Privacy Policy

Last updated: 1 February 2025

PermitPad (“we”, “us”, “our”) is operated by Crocker Digital Ltd, a company registered in England and Wales (Company No. 17008789). This privacy policy explains how we collect, use, store, and protect your personal data when you use our website and service at permitpad.co.uk.

1. Data Controller

The data controller is Crocker Digital Ltd. If you have questions about this policy, contact us at privacy@permitpad.co.uk.

2. What Data We Collect

Account data

When you create an account, we collect your name, email address, and the organisation name you provide.

Permit data

When you use PermitPad, we store the permit-to-work records you create, including field entries, digital signatures, timestamps, and any uploaded photos. This data is stored to provide the service and maintain an audit trail.

Payment data

We use Stripe to process payments. We do not store your full card number. Stripe handles payment data in accordance with PCI DSS standards. We store your Stripe customer ID and subscription status.

Usage data

We use GoatCounter for privacy-friendly, cookie-free web analytics. GoatCounter does not track individual users and does not use cookies. We collect aggregate page-view counts only.

3. How We Use Your Data

• To provide and operate the PermitPad service
• To process payments and manage your subscription
• To send transactional emails (e.g. permit approval notifications, password resets)
• To respond to support requests
• To comply with legal obligations (e.g. maintaining records for tax purposes)

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties for their marketing purposes.

4. Data Sharing

We share data only with the following processors, which are necessary to operate the service:

• Supabase (database hosting and authentication)
• Stripe (payment processing)
• Resend (transactional email delivery)
• Netlify (website hosting)
• GoatCounter (cookie-free analytics)

5. Data Retention

We retain your account and permit data for as long as your account is active. If you cancel your account, your permit data is retained in read-only form for 12 months to allow for audit and compliance purposes, after which it is deleted. You may request earlier deletion by contacting us.

6. Your Rights

Under UK GDPR, you have the right to:

• Access a copy of your personal data
• Rectify inaccurate data
• Request erasure of your data (subject to legal retention obligations)
• Restrict or object to processing
• Data portability (export your permits as PDF)
• Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise any of these rights, email privacy@permitpad.co.uk.

7. Security

We use industry-standard measures to protect your data, including HTTPS encryption in transit, encrypted database storage, role-based access controls, and regular security reviews.

8. Cookies

PermitPad uses only essential cookies required for authentication (session tokens). We do not use tracking cookies, advertising cookies, or third-party analytics cookies. See our Cookie Policy for details.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or by posting a notice on our website.

10. Contact

Crocker Digital Ltd
Company No. 17008789
Email: privacy@permitpad.co.uk