HOA Operations

Security Policy

Last updated: May 4, 2026

This Security Policy summarizes the safeguards HOA Operations is designed to maintain for platform data. Specific commitments may be expanded in a signed agreement, security exhibit, or enterprise order form.

1. Security program

Administrative, technical, and organizational safeguards appropriate to the nature of the data processed.
Role-based access controls and least-privilege access for customer workspaces.
Authentication and session controls for authorized users.
Audit logging for important workspace activity, administrative actions, and security-relevant events.
Encryption in transit and, where supported by infrastructure, encryption at rest.
Vendor and subprocessor review for providers that handle customer data.
Incident response procedures for suspected unauthorized access or disclosure.

2. Customer responsibilities

Assign correct roles and promptly remove users who no longer need access.
Use strong authentication and protect credentials.
Review AI output, imports, exports, notices, and reports before external use.
Avoid uploading data that is not needed for HOA operations.
Promptly report suspected account compromise or unauthorized access.

3. Incident response

If HOA Operations becomes aware of a confirmed security incident affecting customer data, it will notify affected customers without undue delay and provide information reasonably available to support investigation, mitigation, and required notices.

4. Vulnerability reporting

Security issues may be reported to admin@hoaoperations.com. Do not access, alter, delete, or exfiltrate data that is not yours. Good-faith reports should include steps to reproduce and enough detail to validate the issue.