Skip to main content
PermitPathLA

Legal

Privacy Policy

Effective: May 18, 2026 · Last updated: May 21, 2026

1. Introduction

PermitPathLA (“we,” “us,” or “PermitPathLA”) is a free web service based in Calabasas, California. We help Los Angeles homeowners navigate the permit process for accessory dwelling units (ADUs) and related residential construction. This Privacy Policy explains what data we collect when you use permitpath.la (the “Site”), how we use it, who we share it with, and the choices you have about your data.

2. Information we collect

2.1 Information you give us directly

  • Property address. Addresses you enter into the feasibility check, wizard, calculator, or other tools. Address data is used to look up parcel records, zoning, overlays, and permit history for that property.
  • Contact information on lead forms. Name, email address, phone number, and project details you submit through any lead-capture form (broker consult, affiliate inquiry, complex-permit referral, financing, insurance, security, solar, trade-pro requests, etc.).
  • Optional account information.When you opt into “save my progress” or similar features, we store an email address and any wizard state tied to it.
  • Communications. Messages you send through the live-chat widget, the affiliate inquiry form, or other contact channels.
  • Affiliate account information. If you sign up as an affiliated pro: business name, contact name, email, phone, website, LA service area, professional license / registration number, category preferences, optional Pro-Site domain name. Lead Purchase configuration (per-category bids, monthly caps) when you opt into Lead Purchase.
  • Affiliate billing information. If you enroll in Sponsored Placement, Lead Purchase, or Pro-Site Build, payment methods you add are stored by Stripe, not on our servers. We retain a Stripe customer reference and metadata about subscriptions and per-delivery charges.

2.2 Information collected automatically

  • Usage analytics. Pages visited, time on site, referring URL, device type, browser, screen size, approximate location (city/region from IP), and aggregate navigation patterns. Collected via Vercel Analytics. We do not collect persistent cross-site browsing data.
  • Local browser storage.Wizard progress, calculator inputs, preferred theme, and feature toggles are stored in your browser’s local storage so you can resume where you left off on the same device.
  • Cookies. We use minimal first-party cookies for session continuity and the live-chat widget (Crisp). We do not use cross-site tracking cookies for advertising.
  • Server logs. Request URLs, response codes, and IP addresses logged by our hosting provider (Vercel) for security and operational purposes. Retained 30 days.
  • Affiliate session cookies. When an affiliate signs in via the magic-link flow at /affiliates/login, we set a single first-party cookie (aff_session) tied to a server-side session in Upstash Redis. Used solely to keep the affiliate signed in to their dashboard. No advertising trackers.
  • Affiliate badge click tracking. Each affiliate has a unique link (/a/[id]) used in the “Featured on PermitPathLA” badge they place on their own site. When a visitor clicks that link we record a per-day click count keyed to the affiliate. Obvious bot User-Agents are filtered out. IPs of clicking visitors are not stored beyond the standard server-log retention.

2.3 Information we look up about properties

When you submit an address, we look up publicly-available data about that property from sources including LADBS, LADWP, the LA County Assessor, FEMA flood maps, LA City zoning maps, and Mapbox geocoding. This property data is not personal information unless you also submit your name or contact info on a lead form.

3. How we use your information

  • Provide the service. Run feasibility checks, generate plot plans, cost estimates, and other tools; show you which permits apply to your property; save your progress when you opt in.
  • Route leads to affiliates. When you explicitly request a referral (broker consult, contractor quote, lender pre-approval, etc.), we share the contact information you provided with the relevant affiliated pro listed in our directory. We only share contact info when you affirmatively check a consent box on the form.
  • Improve the product. Analyze aggregate usage to identify common pain points and improve the wizard. Aggregate analytics do not identify individual users.
  • Respond to inquiries. Reply to messages you send via the chat widget, lead forms, or email.
  • Send transactional emails. Confirm form submissions, deliver requested checklists, send save-my- progress resume links. We use Resend to deliver these.
  • Legal compliance. Respond to lawful requests from regulators or courts; enforce our Terms of Service; protect rights and safety.

4. Who we share information with

4.1 Affiliated pros (only with your consent)

When you request a referral through a lead form and check the consent box authorizing us to share, we transmit your contact information and relevant project context to one or more affiliated pros (contractors, designers, brokers, lenders, etc.) listed in our directory. The affiliate is then responsible for contacting you under their own privacy practices. If you do not check the consent box, we do not share with affiliates.

4.2 Service providers

We use the following service providers to operate the Site. Each is bound by their own privacy practices and is permitted to process the listed data only for the purposes described:

  • Vercel (hosting + analytics) — server logs, aggregate analytics
  • Upstash Redis (data store) — wizard state, lead records, status tracking
  • Mapbox (mapping + geocoding) — address lookups, parcel rendering
  • Resend (email delivery) — transactional email
  • Crisp (live chat) — chat messages, name, email if provided in chat
  • Google Places API + Yelp Fusion API (business directory data sources) — public business data only; we do not transmit your personal info to these APIs
  • Stripe (payments) — affiliates enrolling in Sponsored Placement, Lead Purchase, or Pro-Site Build have a Stripe Customer record. Payment methods are stored by Stripe, not on our servers. Charges include subscription billing (Sponsored Placement) and per-delivery PaymentIntents (Lead Purchase).

4.3 Legal requirements

We will disclose information if required by law, subpoena, court order, or other valid legal process. We will also disclose information when we reasonably believe disclosure is necessary to protect our rights, your safety or the safety of others, or to investigate fraud.

4.4 How affiliates handle your data after a referral

Affiliates who receive a lead through PermitPathLA are bound by the master Affiliate Agreement to comply with the Telephone Consumer Protection Act (TCPA), the CAN-SPAM Act, FTC rules, and state consumer-protection statutes. Per the agreement, an affiliate may only contact you for the category you consented to and may not transfer, sell, or share your information with third parties without separate homeowner consent. Each lead may be routed to up to three affiliates in the same category, all of whom received your consent on the lead form.

Once an affiliate has your contact information, they operate under their own privacy practices in addition to the Affiliate Agreement. If an affiliate is contacting you in a way you did not consent to, email hello@permitpath.la.

4.5 We do not sell personal information

We do not sell your personal information to third parties. We do not share your information with data brokers. Lead sharing with affiliates (described in 4.1) requires your explicit consent and is not considered a “sale” under CCPA / CPRA. Per-lead fees paid by affiliates to PermitPathLA compensate us for the lead-routing service, not for the underlying personal information.

5. Data retention

  • Address inputs without a lead form (anonymous feasibility checks) — retained 30 days for debugging, then aggregated.
  • Lead form submissions — retained for the duration of the lead lifecycle plus 2 years for record- keeping and dispute resolution.
  • Lead delivery records(when a lead is routed to an affiliate) — retained for the duration of the affiliate relationship plus 3 years, matching the master Affiliate Agreement’s confidentiality obligations.
  • Wizard progress tied to email — retained while the account is active; deleted within 90 days of your request.
  • Affiliate account records — retained for the term of the affiliate relationship plus 7 years for regulatory and accounting record-keeping.
  • Affiliate sessions — 30-day sliding cookie. Magic-link tokens auto-expire after 15 minutes and are single-use.
  • Affiliate badge click counters — auto- expire after ~120 days from the click date.
  • Server logs — 30 days.
  • Analytics aggregates — retained indefinitely in anonymized form.
  • Stripe records (customer, subscription, payment intent, invoice data) — retained by Stripe per their own retention schedule (typically 7+ years for tax and dispute purposes). We retain Stripe identifiers on the affiliate record for the duration of the relationship.

6. Your choices and rights

6.1 General rights (all users)

  • Access. Request a copy of the personal information we hold about you.
  • Correction. Ask us to correct inaccurate information.
  • Deletion. Ask us to delete your personal information, subject to legal retention obligations.
  • Opt-out of affiliate sharing. If you previously consented to affiliate sharing, you may withdraw consent at any time. Already-shared information cannot be recalled from affiliates; future sharing will stop.

6.2 California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act give you additional rights:

  • Right to know. Request disclosure of categories and specific pieces of personal information we have collected about you in the past 12 months.
  • Right to delete. Request deletion of personal information we collected from you.
  • Right to correct. Request correction of inaccurate personal information.
  • Right to opt-out of sale or sharing. We do not sell or share personal information for cross- context behavioral advertising. No opt-out action is required.
  • Right to non-discrimination. We will not discriminate against you for exercising these rights.
  • Right to limit use of sensitive personal information. We do not collect sensitive personal information as defined by CPRA (precise geolocation, racial or ethnic origin, religious beliefs, financial account info, etc.) beyond what is necessary to provide the service.

To exercise any of these rights, email hello@permitpath.la with the subject line “CCPA Request.” We will respond within 45 days as required by law.

7. Children’s privacy

PermitPathLA is intended for adults 18 years or older. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided personal information to us, email hello@permitpath.la and we will delete it.

8. Security

We use industry-standard practices to protect your information: encrypted connections (HTTPS), encrypted data storage (Upstash + Vercel infrastructure), access controls on administrative interfaces (HTTP Basic Auth gated by environment variables), and minimal data collection. No system is perfectly secure; you provide information at your own risk.

9. Third-party links

The Site links to third-party websites (affiliated pros, LADBS, LADWP, Mapbox-rendered map services, etc.). We are not responsible for the privacy practices of those sites. Read their privacy policies before submitting information.

10. Changes to this policy

We may update this Privacy Policy from time to time. The updated version will be posted at this URL with a new “Last updated” date. Material changes will be announced via a banner on the Site for at least 30 days before they take effect.

11. Contact

Questions about this Privacy Policy? Email hello@permitpath.la. Mailing address: PermitPathLA, Calabasas, California.