Privacy Policy

Last updated: April 8, 2026

1. Information We Collect

When you create an API key, we collect your name and email address. When you make API requests, we log the request timestamp, endpoint, and your API key prefix for rate limiting and usage tracking. We do not log request parameters or response data.

2. How We Use Your Information

We use your information to:

Provide and maintain the PermitStack API service
Enforce rate limits and usage quotas
Send service-related communications (outages, breaking changes)
Process payments through Stripe (for paid plans)

3. Data We Serve

PermitStack aggregates publicly available building permit data from official U.S. city and county open data portals. All permit data served through our API is derived from public government records. We do not collect, store, or serve private personal information beyond what is published by government agencies.

4. Third-Party Services

We use the following third-party services:

Stripe — payment processing. Stripe's privacy policy applies to payment data.
OVH — server hosting in the United States.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

5. Data Retention

Account data (name, email, API key hash) is retained for the lifetime of your account. Usage logs are retained for 90 days. You may request deletion of your account and data by contacting us.

6. Security

API keys are stored as SHA-256 hashes. All traffic is encrypted via TLS. We never store or log your raw API key after initial creation.

7. Cookies

The PermitStack website does not use cookies or tracking scripts. The API does not use cookies.

8. Changes

We may update this policy from time to time. Changes will be posted on this page with an updated date.

9. Contact

For privacy-related questions, contact us at support@aisaasfactory.io.