PastPermitPrivacy Policy

Privacy Policy

Last updated: April 2026

Summary

We collect the minimum data needed to deliver the report you purchased — your email address, the address you searched, and payment information processed by Stripe. We do not sell your personal data. We use trusted third-party services (Stripe, Supabase, Resend, Vercel, Railway, Browserbase) to operate the product; those services are described below.

1. Information We Collect

Email address. You provide this at checkout through Stripe, or directly when requesting an emailed copy of your report. We use it to deliver the report, respond to support requests, and re-send the report within the 30-day regeneration window.

Search address. The property address you enter is stored alongside your report so we can regenerate, re-send, or support it. We do not treat the search address itself as sensitive personal data — it identifies a property on the public record, not you — but we handle it under the same protections as your other data.

Payment information. Card and billing details are collected and stored by Stripe, our payment processor. PastPermit does not receive or store your full card number. We receive a limited record of the transaction (amount, last four digits, Stripe session and customer IDs) for accounting and support purposes.

Technical data. Our hosting providers log standard request metadata (IP address, browser User-Agent, request timestamps) for security and debugging. We do not currently use third-party advertising or behavioral-tracking cookies. Stripe sets cookies during checkout to process your payment securely. We do not use any other cookies for analytics, advertising, or tracking.

2. How We Use Your Information

We use your information to:

  • generate, deliver, and re-send the report you purchased;
  • send receipts and other service-related communications;
  • respond to support inquiries;
  • operate, maintain, secure, and improve the Service, including diagnosing problems and preventing abuse;
  • comply with legal obligations.

We do not use your email to send marketing or promotional material. We do not sell or rent your personal data to anyone.

3. Third-Party Services

PastPermit is built on a small number of trusted third-party services. Each of these providers has its own privacy policy governing how it handles data we share with it.

  • Stripe — payment processing. Receives your payment information directly; we receive only a limited transaction record.
  • Supabase — hosted database. Stores your report data, email address, and Stripe transaction ID.
  • Resend — email delivery. Receives your email address and the report PDF when you request an emailed copy.
  • Vercel — web application hosting. Sees request-level metadata (IP address, User-Agent) for logging and anti-abuse.
  • Railway — hosting for our data-retrieval service. Sees the property address as part of each retrieval.
  • Browserbase — headless-browser infrastructure used to retrieve data from public-records sources. Processes the search address and public records it retrieves; does not receive your email or payment information.

We share only what each provider needs to perform its role, and only for the purposes described above. We do not share your data with advertisers, data brokers, or marketing companies.

4. Data Retention

We retain your report data and associated email address for as long as needed to provide access to reports you've purchased and to respond to related support inquiries. You can request deletion at any time via Section 6.

Stripe retains payment records in accordance with its own policies and applicable tax, accounting, and anti-fraud law. We have no ability to delete records from Stripe's systems beyond what Stripe permits.

5. Security

We use TLS encryption in transit, access controls on our database, and service-role credentials that are never exposed to browsers. While no system is perfectly secure, we work to protect your data using industry-standard practices. If we become aware of a breach affecting your information, we will notify you as required by applicable law.

6. Your Rights

Subject to applicable law and our legal obligations, you can:

  • request a copy of the personal data we hold about you;
  • request correction of inaccurate personal data;
  • request deletion of your personal data (note that we may be required to retain certain records for tax, accounting, or fraud-prevention purposes);
  • object to or restrict certain uses of your personal data.

To exercise any of these rights, email support@pastpermit.com from the address on file with us. We will respond within 30 days. Please include the property address you searched and the nature of your request so we can locate your records efficiently.

7. California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the following additional rights:

  • Right to know the categories and specific pieces of personal information we have collected, the sources, the purposes of collection, and any third parties we have disclosed it to.
  • Right to delete personal information we have collected from you, subject to legal exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing. PastPermit does not sell your personal information and does not share it for cross-context behavioral advertising. You do not need to opt out because we do not engage in these practices.
  • Right to non-discrimination — we will not deny service, charge different prices, or provide a different level of service because you exercised any of these rights.

To exercise any of these rights, email support@pastpermit.com. We will verify your identity using the email address on file with us before responding.

8. Cookies and Tracking

We use a small number of strictly-necessary cookies to support the checkout flow and maintain a session where required. We do not use third-party advertising cookies or cross-site tracking technologies. We do not track users across sites, so Do Not Track browser signals do not affect our collection practices.

9. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. We also do not sell or share the personal information of any user under 16. If you believe we have collected information from a child, contact us and we will delete it.

10. International Users

The Service is operated from the United States. If you access the Service from outside the United States, you consent to the transfer of your information to, and processing in, the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated version here and revise the “Last updated” date at the top of this page. Your continued use of the Service after an update constitutes acceptance of the revised policy.

12. Contact

Privacy questions or requests? Email support@pastpermit.com.