Privacy Policy
Effective Date: April 9, 2026 • Last Updated: April 9, 2026
HOAcares ("we," "us," or "our") operates the HOAcares.com platform, a multi-tenant SaaS application for homeowners association management. This Privacy Policy describes how we collect, use, store, share, and protect your personal information.
1. Information We Collect
Categories of Personal Information:
| Category | Examples | Purpose |
|---|---|---|
| Identifiers | Name, email, phone, mailing address | Account creation, communication |
| Account Data | Login credentials, profile photo, preferences | Authentication, personalization |
| Financial Data | Invoice history, payment records | Billing, HOA dues collection |
| Property Data | Property addresses, unit numbers, ownership | Community management |
| Communications | Messages, forum posts, maintenance requests | Service delivery |
| Device/Usage Data | IP address, browser type, pages visited | Security, analytics, troubleshooting |
We do not sell your personal information. We do not share your data with third parties for their own marketing purposes.
2. How We Use Your Information
- Provide, operate, and improve the HOAcares platform
- Process HOA dues, assessments, and payment transactions
- Send transactional emails (invoices, password resets, verification)
- Send community notifications (announcements, events, violations) per your preferences
- Send SMS text messages only with your explicit consent (TCPA compliance)
- Detect, prevent, and respond to fraud, abuse, and security incidents
- Comply with legal obligations and respond to lawful requests
3. Data Storage and Security
We implement industry-standard security measures including:
- AES-256-CTR encryption with SHA-512 HMAC for sensitive data at rest
- TLS 1.2+ encryption for all data in transit (HSTS enforced)
- Argon2ID password hashing (no plaintext or reversible storage)
- Multi-factor authentication (MFA) available for all accounts
- Role-based access control with tenant isolation
- Comprehensive audit logging of all administrative actions
- Regular security assessments and code reviews
4. Cookies
We use the following cookies:
- Session cookie (essential) — maintains your login session
- CSRF token (essential) — prevents cross-site request forgery
- Remember me token (optional) — persistent login, 30-day expiry
- Cookie consent (functional) — records your cookie preference
- Theme preference (functional) — remembers your portal theme
We do not use third-party advertising, analytics, or tracking cookies. No data is shared with ad networks.
5. Sub-Processors and Third-Party Services
We share personal information only with the following service providers, each bound by data processing agreements:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Stripe, Inc. | Payment processing | Name, email, payment card (tokenized) | USA |
| PayPal Holdings | Payment processing | Name, email, invoice amounts | USA |
| Twilio, Inc. | SMS notifications | Phone number, message content | USA |
| cPanel / WHM | Server hosting | All platform data (encrypted at rest) | USA |
Payment card numbers are never stored on our servers. All payment processing is handled directly by Stripe or PayPal (PCI DSS Level 1 certified providers). We only store transaction references and amounts.
6. Your Privacy Rights
California Residents (CCPA/CPRA):
Under the California Consumer Privacy Act, you have the right to:
- Right to Know — Request a copy of all personal information we hold about you. Use the Export My Data feature in your profile settings.
- Right to Delete — Request deletion of your personal data. Use the Delete My Account feature in your profile settings (72-hour grace period applies).
- Right to Opt-Out of Sale — We do not sell personal information. No opt-out is necessary.
- Right to Non-Discrimination — We will not discriminate against you for exercising your privacy rights.
- Right to Correct — Update your information anytime from your profile page.
All Users:
- Access and export your data in JSON format
- Correct inaccurate information via your profile
- Request account deletion with a 72-hour cancellation window
- Withdraw SMS consent at any time from notification settings
- Unsubscribe from email notifications via one-click unsubscribe links
- Manage notification preferences per channel (email, SMS, push, in-app)
7. Data Retention Schedule
| Data Type | Retention Period | Basis |
|---|---|---|
| Account profile | Until deletion requested | Service delivery |
| Financial records (invoices, payments) | 7 years after creation | Tax/legal compliance |
| Audit logs | 3 years | Security/compliance |
| Email queue records | 30 days after delivery | Troubleshooting |
| Session data | 24 hours of inactivity | Authentication |
| Deleted accounts | Soft-deleted 30 days, then purged | Recovery window |
8. SMS and Text Messages (TCPA)
We send SMS text messages only to users who have provided explicit, documented consent. Consent is recorded with a timestamp and IP address. You may withdraw consent at any time from your notification settings. Standard message and data rates may apply. Message frequency varies based on your community's activity.
9. Email Communications (CAN-SPAM)
All marketing and community email blasts include a one-click unsubscribe link and our physical mailing address. We honor unsubscribe requests immediately. Transactional emails (password resets, payment confirmations) are not subject to unsubscribe as they are necessary for service delivery.
10. Children's Privacy
HOAcares is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notification. The "Last Updated" date at the top reflects the most recent revision. Continued use after changes constitutes acceptance.
12. Contact Us
For privacy inquiries, data requests, or to exercise your rights:
HOAcares — Data Protection Officer
3439 W Brainard Rd #187
Woodmere, OH 44122
Email: privacy@hoacares.com
Website: www.hoacares.com
You may also contact us at support@hoacares.com for general questions.