This Privacy Policy ("Policy") describes how Patriot LPR, a product of PPOA Group LLC ("Company," "we," "us," "our"), collects, uses, shares, retains, and protects information when you: (a) visit patriotlpr.com (the "Website"); (b) use the Patriot LPR desktop application, mobile application (iOS/Android), or web portal (collectively, the "Application"); or (c) otherwise interact with our products and services (collectively, the "Services").

Patriot LPR is an automated license plate recognition (ALPR) system designed for towing companies performing private property enforcement. This Policy covers data collected through ALPR scanning, the Patriot Cloud web portal, and connected device applications.

By accessing or using our Services, you acknowledge that you have read and understood this Policy. If you do not agree with the practices described herein, do not use our Services.

If you use our Services on behalf of a company or other entity, "you" refers to that entity, and you represent that you have the authority to accept this Policy on its behalf.

1. Information We Collect

We collect the following categories of information depending on how you interact with our Services.

1.1 Account and Identity Information

• Full name
• Email address
• Phone number
• Username and password
• Company or organization name
• User role and permissions (Admin, Manager, Driver, Sales)
• Account status and license information
• Last login date

1.2 License Plate and Vehicle Data

• License plate text (characters recognized via automated scanning or manual entry)
• License plate images (still photographs captured by LPR cameras or phone cameras)
• Vehicle images (still photographs)
• Vehicle descriptors: make, model, color, year, state of registration
• Confidence scores from automated plate recognition
• Region identifiers associated with plate reads

1.3 Property and Operational Data

• Property names, codes, addresses, and contact information
• Property-specific patrol rules and enforcement policies
• Violation and citation reports (type, status, resolution, notes, timestamps, photos)
• Tow queue entries and tow records
• Sticker list entries (authorized vehicles per property)
• Hot list entries with alert reasons and case numbers
• Do-not-tow list entries per property
• Patrol mode settings and configurations

1.4 Scan and Enforcement Data

• Plate read results with timestamps
• Permit status lookups (via PPOA integration)
• Color-coded permit status results (registered, unregistered, expired, hot list, flagged)
• Resolution types applied to flagged vehicles (Towed, Gone on Arrival, Stickered, etc.)
• Photo evidence with server-controlled timestamps
• Scan counts per property, per driver, and per shift

1.5 Location and Timestamp Data

• Server-controlled timestamps associated with every plate read, record, and user action
• Camera identifiers that correspond to physical scanning locations
• Property association data that reflects geographic location
• GPS coordinates may be captured during scanning operations depending on device capabilities

1.6 Device and Technical Information

• Device type, operating system, and version
• Camera hardware identifiers and configuration
• Network connectivity status and interface details
• Application version
• Memory usage and performance metrics
• IP address (when connecting to cloud services)
• Browser type and version (Website and web portal visits)

1.7 Usage and Activity Data

• Login and logout events and timestamps
• Searches performed within the Application
• Records accessed, created, modified, or exported
• Plate reads processed and ALPR results received
• Sync activity between local device and cloud services
• Feature usage patterns
• Shift start/end times and driver activity

1.8 Diagnostic and Log Data

• Application error logs and crash reports (including stack traces)
• Performance logs and memory diagnostics
• Network connectivity diagnostic logs
• Camera connection and diagnostic logs

1.9 Image and Media Data

• License plate photographs captured by device cameras or connected LPR camera systems
• Vehicle photographs
• EXIF metadata from captured images (including orientation, device information)
• Incidental capture: Camera-based license plate scanning may incidentally capture images of persons, surroundings, other vehicles, or other objects in the camera's field of view. We do not use facial recognition technology.

2. How We Collect Information

2.1 Directly from You

• When you create an account or register for Services
• When you enter data into the Application (vehicle records, property information, hot list entries, sticker lists, notes)
• When you contact us for support

2.2 Automatically Through the Application

• Camera Capture: The Application accesses connected LPR cameras (desktop) or device cameras (mobile) to capture license plate and vehicle images automatically during patrol or upon user initiation
• Automated License Plate Recognition (ALPR): Captured images are processed through automated optical character recognition to extract license plate text, confidence scores, and region data
• Background Synchronization: The Application automatically syncs data between the local device and our cloud infrastructure (Patriot Cloud) at regular intervals (approximately every five minutes when connected)
• Activity Logging: The Application automatically logs user actions, system events, errors, and performance data
• Credential Caching: The Application caches authentication credentials on the local device using platform-native secure storage to enable limited offline access
• Team Sync: When one driver updates a record (resolves a vehicle, marks a status), the change syncs through Patriot Cloud and becomes visible to other drivers on the same team

2.3 From Third-Party Service Providers

• ALPR Processing Provider: We use a third-party automatic license plate recognition service to process captured images and return plate recognition results. The provider receives plate and vehicle images over an encrypted connection and returns plate text, confidence scores, and region identifiers. We may change ALPR providers without notice.
• Cloud Infrastructure (Microsoft Azure): Our cloud services are hosted on Microsoft Azure
• Permit Data (PPOA): When integrated with Parking Permits of America, the Application queries PPOA's permit database in real time to determine whether a scanned vehicle has a valid permit

3. Local Device Storage

Patriot LPR stores data locally on your device. We believe in transparency about how this data is stored and secured.

3.1 Local Database

The Application uses a local SQLite database on your device that contains plate reads, vehicle records, property data, violation reports, tow queue entries, permits, sticker lists, hot list entries, and user data. This database file is not independently encrypted beyond the operating system's native file protections. The database syncs with Patriot Cloud when an internet connection is available.

3.2 Secure Credential Storage

Authentication tokens, cached login credentials, and API keys are stored using platform-native secure storage mechanisms:

• Windows: DPAPI (Data Protection Application Programming Interface)
• iOS: Keychain Services
• Android: EncryptedSharedPreferences

3.3 Log Files

Diagnostic logs, error logs, crash reports, and camera diagnostic logs are stored as plain text files in the application data directory on your device. Log files are subject to automatic rotation (max 5 MB per file, max 10 files per category).

3.4 Your Responsibility

You are responsible for the physical security of devices used to access the Services. If a device is lost, stolen, or decommissioned, locally stored data (including the database, cached credentials, and log files) may be accessible to anyone with physical access to the device. We recommend enabling device-level encryption (BitLocker on Windows, FileVault equivalent) and remotely wiping lost devices.

4. Device Permissions

Permission	Platform	Purpose
Camera	iOS, Android	Capturing license plate and vehicle images for ALPR scanning
Microphone	iOS	Required by the camera framework; not actively used for audio recording
Internet	All	Communicating with cloud services, ALPR processing, and data synchronization
Network State	All	Detecting connectivity status for online/offline mode switching
Storage (Read/Write)	Android	Accessing captured images and storing application data
Background Fetch	iOS	Enabling background data synchronization
Full Trust	Windows	Desktop application system access for camera integration and file operations

You may revoke camera, microphone, storage, and other device permissions through your device's operating system settings at any time. Revoking permissions may disable core scanning functionality.

5. How We Use Information

5.1 Providing and Operating the Services

• Authenticating users and managing accounts
• Processing license plate reads and returning recognition results
• Checking scanned plates against permit databases (PPOA), hot lists, sticker lists, and do-not-tow lists
• Storing and synchronizing records across devices and Patriot Cloud
• Generating and managing violation reports, tow queue entries, and enforcement records
• Delivering in-app alerts (visual and audio) for hot list matches
• Enabling search, filtering, and export of records
• Supporting offline functionality through local data storage and credential caching
• Syncing team data through Patriot Cloud (Team Sync)
• Generating property reports and driver performance analytics

5.2 Maintaining, Securing, and Improving the Services

• Monitoring system performance, uptime, and resource usage
• Identifying and resolving bugs, errors, and crashes
• Diagnosing camera and network connectivity issues
• Improving ALPR accuracy and processing efficiency
• Conducting internal analytics on aggregate usage patterns

5.3 Aggregated and De-Identified Data

We may aggregate and de-identify data (including license plate text, plate images, vehicle descriptors, timestamps, and camera identifiers) and use such aggregated or de-identified data for lawful business purposes, including analytics, research, trend analysis, and commercial access by authorized users (see Section 7). Aggregated and de-identified data does not directly identify any natural person.

5.4 Legal and Compliance Purposes

• Complying with applicable laws, regulations, and legal processes
• Responding to lawful requests from government authorities or law enforcement
• Enforcing our Terms of Service and other agreements
• Protecting the rights, safety, and property of Company, our customers, or others
• Establishing, exercising, or defending legal claims

5.5 Communications

• Responding to support requests and inquiries
• Sending service-related notices (Terms of Service updates, maintenance notifications, account alerts)
• We do not send marketing emails unless you opt in

6. How We Share Information

We do not sell personal information that directly identifies a natural person (such as name, email address, phone number, or home address).

6.1 Service Providers and Processors

We share information with third-party service providers who perform services on our behalf:

Provider	Purpose	Data Shared
Microsoft Azure	Cloud hosting, storage, compute	All data transmitted to cloud
ALPR Processing Provider	License plate recognition from captured images	Plate and vehicle images

Our service providers are contractually obligated to use data only for the purposes of providing services to us and to maintain appropriate security measures.

6.2 Within Customer Accounts

Data is shared among authorized users within the same customer account based on their assigned roles (Admin, Manager, Driver, Sales). For example, drivers see property data and scan results for their assigned properties, while managers see reports and analytics across all properties. Team Sync shares real-time updates between drivers on the same team through Patriot Cloud.

6.3 Within the PPOA Group Ecosystem

Patriot LPR integrates with other PPOA Group products to enable connected enforcement workflows:

• Parking Permits of America (PPOA): The Application queries PPOA's permit database in real time during scanning to determine whether a vehicle has a valid permit. Permit status, visitor frequency data, and registration information are accessed through authenticated API calls.
• TowSmart Systems: When a vehicle is flagged for tow, tow queue data (vehicle details, photos, property information) may be dispatched to TowSmart for operations processing.

This sharing occurs only within the same customer's account ecosystem and is governed by API-level authentication.

6.4 Aggregated and De-Identified Plate Scan Data

As described in Section 7, we may make aggregated or de-identified plate scan data available to authorized users through a commercial access feature. This data does not directly identify any natural person. See Section 7 for full details.

6.5 Legal Requirements

We may disclose information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, or legal process (including subpoenas, court orders, or government requests); (b) enforce our Terms of Service; (c) protect the rights, property, or safety of Company, our customers, or the public; or (d) detect, prevent, or address fraud, security, or technical issues.

6.6 Business Transfers

In connection with a merger, acquisition, reorganization, bankruptcy, asset sale, or similar transaction, information may be transferred to the successor entity. We will provide notice if your information becomes subject to a materially different privacy policy.

6.7 With Your Consent

We may share information with third parties when you provide explicit consent or direct us to do so (for example, exporting a PDF report or sharing a violation record).

7. Plate Scan Data and Commercial Access

This section describes how we handle aggregated plate scan data and our commercial data access feature.

7.1 What is Plate Scan Data?

Plate Scan Data refers to records generated when the Application scans a license plate. Each record may include the plate text, vehicle descriptors, a timestamp, and a camera/location identifier.

7.2 Aggregation and De-Identification

We aggregate Plate Scan Data and remove or obscure information that could directly identify a natural person (such as driver names, account details, and customer-specific property identifiers). The resulting de-identified dataset contains plate text, vehicle descriptors, timestamps, and general location identifiers — but does not include names, addresses, phone numbers, or other personal contact information.

7.3 Commercial Access Feature

We may offer a paid commercial access feature that allows authorized users to search aggregated, de-identified Plate Scan Data — for example, to view scan history associated with a specific license plate. This feature:

• Is available only to registered, authenticated users who agree to applicable terms of use
• Provides access to de-identified data only — no personal information about vehicle owners, drivers, or residents is included
• Does not include permit holder names, resident information, or property manager data
• Is subject to all applicable federal, state, and local laws regarding ALPR data access and use (see Section 12)

7.4 What Commercial Access Does NOT Include

• Names, addresses, phone numbers, or email addresses of any person
• Resident or visitor personal information from PPOA
• Property manager or customer account information
• Raw plate images (only plate text and vehicle descriptors)
• Any data that directly identifies a natural person

7.5 Your Rights Regarding Plate Scan Data

If you believe your license plate has been scanned and you wish to inquire about or request deletion of scan records associated with your plate, contact us at support@ppoagroup.com. We will process such requests in accordance with applicable law, including any ALPR-specific state requirements (see Section 12).

8. Data Retention

8.1 General Retention

We retain information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements.

Data Category	Retention Period
Account information	Duration of active account + 90 days
Plate scan data (images, records)	2 years from collection (unless otherwise agreed or required by law)
Hot list and sticker list data	Duration of active account
Violation and tow queue records	Per customer configuration and applicable law
Application logs and diagnostics (local)	Automatic rotation (max 5 MB per file, max 10 files per category)
Application logs and diagnostics (cloud)	Per system configuration
Aggregated and de-identified data	Indefinite

8.2 Post-Termination

Upon termination or expiration of a customer account, we may retain customer data for up to ninety (90) days to facilitate data export requests. After such period, we may delete customer data in the ordinary course.

8.3 Aggregated Data Survival

We may retain and continue to use aggregated or de-identified data indefinitely, even after termination or deletion of a customer account. This includes de-identified Plate Scan Data as described in Section 7.

8.4 Local Device Data

For Applications installed on local devices, you are solely responsible for deleting locally stored data. We cannot remotely delete data stored on your device, including database files, cached credentials, and log files. When decommissioning a device, we recommend securely wiping the device or deleting the application data directory.

8.5 Legal Obligations

We may retain information beyond standard retention periods if required by applicable law, regulation, legal process, or to establish, exercise, or defend legal claims.

8.6 Offline Grace Period

When the Application operates in offline mode, locally cached data and credentials remain accessible for a configurable offline grace period (default 24 hours). After the grace period expires, the Application requires an internet connection to re-authenticate.

9. Data Security

9.1 Technical Measures

We implement security measures designed to protect information, including:

• Encryption in Transit: All communications between the Application and our cloud services (Patriot Cloud) are transmitted over HTTPS/TLS encrypted connections, including ALPR processing, data synchronization, and permit lookups
• Secure Credential Storage: Authentication tokens and cached credentials are stored using platform-native secure storage (Windows DPAPI, iOS Keychain, Android EncryptedSharedPreferences)
• Authentication: Access to the Services requires authentication via username/password and JWT bearer tokens
• Role-Based Access: Four user roles (Admin, Manager, Driver, Sales) control access to features and data
• Server-Controlled Timestamps: Timestamps on scan records, enforcement actions, and audit events are generated server-side and cannot be manipulated by users
• Cloud Security: Patriot Cloud is hosted on Microsoft Azure, which maintains industry-standard security certifications
• API Security: Integration APIs (PPOA permit lookups, TowSmart dispatch) are secured with API key authentication and restricted to authorized endpoints

9.2 Limitations

No method of transmission over the internet or method of electronic storage is completely secure. While we use commercially reasonable measures to protect information:

• The local SQLite database is not independently encrypted at rest beyond operating system-level protections
• Local log files are stored as plain text
• We cannot guarantee absolute security against unauthorized access, data breaches, or cyber attacks
• You are responsible for the physical security of devices used to access the Services and for maintaining the confidentiality of your login credentials

9.3 Breach Notification

In the event of a data breach affecting personal information, we will notify affected parties in accordance with applicable state and federal breach notification laws.

10. Your Rights and Choices

10.1 Account Information

You may update your account information through the Patriot Cloud web portal or by contacting us at support@ppoagroup.com.

10.2 Data Access and Export

Customers may access their data through the Application's and web portal's built-in search, reporting, and export features. For bulk data export requests, contact us at support@ppoagroup.com.

10.3 Data Deletion

You may request deletion of your account and associated data by contacting us at support@ppoagroup.com. Upon receiving a verified deletion request, we will delete or de-identify your data within a reasonable period, subject to:

• Any legal obligation to retain certain data
• Aggregated and de-identified data, which is not subject to deletion requests
• Data stored locally on your device, which you must delete independently
• Reasonable backup retention cycles
• Data that has been shared with third-party service providers prior to the deletion request

10.4 Device Permissions

You may revoke camera, microphone, storage, and other device permissions at any time through your device's operating system settings. Revoking permissions may disable core scanning functionality.

10.5 Credential Caching

You may clear cached credentials by logging out of the Application or uninstalling it from your device.

10.6 Plate Scan Data Inquiries

If your license plate has been scanned and you wish to inquire about or request deletion of scan records associated with your plate, contact us at support@ppoagroup.com. We will process requests in accordance with applicable law (see Section 12).

11. State-Specific Privacy Rights

11.1 California Residents (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including:

• Right to Know: The right to request the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it
• Right to Delete: The right to request deletion of personal information, subject to certain exceptions
• Right to Correct: The right to request correction of inaccurate personal information
• Right to Opt Out of Sale/Sharing: We do not sell personal information that directly identifies a natural person. We may make aggregated or de-identified Plate Scan Data available through a commercial access feature (see Section 7). De-identified data does not constitute "personal information" under CCPA.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at support@ppoagroup.com or call (430) 381-9853. We will verify your identity before processing your request.

11.2 Other State Privacy Laws

Residents of states with comprehensive privacy laws (including Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Texas TDPSA, and others as enacted) may have similar rights to access, correct, delete, and opt out of certain data processing. Contact us at support@ppoagroup.com to exercise your rights.

12. ALPR-Specific State Laws

Certain states impose specific requirements on the collection, use, retention, and sharing of data collected through automated license plate recognition systems. These requirements may include:

• Retention limits — Some states limit how long ALPR data can be retained
• Access restrictions — Some states restrict who can access ALPR data and for what purposes
• Notice requirements — Some states require notice to the public about ALPR data collection
• Use restrictions — Some states limit the purposes for which ALPR data may be used
• Audit and logging requirements — Some states require that access to ALPR data be logged and auditable

For Customers: If you operate Patriot LPR in a jurisdiction with ALPR-specific laws, you are responsible for understanding and complying with those requirements. This includes configuring appropriate data retention periods, limiting access to authorized personnel, and providing any required public notices. We will cooperate with reasonable requests to adjust data handling practices to the extent technically feasible.

For the Public: If you have questions about ALPR data collection in your area or wish to exercise rights under applicable ALPR laws, contact us at support@ppoagroup.com.

13. Children's Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, contact us at support@ppoagroup.com.

14. Cookies and Tracking

Our Website and the Patriot Cloud web portal may use cookies and similar technologies to:

• Maintain session state and keep you logged in
• Remember user preferences
• Analyze website traffic and usage patterns
• Improve website and portal functionality

You can control cookies through your browser settings. Disabling cookies may affect Website and portal functionality.

The desktop and mobile Applications do not use cookies. They use platform-native authentication and storage mechanisms as described in Section 3.

15. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, Services, or applicable law. If we make material changes, we will provide notice by: (a) posting the updated Policy on our Website; (b) updating the "Last Updated" date; and (c) where appropriate, notifying account administrators by email or in-app notice.

Your continued use of the Services after the effective date of any updated Policy constitutes your acceptance of the changes. If you do not agree with an updated Policy, you must stop using the Services.

16. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, need to report a privacy concern, or have questions about ALPR data collection, contact us at:

By using our Services, you acknowledge that you have read and understood this Privacy Policy.