Privacy policy
Last updated July 9, 2026
This is the whole deal, in plain English: we collect the minimum we need to run the product, we store it with well-known providers, we never sell it, and you can have it deleted by emailing us. PermitMySign is a product of Hubble42 Inc., Mississauga, Ontario, Canada.
What we collect
- Your account email. You sign in with an email magic link — no password exists, so we never store one.
- The job data you enter. Addresses, sign specs, uploaded document names, notes, and the permit paper trail your account builds. Before you sign in, this lives only in your own browser (localStorage) — it never reaches our servers until you create an account and choose to bring it in.
- Usage basics. Standard server logs (page requests, errors, rough timing) so we can keep the site working. We don’t run advertising trackers.
- Billing status, not card numbers. Payments run through Stripe. Card numbers go straight to Stripe and never touch our servers; we only see your subscription status.
Where your data lives
We don’t run our own data centers. Your data sits with a short list of processors, each doing one job:
- Supabase — the database that holds your account and job data, with row-level security so each account can only reach its own rows.
- Vercel — hosts the application and serves the site.
- Stripe — handles all payment card data.
- Resend — delivers the sign-in magic-link emails.
All traffic between you and us is encrypted with TLS.
The optional AI drafting feature
Some features can draft text for you — customer updates, city nudges, correction-letter responses — using Anthropic’s API. Job text is sent to Anthropic only when you actually use one of those drafting features, and only the text needed for that draft. The compliance checks themselves are deterministic code, not AI, and the product works fully without the AI features.
What we never do
- We never sell your data, to anyone, for any reason.
- We never share your job data with other customers.
- We never use your data for advertising or hand it to ad networks.
Cookies
One kind: the authentication session cookie that keeps you signed in. No advertising cookies, no third-party trackers, no cookie banner theater.
Retention and deletion
We keep your data while your account exists so your permit paper trail stays intact — that trail is a big part of why shops use us. Want it gone? Email hello@permitmysign.com from your account email and we’ll delete your account and its data, confirming when it’s done. Backups age out on the providers’ standard schedules.
Your rights
Wherever you are, we honor the spirit of GDPR- and CCPA-style rights: ask us what we hold about you, get a copy, correct it, or have it deleted. One email to hello@permitmysign.com does any of these — no forms, no verification maze beyond confirming you own the account.
Hubble42 Inc. is a Canadian company and handles personal information in line with PIPEDA, Canada’s federal privacy law.
If this policy changes
We’ll update this page and the date at the top. If a change meaningfully affects how we handle your data, we’ll email account holders before it takes effect.