PermitlyHQ

Privacy Notice

Last updated: May 22, 2026

This Privacy Notice explains how PermitlyHQ ("PermitlyHQ", "we", "us") collects, uses, shares, and protects your personal data when you use our website and services at permitlyhq.com.

PermitlyHQ is the data controller of your personal data. If you have any questions about this notice, please contact us at privacy@permitlyhq.com.

1. Personal data we collect

  • Account data: name, email address, password (hashed), profile information.
  • Application data: nationality, destination, travel purpose, documents you upload.
  • Usage data: pages visited, features used, AI prompts and outputs, device and browser info, IP address.
  • Communications: support messages, feedback, survey responses.
  • Payment data: handled directly by Paddle (our Merchant of Record). We do not store full card numbers.

2. Why we use your data and our legal basis

  • To create and operate your account โ€” performance of contract.
  • To deliver AI-powered visa intelligence and document tooling โ€” performance of contract.
  • To prevent fraud, abuse, and secure the service โ€” legitimate interests.
  • To send service notifications and respond to support โ€” performance of contract.
  • To send marketing where permitted โ€” consent (you can withdraw at any time).
  • To comply with legal obligations โ€” legal obligation.

3. Who we share data with

  • Paddle.com Market Ltd โ€” our Merchant of Record. Paddle handles all checkout, billing, tax, and refunds and processes payment data as a separate controller. See Paddle's Privacy Policy at paddle.com.
  • Hosting & infrastructure: Cloudflare, Supabase (database, auth, storage).
  • AI providers: Google Gemini and OpenAI process prompts to generate guidance.
  • Analytics: aggregated product analytics to improve the service.
  • Professional advisers and authorities where required by law.

4. International transfers

Personal data may be transferred outside your country. Where transfers occur from the UK/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

5. Retention

We keep account data for as long as your account is active. Application content is retained for up to 24 months after last activity, after which it is deleted or anonymised. Billing records are kept for the period required by law (typically 7 years).

6. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, port, or object to processing of your personal data, and to withdraw consent. UK/EEA users may lodge a complaint with their local supervisory authority. To exercise any right, email privacy@permitlyhq.com; we will respond within one month.

7. Security

We apply industry-standard technical and organisational measures including encryption in transit and at rest, access controls, and regular security reviews.

8. Cookies

We use essential cookies to operate the site and optional analytics cookies to understand usage. See our Cookie Notice for details.

9. Children

PermitlyHQ is not intended for users under 16. We do not knowingly collect data from children.

10. Changes

We will post any changes here and update the "Last updated" date above.