Privacy Policy

We collect information that you provide directly when you create an account, configure policies, or contact our support team. This includes your name, email address, organization name, and billing information.

When your applications interact with our Authorization Gateway, we process authorization request metadata including agent identifiers, action types, resource identifiers, timestamps, and decision outcomes. We do not inspect or store the payload content of your API requests beyond what is necessary to evaluate authorization policies.

We automatically collect technical data such as IP addresses, browser type, device information, and usage analytics to maintain and improve our services. Our SDKs transmit telemetry data including latency measurements, error rates, and decision volume metrics.

We use your information to operate and deliver the PermitNetworks authorization platform, including evaluating authorization decisions, enforcing policies, and generating audit logs.

Your data helps us provide customer support, process billing, send service-related communications, and improve platform reliability and performance. We analyze aggregated, anonymized usage patterns to enhance our decision engine and develop new features.

We do not use your authorization decision data to train machine learning models. Your policy configurations and decision logs remain isolated to your organization.

We do not sell your personal information or authorization decision data to third parties. We share information only in the following circumstances:

With service providers who assist in operating our platform, including cloud infrastructure providers (AWS, Cloudflare), payment processors (Stripe), and analytics services. All sub-processors are bound by data processing agreements.

When required by law, such as in response to a valid subpoena, court order, or government request. We will notify you of such requests unless prohibited by law. We may also share information to protect the rights, safety, or property of PermitNetworks, our users, or the public.

Account information is retained for the duration of your active subscription and for 30 days following account deletion to allow for recovery.

Authorization decision logs are retained according to your plan tier: 7 days for Free plans, 90 days for Pro plans, and custom retention periods for Enterprise agreements. You may export or delete decision logs at any time through the dashboard or API.

Aggregated analytics data that cannot be used to identify individuals may be retained indefinitely to improve our services.

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. You may also have the right to restrict or object to certain processing activities.

For users in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR) including the right to data portability and the right to lodge a complaint with a supervisory authority.

For California residents, the California Consumer Privacy Act (CCPA) provides additional rights including the right to know what personal information is collected and the right to opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at privacy@permitnetworks.com. We will respond to verified requests within 30 days.

We use essential cookies to maintain your authenticated session and remember your preferences. These cookies are strictly necessary for the platform to function.

We use analytics cookies (such as Plausible Analytics) to understand how our website and dashboard are used. These analytics are privacy-focused and do not use personal identifiers or cross-site tracking.

We do not use third-party advertising cookies or tracking pixels. You can control cookie preferences through your browser settings.

We implement industry-standard security measures to protect your data, including encryption at rest (AES-256) and in transit (TLS 1.3), network isolation, and regular security audits.

Authorization decisions are cryptographically signed using DPoP (Demonstration of Proof-of-Possession) tokens to prevent tampering and ensure integrity of the audit trail.

We maintain a responsible disclosure program. If you discover a security vulnerability, please report it to security@permitnetworks.com.

If you have questions about this Privacy Policy or our data practices, you can reach us at:

Email: privacy@permitnetworks.com

For data protection inquiries in the EEA, you may also contact our Data Protection Officer at dpo@permitnetworks.com.