monday.com
Privacy Policy

This Privacy Policy explains how we collect, use, disclose, and protect information when you install or use the Software.

By using the Software, you agree to the practices described in this Privacy Policy.

1. Information We Collect

PermitNerd collects only the information necessary to operate the Software.

a. Configuration & Software Data

monday.com board IDs and workspace IDs
User-selected boards and column mappings
Permit records pinned or saved by the user
Software configuration preferences (e.g., selected cities, filters, mappings)

b. Account & Identifier Data

monday.com user ID
monday.com account ID
monday.com workspace ID
User name (from monday.com)
User email address (from monday.com)

c. Usage & Technical Data

Software usage logs (e.g., searches performed, permits pinned, sync activity)
Error logs and performance diagnostics

We do not collect or store unrelated monday.com board content, including private updates, files, comments, or items not explicitly interacted with through the Software.

2. How We Use Your Information

We use the collected information solely to:

Allow users to search, view, and pin permit records
Pin permit data to monday.com boards selected by the user
Maintain permit records associated with a user’s workspace
Operate, maintain, and improve the App
Provide customer support and troubleshooting
Ensure security, reliability, and compliance

We do not use your data for advertising or marketing purposes.

3. Data Sources & Third-Party Services

PermitNerd relies on trusted third-party services to operate securely and reliably:

Supabase (*.supabase.co)

Secure database used to store user configurations, pinned permit records, encrypted monday.com OAuth tokens, and application metadata.
monday.com API

Used for authentication, workspace identification, board metadata access, and pinning permit records to user-selected boards.
OpenAI (api.openai.com) (if enabled)

Used to provide AI-assisted permit explanations or summaries. Only minimal, non-sensitive contextual data is processed. PermitNerd does not use user data to train AI models.
Render (*.onrender.com)

Cloud hosting provider for PermitNerd backend services and APIs.

All third-party providers implement industry-standard security practices.

4. Sharing of Information

PermitNerd does not sell, rent, or trade user information.

Information may be shared only:

With the service providers listed above, strictly as required to operate the App
When required by law, legal process, or government request
To protect the security, integrity, or rights of PermitNerd, its users, or others

5. Data Retention

User configuration and pinned permit data is retained while the App remains installed
System, audit, and security logs are retained for a limited period for operational purposes
Upon App uninstallation, associated data is deleted within a reasonable timeframe unless retention is required by law

Users may request deletion of their data at any time by contacting support@permitnerd.com.

6. Your Privacy Rights

Depending on your location, you may have rights under privacy laws such as GDPR, CCPA, or similar regulations, including:

The right to access your data
The right to correct inaccurate information
The right to request deletion of your data
The right to restrict or object to certain processing

Requests may be submitted to support@permitnerd.com.

7. Security & Encryption

PermitNerd uses industry-standard technical and organizational measures to protect user data from unauthorized access, disclosure, alteration, or destruction.

a. Encryption at Rest

Sensitive data—such as OAuth access tokens and internal identifiers—is encrypted before being stored.

Modern symmetric encryption algorithms (e.g., AES-256) are used
Encryption keys are securely managed and never exposed to end users
Encrypted values are stored only in encrypted form

In some cases, encrypted binary data is stored using hexadecimal encoding. Hex encoding is used solely to safely represent encrypted data as text. The security is provided by the encryption itself, not the encoding format.

b. Encryption in Transit

All data transmitted between:

Users and the PermitNerd App
PermitNerd backend services
monday.com and other third-party APIs

is protected using HTTPS with TLS (Transport Layer Security), preventing interception or tampering in transit.

c. OAuth & Token Protection

PermitNerd uses monday.com’s OAuth authentication system.

OAuth tokens are encrypted prior to storage
Tokens are never exposed in client-side code
Tokens are scoped to the minimum permissions required
PermitNerd does not store monday.com passwords

d. Access Controls

Internal access to production systems is restricted to authorized personnel only
Role-based access controls limit access to sensitive data
Administrative actions are logged and monitored

e. Infrastructure Security

PermitNerd is hosted on a secure cloud infrastructure that provides:

Network isolation and firewall protections
Regular security patching and monitoring
Physically secured data centers

f. Security Limitations

While PermitNerd follows security best practices, no system can be guaranteed to be completely secure. Users are encouraged to protect their monday.com accounts using strong passwords and available security features.

8. International Data Transfers

PermitNerd operates from the United States. If you access the App from outside the U.S., your information may be processed or stored in jurisdictions where our service providers operate.

9. Children’s Privacy

PermitNerd is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted with a revised Effective Date. Continued use of the App constitutes acceptance of the updated policy.