1. Introduction
Permmit ("we", "our", "us"), operated by Lukas van Uden, provides a SaaS platform that enables web developers to give their clients controlled access to AI-powered website editing via WhatsApp. This Privacy Policy explains how we collect, use, and protect your information.
2. Information We Collect
We collect the following types of information:
- Account Information: Name, email address, and authentication credentials when you create an account.
- WhatsApp Messages: Messages sent by site editors through WhatsApp for the purpose of processing website change requests, including text, images, voice messages, and PDF documents.
- GitHub Data: Repository access information for applying code changes, as authorized through GitHub App installation.
- Payment Information: Billing details processed securely through Stripe. We do not store credit card information directly.
- Usage Data: Message counts, change requests, API usage statistics, and service interaction logs.
3. How We Use Your Information
- Processing website change requests from WhatsApp messages
- Authenticating users and managing permissions
- Applying code changes to connected GitHub repositories
- Sending notifications about change requests and approvals
- Enforcing usage limits and billing
- Transcribing voice messages for processing (via OpenAI Whisper)
- Temporarily storing images and documents for AI analysis
- Improving our service
4. AI Processing
Permmit uses AI services to process website change requests. All AI processing costs are covered by Permmit — you do not need to provide your own API keys. Your messages and code are sent to AI providers solely for the purpose of processing your requests and are not used to train AI models.
5. Data Security
We take security seriously. All sensitive credentials are encrypted using AES-256-GCM before storage. All data is transmitted over HTTPS. Access to your data is restricted to authorized organization members only. Media files (images, PDFs) are stored temporarily (30 minutes) and automatically deleted after processing.
6. Third-Party Services
We integrate with the following third-party services:
- WhatsApp (Meta): For message delivery and receiving change requests
- Anthropic: For AI processing of change requests (Claude)
- OpenAI: For voice message transcription (Whisper)
- GitHub: For code repository access and applying changes
- Stripe: For payment processing
- Vercel: For application hosting
- Railway: For database and cache hosting
- Sentry: For error monitoring
- Resend: For transactional emails
7. Data Retention
We retain your data for as long as your account is active. Message history and change logs are retained for auditing purposes. Temporary media files are automatically deleted after 30 minutes. You can request deletion of your account and associated data at any time by contacting us.
8. Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate personal data
- Right to Erasure: Request deletion of your personal data
- Right to Restriction: Restrict the processing of your data
- Right to Data Portability: Receive your data in a portable format
- Right to Object: Object to the processing of your data
You can exercise these rights through the dashboard settings or by contacting us at hello@permmit.com.
9. Cookies
We use essential cookies for authentication and session management. We do not use tracking cookies or third-party advertising cookies.
10. Contact
For any privacy-related questions, please contact us at hello@permmit.com.
Lukas van Uden
Lichtenrader Straße 55
12049 Berlin, Germany