Privacy Policy
Effective: April 21, 2026
1. Overview
PermianIQ (“we,” “us,” or “our”) operates the permianiq.com platform (the “Service”). This Privacy Policy explains what information we collect, how we use it, and the rights you have regarding your data.
We collect the minimum data necessary to provide the Service. We do not sell your personal dataas “sale” is defined under the Texas Data Privacy and Security Act (TDPSA) or any other applicable law. We do not use your personal data for targeted advertising. We do not serve ads on the Service.
2. Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Password (hashed — we never store or see your plaintext password)
- Full name
- Company name (optional)
- Professional role (e.g., landman, operator, midstream)
Usage Data
When you use the Service, we collect:
- Search queries (county, radius, operator filters)
- Number of detailed well views used
- Subscription plan and status
Analytics Data
We use Google Analytics 4 and Vercel Analytics to understand aggregate traffic patterns. These services may collect:
- Pages visited and time spent on each page
- Referring website or search engine
- Device type, browser, and operating system
- Approximate geographic location (derived from IP, not precise geolocation)
- Anonymized IP address (Google Analytics IP anonymization is enabled)
We do not enable Google Signals, cross-device tracking, or advertising personalization features in Google Analytics. Analytics data is used solely to improve the Service.
Payment Information
Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other sensitive payment information on our servers. Stripe may collect information necessary to process payments in accordance with their privacy policy. We store only your Stripe customer ID and subscription status.
Newsletter
If you subscribe to our newsletter, we collect your email address. You can unsubscribe at any time by replying to any newsletter email or contacting us.
Sensitive Data
We do not knowingly collect sensitive personal data as defined by the TDPSA, including racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexuality, citizenship or immigration status, genetic or biometric data, precise geolocation data, or personal data of a known child. Do not submit such information through the Service.
3. How We Use Your Information
- Provide the Service: Authenticate your account, enforce plan limits, deliver search results and well data.
- Process payments: Manage subscriptions, issue receipts, handle cancellations via Stripe.
- Send transactional emails: Account confirmation, password reset, subscription changes, newsletter (if subscribed).
- Improve the Service: Understand aggregate usage patterns to prioritize features and data coverage.
- Comply with legal obligations: Respond to lawful requests from authorities where required.
We do not use your personal data for automated decisions that produce legal or similarly significant effects, and we do not profile you for targeted advertising.
4. Third-Party Services
We use the following third-party services to operate the platform:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication | Account data, usage data |
| Stripe | Payment processing | Email, payment details |
| Vercel | Hosting, request logs | IP address, request logs |
| Vercel Analytics | Aggregate page view analytics (cookieless) | Page URL, anonymized visitor hash |
| Google Analytics 4 | Traffic and engagement analytics | Anonymized IP, device, pages visited |
| Mapbox | Map rendering | Map viewport, IP address |
| Resend | Transactional email | Email address |
Each service operates under its own privacy policy governing how it processes data. These providers act as our processors and are contractually bound to use your data only to provide services to us. They do not sell your personal data on our behalf.
5. Cookies
We use two categories of cookies:
- Essential cookies: Supabase authentication session cookies that keep you signed in. Without these, the Service cannot function.
- Analytics cookies: Google Analytics 4 sets first-party cookies (
_ga,_ga_G-742PL6RDR2) to distinguish unique visitors and sessions for aggregate traffic reporting. These cookies expire after up to 2 years. They do not contain your name, email, or any directly identifying information.
We do not use advertising cookies, tracking pixels, or cross-site tracking. You may disable analytics cookies by installing the Google Analytics Opt-Out Browser Add-on, enabling “Do Not Track” in your browser, or using your browser’s cookie controls.
6. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.
Newsletter subscriber email addresses are retained until you unsubscribe.
Google Analytics user and event data retention is set to the minimum available period (currently 14 months). Aggregate, anonymized usage data (e.g., total searches per county) may be retained indefinitely for service improvement.
7. Data Security
We implement reasonable security measures to protect your data, including:
- Encrypted data transmission (HTTPS/TLS)
- Hashed passwords (via Supabase Auth)
- Row-level security policies on the database
- Environment variable encryption for API keys and secrets
- Stripe PCI-DSS compliant payment processing
No system is completely secure. We cannot guarantee absolute security of your data but will notify affected users promptly in the event of a data breach, consistent with applicable law.
8. Your Privacy Rights
Subject to applicable law, you have the right to:
- Confirm & access: Confirm whether we process your personal data and request a copy of what we hold.
- Correct: Request correction of inaccurate personal data, taking into account the nature and purpose of the processing.
- Delete: Request deletion of your account and associated personal data.
- Port: Obtain a copy of the personal data you provided in a portable, machine-readable format.
- Opt out: Opt out of the sale of personal data, targeted advertising, or profiling for decisions with legal effects. We do not engage in any of these activities; an opt-out is therefore not necessary, but you may confirm your preference in writing if you wish.
- Unsubscribe: Opt out of newsletter emails at any time.
To exercise any of these rights, email us at [email protected] with the subject “Privacy Rights Request.” We will respond within 45 days. We may extend this period by an additional 45 days where reasonably necessary, and will notify you if we do. We may need to verify your identity before fulfilling a request.
Appeals. If we decline your request, you may appeal our decision by replying to our response or emailing [email protected] with the subject “Privacy Appeal.” We will respond to your appeal within 60 days, explaining our reasoning. If the appeal is denied, you may contact the Texas Attorney General (see Section 9).
9. Notice to Texas Consumers
If you are a Texas resident, the Texas Data Privacy and Security Act (TDPSA) grants you the rights described in Section 8. We process the categories of personal data listed in Section 2 for the purposes listed in Section 3, and share them only with the third-party processors listed in Section 4.
Sale of Personal Data. We do not sell your personal data for monetary consideration or exchange it for other valuable consideration.
Targeted Advertising. We do not process your personal data for targeted advertising.
Filing a Complaint. If you believe we have not resolved your privacy concern, you may contact the Office of the Texas Attorney General, Consumer Protection Division, to file a complaint at texasattorneygeneral.gov/consumer-protection/file-consumer-complaint.
10. Children
The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service. The “Effective” date at the top of this page indicates when the current version took effect. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
12. Contact
Questions about this Privacy Policy? Contact us at [email protected] or [email protected].