Privacy Policy
Last updated: 2026-05-10. Effective date: 2026-05-12.
Plain-English summary
We collect the email and preferences you give us at signup, plus your IP address and standard server logs. We use that data to send you the permit alerts you signed up for and to bill you. We share what's necessary with Stripe (payments), Brevo (email delivery), Linode (hosting), and Cloudflare (CDN). We do not sell your data. You can delete your account anytime.
What we collect
- Email + preferences — counties, ZIP codes, trade filters, frequency, plan tier.
- Account activity — login timestamps, preference changes, cancellation reasons.
- IP address + server logs — for abuse prevention and rate limiting (Cloudflare + nginx).
- Payment info — handled directly by Stripe; we store only the Stripe customer ID and last-4 of the card. We never see or store full card numbers or CVV.
- Optional: phone number — only if you enable SMS alerts on a paid plan.
How we use it
- Deliver the permit alerts you subscribed to.
- Bill you (paid plans only).
- Respond to support requests.
- Improve the product through aggregate, non-identifying analytics.
- Send transactional and product-update emails (you can opt out of product updates).
What we do NOT do
- We do not sell your data to anyone, ever.
- We do not share your signup data with permit data vendors, contractors, or other subscribers.
- We do not run third-party ad pixels or cross-site trackers on the subscriber app.
Third-party processors
| Vendor | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Email, name, billing address, card |
| Brevo (Sendinblue) | Email delivery | Email, name, message content |
| Linode (Akamai) | Application + database hosting | All account data (encrypted at rest) |
| Cloudflare | DNS, CDN, DDoS protection | IP address, request metadata |
| Microsoft Clarity | Anonymous session analytics on the marketing pages only | Anonymized session activity (IP-truncated) |
Cookies
We use a single first-party session cookie for authentication after you log in. Marketing pages may set a Cloudflare bot-management cookie and a Microsoft Clarity analytics cookie. We do not use cross-site tracking cookies.
Your rights
- Access & export — email [email protected] for a copy of your data.
- Correction — edit preferences in your account, or email us.
- Deletion — cancel your subscription and email us to delete the row entirely. We retain billing records for 7 years per IRS rules; everything else gets purged within 30 days.
- CCPA (California) — right to know, right to delete, right to opt-out of sale. We don't sell, so opt-out is automatic.
- GDPR (EU/UK) — right to access, rectify, erase, restrict, port, object. We are not in the EU but we honor these requests.
Data retention
Active accounts: retained for the life of the account. Cancelled accounts: 30-day grace, then PII deleted (billing rows kept 7 years per US tax law). Server logs: 90 days. Email delivery logs: 30 days at Brevo.
Data security
HTTPS everywhere (Cloudflare TLS), database at rest on encrypted Linode block storage, secrets in environment files with 0600 permissions, no PII in our codebase or git history. We follow industry-standard hardening.
Children
The service is for businesses and is not directed at anyone under 18. We do not knowingly collect data from minors.
Changes to this policy
Material changes will be emailed to active subscribers at least 30 days before the effective date.
Contact
RG Holdings LLC
10734 Clover Walk Dr, Orlando, FL 32825
Email: [email protected]