Privacy Policy

Introduction

HOA Cloud ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our HOA and property management platform at hoacloud.app.

By using HOA Cloud, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, phone number, mailing address
• Property Information: Property address, unit number, ownership details
• Payment Information: Credit card details (processed by Stripe), bank account information (processed by Plaid)
• Communication Data: Messages, support tickets, maintenance requests, work order communications
• Documents: HOA documents, compliance certificates, vendor licenses, photos, invoices
• Profile Information: Role within HOA (owner, tenant, board member, property manager), preferences

1.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent, clicks, navigation patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Tracking: We use cookies, pixels, and similar technologies (see Cookie Policy)
• Location Data: Approximate location from IP address; precise location if you enable geolocation for check-in features
• Analytics Data: Collected via Google Analytics and Google Tag Manager

1.3 Information from Third Parties

• Plaid: Bank account details, balances, transaction history for payment verification
• Stripe: Payment processing status, payment method details
• Google Workspace: Calendar events, meeting participants, video recordings (with consent)
• Public Records: Property ownership records, HOA bylaws (public information)

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Platform Operations

• Provide and maintain HOA management services
• Process HOA dues payments and fees
• Manage maintenance requests and work orders
• Facilitate vendor management and compliance tracking
• Schedule meetings and manage communications
• Generate reports and analytics for HOA boards

2.2 Payment Processing

• Process recurring HOA dues via Stripe or ACH (Plaid)
• Verify bank account ownership
• Detect and prevent payment fraud
• Issue refunds and process credits
• Maintain transaction history for accounting purposes

2.3 Communications

• Send transactional emails via SendGrid (payment confirmations, work order updates)
• Send marketing communications via Resend (with your consent)
• Send SMS notifications via Twilio (with your consent)
• Respond to support requests and inquiries

2.4 AI-Powered Features

• Analyze uploaded documents using OpenAI Vision API (vendor certificates, invoices)
• Classify documents using Anthropic Claude AI
• Extract structured data from PDFs and images
• Generate meeting summaries using Google Vertex AI
• Note: AI processing may involve sending document content to third-party AI providers. We do not send personally identifiable information unless necessary for the feature.

2.5 Analytics and Improvement

• Analyze platform usage via Google Analytics
• Improve user experience and fix bugs
• Develop new features based on user behavior
• Monitor platform performance and security

2.6 Legal Compliance

• Comply with Florida HOA laws (Chapter 718/720)
• Maintain financial records (7 years per IRS requirements)
• Respond to legal requests and investigations
• Enforce our Terms of Service

3. How We Share Your Information

We do NOT sell your personal information. We share information only in the following circumstances:

3.1 Service Providers (SOC 2 Certified)

• Vercel: Hosting and infrastructure (SOC 2 Type II)
• Supabase: Database and authentication (SOC 2 Type II)
• Stripe: Credit card payment processing (SOC 2 Type II, PCI DSS)
• Plaid: Bank account verification and ACH payments (SOC 2 Type II, PCI DSS)
• SendGrid: Transactional email delivery (SOC 2 Type II)
• Resend: Marketing email delivery (SOC 2 Type II)
• Twilio: SMS notifications (SOC 2 Type II)
• OpenAI: AI document analysis (SOC 2 Type II)
• Anthropic: AI document classification (SOC 2 Type II)
• Google (Workspace, Analytics, Cloud): Meetings, analytics, AI features (SOC 2 Type II)

3.2 Within Your HOA

• Board members can view resident contact information and payment status
• Property managers can access all HOA data for properties they manage
• Office staff can view information for their management company's properties
• Vendors can see work order details and property contact information
• Data access is controlled by role-based permissions and property assignments.

3.3 Legal Requirements

We may disclose information if required by law, including:

• Compliance with court orders, subpoenas, or legal process
• Reporting to law enforcement when legally required
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activity

3.4 Business Transfers

If HOA Cloud is acquired, merged, or sold, your information may be transferred to the new owner. We will notify you before your information becomes subject to a different privacy policy.

4. Data Security

We implement industry-standard security measures:

4.1 Encryption

• Data in Transit: TLS 1.3 encryption for all connections (HTTPS enforced)
• Data at Rest: AES-256 encryption for all stored data (database, files, backups)
• Payment Data: Additional encryption layer for banking information
• Passwords: Bcrypt hashing (not reversible)

4.2 Access Controls

• Role-based access control (RBAC) limits data visibility
• Multi-factor authentication (2FA) available for all users
• 2FA required for all administrative access (infrastructure)
• Database Row Level Security (RLS) policies enforce data isolation

4.3 Monitoring and Incident Response

• Real-time security monitoring and alerting
• Automated vulnerability scanning (Vercel, Dependabot)
• Incident response plan with 24/7 on-call team
• Comprehensive audit logging of all data access

Note: While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security but are committed to protecting your data.

5. Data Retention

We retain your information for different periods based on type and legal requirements:

See our Data Retention Policy for complete details.

6. Your Privacy Rights

6.1 Universal Rights (All Users)

• Access: Request a copy of all data we hold about you
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your personal data (exceptions apply for legal requirements)
• Portability: Receive your data in a portable format (JSON/CSV)
• Opt-Out: Unsubscribe from marketing emails and SMS

6.2 California Residents (CCPA)

In addition to the above, California residents have the right to:

• Know what personal information is collected, used, shared, or sold
• Delete personal information (with legal exceptions)
• Opt-out of sale of personal information (Note: We do not sell personal information)
• Non-discrimination for exercising privacy rights

6.3 European Residents (GDPR)

EU/EEA residents have additional rights including:

• Right to restriction of processing
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

6.4 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@hoacloud.app
• Mail: HOA Cloud, 627 Cape Coral Parkway West Suite 202, Cape Coral, FL 33914
• Phone: (239) 383-0064

We will respond to verified requests within 30 days. We may request additional information to verify your identity before fulfilling requests.

7. Cookies and Tracking Technologies

We use cookies, pixels, and similar technologies to enhance your experience. See our Cookie Policy for details.

Types of Cookies We Use:

• Essential Cookies: Required for platform functionality (authentication, sessions)
• Analytics Cookies: Google Analytics, Google Tag Manager (measure usage)
• Functional Cookies: Remember preferences, settings
• Advertising Cookies: We do not use third-party advertising cookies

You can manage cookie preferences via our cookie consent banner or browser settings. Note that disabling essential cookies may affect platform functionality.

8. Third-Party Links and Services

Our platform may contain links to third-party websites (e.g., vendor websites, document storage). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any information.

9. Children's Privacy

HOA Cloud is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@hoacloud.app.

10. International Data Transfers

Your information may be transferred to and maintained on servers located outside your country. By using HOA Cloud, you consent to the transfer of your information to the United States and other countries where our service providers operate.

We ensure that all international transfers comply with applicable data protection laws, including GDPR Standard Contractual Clauses where applicable.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to registered users
• Displaying an in-app notification upon login

Your continued use of HOA Cloud after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices: