1. Data Collected
Account data (name, email, phone), usage data (searches, map interactions), payment data via Stripe (we store only subscription status and last 4 digits), municipal permit data from public records, and draft permit data submitted by users.
2. Data Retention
Active account data retained while active. Closed account PII purged within 30 days. Draft Permit PII purged 90 days after archive. Bronze raw records: 12-month rolling window. Webhook delivery logs: 13 months.
3. Data Sharing
We do not sell personal data. Data shared only via: Connection Request approval, CRM webhook delivery, Stripe for payments, Twilio for SMS, Amazon SES for email, and under legal compulsion.
4. Your Rights Under PIPEDA
Access, correction, deletion, and withdrawal of consent. DSAR requests: email privacy@permitbc.ca. Response within 30 calendar days.
5. Security Measures
AES-256 encryption at rest. TLS 1.2+ in transit. MFA for professional accounts. Annual penetration testing. 72-hour breach notification.
6. Cookies
Strictly necessary cookies only. No analytics, marketing, or tracking cookies. No consent banner required.
7. Contact
Privacy: privacy@permitbc.ca | Security: security@permitbc.ca
8. International Data Processing
All data processed and stored in Canada under PIPEDA. EU/EEA/UK users cannot create accounts.