Security
PCI compliance
How PermitMobile protects payment card data for contractor subscriptions using PCI-compliant Stripe Checkout — we never store full credit card numbers on our servers.
Last updated:
PCI compliance at PermitMobile
PermitMobile is a building permit tracking service for residential contractors. When you subscribe to PermitMobile Premium, payment card information is handled by Stripe, a PCI Level 1 certified payment processor.
PermitMobile does not collect, process, or store full payment card numbers (PAN), card verification values (CVV/CVC), or magnetic-stripe data on our servers. This approach reduces payment security risk and supports PCI DSS compliance for our subscription billing model.
What is PCI DSS?
The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements for organizations that accept, process, store, or transmit payment card information. Compliance helps protect cardholders and reduce fraud.
Merchants and service providers must follow PCI DSS controls appropriate to how they handle card data. Businesses that outsource card entry to a qualified payment provider typically have a reduced PCI scope.
How PermitMobile processes payments
PermitMobile uses Stripe Checkout for subscription payments. When you subscribe:
- You are redirected to a secure Stripe-hosted payment page over HTTPS.
- Card details are entered directly on Stripe's systems, not on permitmobile.com.
- Stripe tokenizes and processes the payment and manages recurring subscription billing.
- PermitMobile receives confirmation of payment status and a Stripe customer identifier — not your full card number.
What PermitMobile stores
Our application stores only the information needed to manage your contractor account and subscription:
- Stripe customer ID (a token reference, not a card number).
- Subscription status (for example, active, cancelled, or inactive).
- Billing-related metadata required to enable or disable dashboard access.
We do not store primary account numbers, sensitive authentication data, or PIN blocks on PermitMobile infrastructure.
Our PCI scope
Because PermitMobile does not handle cardholder data on our website or application servers, our payment environment is designed to align with PCI SAQ A (or equivalent reduced scope) for merchants using fully outsourced card processing.
Stripe maintains PCI DSS Level 1 Service Provider certification and is responsible for the security of card data entered on their checkout pages. You can review Stripe's security and compliance documentation at stripe.com/docs/security.
Security practices
In addition to outsourced payment processing, PermitMobile applies standard security measures across the permit tracking platform:
- HTTPS encryption (TLS) for all web traffic to permitmobile.com.
- Firebase Authentication for secure account sign-in.
- Access controls limiting permit and profile data to the account owner.
- Server-side verification of Stripe webhook signatures for billing events.
- Environment-isolated storage of API secrets and payment integration keys.
Your responsibilities as a subscriber
When paying for PermitMobile Premium, protect your payment credentials the same way you would for any online purchase:
- Confirm the browser address shows a secure Stripe checkout URL before entering card details.
- Do not share your PermitMobile login or payment confirmation emails.
- Report suspected unauthorized charges to your card issuer and review your billing from Dashboard → Billing.
Security inquiries and incidents
If you believe your PermitMobile account or payment information has been compromised, change your password immediately and review billing from Dashboard → Billing. For payment disputes or unauthorized charges on your card, notify your bank or card issuer and Stripe where applicable.
Updates to this page
We may update this PCI compliance summary when our payment flows or providers change. Material updates will be reflected on this page with a revised last-updated date.
Contact us
Questions about payment security, PCI compliance, or PermitMobile subscription billing: