not a processing of your personal information.
4. How we use your information
We use the information we collect to:
- Create and manage your account and authenticate you.
- Process your subscription, collect payment through Stripe, and send billing-related communications.
- Deliver the Service, including generating and delivering lead reports.
- Send outreach emails through your connected Gmail account where you have authorized us to do so.
- Send you transactional emails such as account confirmations, password resets, receipt notices, and service notifications through Resend.
- Monitor and improve the performance, security, and features of the Service.
- Respond to your support requests and communications.
- Comply with applicable law, enforce our Terms of Service, and protect the rights and safety of PermitMiner and its users.
We do not sell your personal information to third parties. We do not use your personal information for behavioral advertising networks.
5. Third-party subprocessors
We share your information with the following categories of third-party service providers (subprocessors) that help us deliver the Service. Each is bound by its own privacy and security obligations.
| Provider | Purpose |
|---|---|
| Supabase | Database hosting and user authentication. Stores account records, session data, and application data. |
| Stripe | Payment processing and subscription billing. Stores and processes payment card data directly; we do not receive full card numbers. |
| Vercel | Web application hosting and content delivery. Request logs and edge network telemetry may pass through Vercel infrastructure. |
| Resend | Transactional email delivery for account confirmations, receipts, and service notifications. Your email address is passed to Resend for delivery purposes. |
| Google OAuth for sign-in authentication and, if you elect the Outreach feature, the Gmail API for sending outreach emails from your account on your behalf. |
We do not share your personal information with any other third parties except as required by law, in connection with the protection of our legal rights, or in connection with a merger, acquisition, or sale of assets (in which case you would be notified).
6. Cookies and tracking technologies
We use cookies and similar browser storage technologies for the following purposes:
- Authentication cookies to keep you logged in across sessions (provided by Supabase).
- Session and preferences storage to remember your filter settings and account preferences.
- Analytics to understand how users navigate the Service so we can improve it.
You can instruct your browser to refuse cookies or alert you when cookies are being sent. If you disable cookies, some features of the Service may not function correctly, including the ability to stay logged in.
7. Data retention
We retain your account information for as long as your account remains active. If you cancel your subscription and request deletion, we will delete or anonymize your personal account data within 30 days, subject to any retention obligations imposed by law (for example, we may retain billing records for the period required by applicable tax law). Lead report data and permit records sourced from public sources are not personal data and may be retained independently of your account.
8. Security
We implement industry-standard technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These include encrypted data transmission (TLS), encrypted storage of sensitive tokens, access controls, and use of established subprocessors with their own security programs. No method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security. In the event of a data breach that is required to be disclosed under applicable law, we will notify affected users as required.
9. Your rights
Depending on where you reside, you may have the following rights with respect to your personal information:
- Access: you may request a copy of the personal information we hold about you.
- Correction: you may request that we correct inaccurate or incomplete personal information.
- Deletion: you may request that we delete your personal information, subject to certain legal exceptions.
- Portability: you may request that we provide your personal information in a structured, machine-readable format.
- Opt-out of sale: we do not sell personal information, so this right does not apply. If our practices change, we will update this policy and provide an opt-out mechanism.
California residents and residents of other states with applicable consumer privacy laws (including the CCPA/CPRA and equivalent state statutes) have the rights described above. To exercise any of these rights, contact us at privacy@permitminer.com. We will respond within the timeframe required by applicable law (generally 45 days, with a possible extension).
We will not discriminate against you for exercising any privacy rights afforded to you by law.
10. Children
The Service is not directed to children under the age of 18 and we do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete it promptly. If you believe a child under 18 has provided us with personal information, please contact us at privacy@permitminer.com.
11. Geographic scope
The Service is operated from the United States and is intended primarily for users located in the United States. If you access the Service from outside the United States, be aware that your information will be transferred to and processed in the United States, where privacy laws may differ from those in your jurisdiction. By using the Service, you consent to this transfer.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will provide additional notice, such as an in-app notification or an email to the address on your account. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.
13. Contact us
If you have questions, concerns, or requests regarding this Privacy Policy or the way we handle your information, please contact us at:
PermitMiner LLC
St. George, Utah, USA
Email: privacy@permitminer.com