Privacy Policy

1. Personal information we collect

• Account information: name, email, phone number, role, login credentials, organization, association, and profile settings.
• Community and resident information: property address, unit, owner or resident records, communications, parking, vehicle, pet, emergency contact, account status, and association records provided by customers.
• Operational records: service tickets, violations, ARC applications, meeting records, votes, task assignments, call notes, inspection findings, uploads, reports, vendor records, invoices, and audit logs.
• Financial and billing information: subscription, payment, invoice, account balance, budget, delinquency, and financial report data submitted by customers or processed through integrations.
• Usage and device information: IP address, browser, device identifiers, pages viewed, feature use, event logs, approximate location, diagnostics, and security telemetry.
• Integration data: email, calendar, document, video meeting, storage, payment, or other third-party data that a customer authorizes the platform to access.
• AI input and output: prompts, uploaded content, extracted fields, generated drafts, summaries, task suggestions, and reviewer actions.

2. Sources of personal information

We collect personal information directly from users and customers, automatically through the service, from authorized integrations, from support interactions, from public or association records uploaded by customers, and from service providers that support platform operations.

3. How we use information

• Provide, secure, administer, personalize, and support the service.
• Create accounts, authenticate users, enforce role-based permissions, and maintain audit logs.
• Process service tickets, resident communications, documents, reports, meetings, tasks, violations, ARC requests, inspections, vendors, billing, and integrations.
• Operate AI-assisted features, including parsing emails into draft tasks, summarizing documents, and generating reports for human review.
• Detect, prevent, and investigate abuse, security incidents, fraud, unauthorized access, and policy violations.
• Comply with legal obligations, enforce agreements, respond to lawful requests, and protect rights and safety.
• Improve reliability, troubleshoot issues, analyze usage, and develop new features.

4. How we disclose information

• To the customer organization and authorized users according to configured roles and permissions.
• To service providers and subprocessors that host, store, process, transmit, secure, analyze, or support the service.
• To third-party integrations authorized by the customer or user.
• To comply with law, legal process, enforcement requests, subpoenas, court orders, or government requests.
• In connection with a merger, financing, acquisition, reorganization, or sale of assets, subject to appropriate safeguards.
• With consent or at the direction of the customer or user.

5. California privacy rights

California residents may have rights to know, access, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and be free from discrimination for exercising privacy rights, subject to legal exceptions.

HOA Operations does not sell personal information and does not share personal information for cross-context behavioral advertising as those terms are used in the CCPA unless a future notice states otherwise. Privacy requests may be sent to admin@hoaoperations.com. General requests for more information may be sent to info@hoaoperations.com. If the information is controlled by a customer, we may direct the request to that customer or process it as the customer's service provider.

6. Sensitive information

The platform may process sensitive information when customers upload it, including financial information, account credentials, precise association records, geolocation-like property information, legal notices, enforcement records, and resident communications. Sensitive information is used only to provide the service, maintain security, comply with law, and as instructed by the customer.

7. Cookies and analytics

We use necessary cookies and similar technologies for login, session security, preferences, and service operation. We may use analytics or performance technologies to understand feature usage and reliability. More information appears in the Cookie Notice.

8. Retention

We retain personal information for as long as needed to provide the service, comply with customer instructions, maintain audit records, resolve disputes, enforce agreements, comply with legal obligations, and protect security. Customers may configure or request export, archive, deletion, or offboarding according to their agreement.

9. Security

We use administrative, technical, and organizational safeguards designed to protect personal information. Safeguards include role-based access controls, authentication, audit logs, secure infrastructure, encryption where appropriate, and vendor review. No method of transmission or storage is completely secure.

10. Children

The service is intended for business and association administration and is not directed to children under 13. Customers should not create child user accounts. If resident records include minors, customers are responsible for ensuring the collection and use is lawful and appropriate.

11. International use

The service is operated from the United States. If users access the service from outside the United States, information may be processed in the United States or other locations where service providers operate.

12. Google and Microsoft email integration

HOA Operations offers an optional integration that allows authorized managers to connect a Gmail or Microsoft Outlook account to their workspace. This integration is entirely voluntary and may be disconnected at any time from the Communication Hub settings.

• What we access: When a manager connects Gmail or Outlook, HOA Operations requests read-only access to email messages in the connected inbox. We do not access contacts, drafts, sent mail, labels, calendar, or any other Google or Microsoft product data beyond what is described here.
• Why we access it: HOA managers receive a high volume of homeowner emails across multiple communities. The integration allows our AI assistant (Cid) to read incoming messages, identify the relevant association, categorize communications by topic (maintenance requests, violations, financial inquiries, ARC requests, and similar), draft suggested task items, and surface follow-up priorities — all for human review before any action is taken.
• How data is used: Email content read through the Gmail or Outlook API is processed solely to provide the email triage and task-drafting features within the HOA Operations platform. Email data is never used for advertising, profiling, training AI models beyond the immediate request, or shared with third parties other than the AI model provider (Anthropic) processing the specific request under a data processing agreement.
• Storage: Parsed email records and AI-generated task drafts are stored in the customer's workspace and subject to the customer's data retention configuration. Raw email content retrieved from Gmail or Outlook is not stored beyond the duration of the sync request.
• Revoking access: Managers may disconnect their Gmail or Microsoft account at any time from Communication Hub → Connected Accounts. Revoking access stops all further email syncing. Previously parsed records remain in the workspace unless deleted by the customer.
• Google API Services User Data Policy: HOA Operations' use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Email data obtained through the Gmail API is used only to provide the email triage features described above and is not transferred to third parties except as necessary to operate those features.

13. Contact

Privacy requests and security reports may be sent to admin@hoaoperations.com. General requests for more information may be sent to info@hoaoperations.com. The customer-facing legal entity and mailing address should be confirmed before launch and added to this policy.