Privacy Policy

Effective Date: December 15, 2025
Last Updated: December 15, 2025

1. Introduction

PermitMapper ("we", "our", "us") is committed to protecting your privacy in accordance with the New Zealand Privacy Act 2020 and the 13 Information Privacy Principles (IPPs).

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our heavy vehicle permit mapping service.

Our Details:

  • Organisation: PermitMapper
  • Location: New Zealand
  • Contact Email: [Your Contact Email]
  • Privacy Officer: [Privacy Officer Name/Contact]

2. Information We Collect

2.1 Account Information (Registered Users)

When you create an account, we collect:

Data Purpose Legal Basis
Username Account identification and login Necessary for service provision
Email address Account recovery and notifications Necessary for service provision
Password (hashed) Account security Necessary for service provision

2.2 Permit Documents

When you upload permit documents:

  • Guest users: Files are processed temporarily and deleted immediately after processing. No permit data is retained.
  • Registered users: Permit files may be stored in secure cloud storage for your permit history. You can request deletion at any time.

We store the following metadata for registered users:

  • Original filename
  • File size
  • Upload date and time
  • Detected region
  • Processing status
  • Number of bridges detected

2.3 Usage Information

We collect limited usage data to improve our service:

  • Button clicks and feature usage (anonymised)
  • Session data for security (CSRF tokens)
  • Basic server logs for troubleshooting

2.4 Location Data

If you enable location tracking:

  • Location data is processed only in your browser
  • We do not transmit or store your location on our servers
  • You can disable location services at any time through your browser settings

2.5 Shared Maps

When you create a shared map link:

  • Map coordinates and bridge details are stored
  • View count is tracked
  • Shared maps may expire or be deleted by you

3. How We Use Your Information

We use your personal information for the following purposes:

Purpose Data Used
Provide the mapping service Uploaded documents, extracted coordinates
Manage your account Username, email, password
Maintain permit history Stored permit files, metadata
Enable map sharing Coordinates, bridge details
Improve our service Anonymised usage statistics
Ensure security Session data, server logs

We will not use your information for:

  • Selling to third parties
  • Marketing without your consent
  • Any purpose unrelated to the service

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

4.1 Third-Party Services

We use the following third-party services that may process data:

Service Purpose Data Shared Location
OpenStreetMap Map display Your IP address (via map tile requests) Global
OSRM Route calculation Coordinates for route calculation Global
Nominatim Address lookup Search queries Global
Replit (hosting) Cloud hosting and storage All service data United States

4.2 Cross-Border Disclosure

Your data may be transferred to servers located outside New Zealand (primarily the United States for hosting). By using our service, you consent to this transfer. We ensure that appropriate safeguards are in place to protect your data.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our legal rights.

5. Data Retention

Data Type Retention Period
Guest uploads (temporary) Deleted immediately after processing
Account information Until you delete your account
Stored permit files Until you delete them or your account
Shared maps Until deleted by creator or 12 months of inactivity
Server logs 30 days
Usage statistics Anonymised and retained indefinitely

6. Your Rights Under the Privacy Act 2020

Under the New Zealand Privacy Act 2020, you have the following rights:

6.1 Right to Access (IPP 6)

You can request access to any personal information we hold about you. We will respond within 20 working days.

6.2 Right to Correction (IPP 7)

You can request that we correct any inaccurate personal information.

6.3 Right to Deletion

You can request deletion of your personal information, including:

  • Your user account and all associated data
  • Stored permit files
  • Shared maps you created

6.4 How to Exercise Your Rights

To exercise any of these rights, contact us at [Your Contact Email]. Please provide sufficient information to verify your identity.

7. Security Measures

We implement the following security measures to protect your data:

  • HTTPS encryption for all data transmission
  • Password hashing using industry-standard algorithms
  • CSRF protection on all forms
  • Rate limiting to prevent abuse
  • Content Security Policy (CSP) headers
  • Secure session management
  • File validation and sanitisation
  • Secure file deletion (overwriting before removal)

8. Privacy Breaches

In the event of a privacy breach that poses a risk of serious harm:

  • We will notify the Office of the Privacy Commissioner as required by the Privacy Act 2020
  • We will notify affected individuals as soon as practicable
  • We will take immediate steps to contain and remediate the breach

If you believe there has been a privacy breach, please contact us immediately.

9. Cookies and Tracking

We use the following cookies:

Cookie Purpose Duration
Session cookie User authentication and CSRF protection Browser session
Terms acceptance Remember that you accepted terms Browser session

We do not use:

  • Third-party analytics (e.g., Google Analytics)
  • Advertising or tracking cookies
  • Social media tracking pixels

10. Children's Privacy

PermitMapper is not intended for use by children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or a notice on our website. The "Last Updated" date at the top indicates when changes were made.

12. Complaints

If you have concerns about how we handle your personal information:

  1. Contact us first at [Your Contact Email]
  2. If you are not satisfied with our response, you may lodge a complaint with the Office of the Privacy Commissioner:

13. Contact Us

For privacy-related inquiries or to exercise your rights:

PermitMapper
Privacy Officer: [Privacy Officer Name]
Email: [Your Contact Email]
New Zealand

Last updated: December 15, 2025

Back to Application Terms of Use