Security

At HOAcares, protecting your community's data is our top priority. We employ industry-standard security practices to ensure your information remains safe, private, and available when you need it.

1. Data Encryption

All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (HTTPS). Sensitive data stored in our databases, including passwords and payment information, is encrypted at rest using AES-256 encryption.

2. Authentication & Access Control

We implement robust authentication mechanisms to protect your account:

  • Passwords are hashed using Argon2ID (memory-hard, GPU-resistant)
  • Role-based access control (RBAC) ensures users only see data appropriate to their role
  • Session tokens expire after periods of inactivity
  • Multi-tenant isolation ensures each HOA community's data is strictly separated

3. Infrastructure Security

Our hosting infrastructure includes:

  • Server-level firewalls and intrusion detection systems
  • Regular security patches and software updates
  • Automated daily backups with encrypted offsite storage
  • DDoS protection and rate limiting on all endpoints

4. Application Security

Our development practices follow OWASP guidelines to protect against common web vulnerabilities:

  • Cross-Site Scripting (XSS) prevention through output escaping
  • Cross-Site Request Forgery (CSRF) protection on all forms
  • SQL injection prevention through parameterized queries
  • Input validation and sanitization on all user-submitted data

5. Data Privacy & Tenant Isolation

Each HOA community operates in a fully isolated environment. Tenant-scoped data access ensures that residents, board members, and administrators of one community can never access another community's information. All database queries are automatically filtered by tenant context.

6. Payment Security

We never store credit card numbers on our servers. All payment processing is handled by PCI DSS-compliant third-party providers. Payment tokens are used for recurring transactions, ensuring your financial data stays with the payment processor.

7. Incident Response

In the event of a security incident, we follow a structured response process:

  • Immediate containment and investigation
  • Notification to affected users within 72 hours
  • Root cause analysis and remediation
  • Post-incident review and security improvements

8. Reporting a Vulnerability

If you discover a security vulnerability, please report it responsibly by contacting us at:

HOAcares Security Team
Email: security@hoacares.com
Website: www.hoacares.com

We take all reports seriously and will respond promptly to investigate and address any legitimate concerns.