Privacy policy.

1. What we collect

• Email when you sign up — used for sign-in (magic links) and onboarding emails.
• Cohort selection from the signup dropdown — used to tailor onboarding emails.
• Stripe customer + subscription IDs when you subscribe — used to render billing state.
• Anonymous usage analytics via PostHog — pages viewed, buttons clicked. No PII.

2. What we don't collect

• Passwords — we don't store any. Sign-in is via one-time email link only.
• Credit card numbers — Stripe handles all payment data; we never see it.
• Cross-site tracking pixels. PostHog identifies users by anonymous ID only.

3. Where it lives

• User accounts: Postgres database (managed by Vercel / Neon, US region).
• Stripe customer data: Stripe (Ireland + US regions, depending on region of card).
• Email dispatch: Resend (US region).
• Analytics: PostHog Cloud (US region).

4. Who we share it with

We do not sell or rent your data to anyone, ever. We share data only with our sub-processors above (Stripe, Resend, PostHog, Vercel/Neon) who process it on our behalf under their own data-protection agreements.

5. Your rights

• Access: See what we have on you via the Settings tab of your dashboard.
• Delete: Delete your account via the same tab — removes user record, cancels any active subscription, revokes API keys.
• Export: Email kian@permitcore.io and we'll send you a JSON export within 7 days.
• Opt out of emails: Every onboarding email has an unsubscribe link in the footer.

6. Cookies

We use two kinds of cookies:

• Session cookie — required to keep you signed in. Set when you sign in; cleared when you sign out.
• Analytics cookie — PostHog anonymous ID. Used to distinguish unique visitors without identifying you personally.

We don't use cross-site tracking cookies or ad-tech pixels. Because the cookies we use are either strictly necessary or anonymous, no consent banner is shown.

7. Contact

Questions, requests, complaints, security disclosures — kian@permitcore.io. Reply within 1 business day.