Privacy Policy

PermitPulse · Last updated: April 20, 2026

PermitPulse ("we," "our," or "us") operates the PermitPulse mobile application (the "App"). This Privacy Policy describes what information we collect, how we use it, and the choices you have. By using the App you agree to the practices described here.

1. Information We Collect

We collect only what is necessary to operate the service:

Account information — your name and email address, obtained through Google Sign-In via AWS Cognito when you create an account.
Device push token — a Firebase Cloud Messaging (FCM) token unique to your device, used to deliver permit availability notifications.
Watch preferences — the permit entry points, date ranges, and permit types you select when creating availability watches.
Token transaction history — records of token purchases (via Google Play in-app billing), token credits (welcome bonus, promo codes), and token usage.
Purchase receipts — Google Play purchase tokens, used solely to validate and process in-app purchases and prevent duplicate credits. We do not collect or store credit card numbers or full payment details.

We do not collect location data, contacts, browsing history, or any other device data.

2. How We Use Your Information

Authenticate you and maintain your account session.
Monitor recreation.gov permit availability for your active watches and send push notifications when a slot opens.
Process token purchases and maintain your token balance.
Prevent fraudulent or duplicate purchase credits.
Provide customer support when you contact us.

We do not sell, rent, or share your personal information with third parties for advertising or marketing purposes.

3. Third-Party Services

The App relies on the following third-party services, each with their own privacy practices:

Google Sign-In / Google OAuth — handles authentication. Google Privacy Policy
Firebase Cloud Messaging (FCM) — delivers push notifications to your device. Firebase Privacy
Amazon Web Services (AWS) — hosts our servers, database, and authentication infrastructure in the us-east-1 (N. Virginia) region. AWS Privacy Policy
Google Play Billing — processes in-app purchases. Google Payments Privacy Notice
Recreation.gov — we query their public permit availability API on your behalf to check for open slots. We do not share your personal information with Recreation.gov.

4. Data Retention

We retain your account information and watch history for as long as your account is active. Watch records are automatically deleted one day after their end date. Notification records are deleted after 30 days. Transaction history is retained for seven years for accounting purposes.

If you delete your account, all personal data (account record, active watches, notification history, and token transaction history) is permanently deleted within 30 days, except where longer retention is required by law.

5. Data Security

Your data is stored in AWS DynamoDB with encryption at rest. All communication between the App and our servers uses HTTPS/TLS. Authentication is handled by AWS Cognito — we never store your Google password. Access to backend systems is restricted to authorized personnel.

No method of transmission over the internet is 100% secure. While we take commercially reasonable steps to protect your information, we cannot guarantee absolute security.

6. Children's Privacy

PermitPulse is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

7. Your Rights and Choices

Access and correction — you can view your account information in the App's Profile screen at any time.
Notifications — you can disable push notifications through your device's system settings at any time.
Account deletion — you can permanently delete your account and all associated data from the Profile screen inside the App, or by submitting a request at the link below.

Delete your data: To request deletion of your account and all associated data, use the "Delete Account" option in the App's Profile screen, or submit a request at permitpulse.xyz/delete-data. Requests are processed within 30 days.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the revised policy. For material changes, we will provide notice through the App or by email.

9. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

PermitPulse
Email: syogod@gmail.com