Legal

Privacy Policy

Effective May 28, 2026.

HOA Board Minutes ("the Service"), operated by HOA Fiscal and Dynamite Management, takes your privacy seriously. This policy explains what we collect, how we use it, and the choices you have.

1. What we collect

Account info. When you register: your first and last name, email address, the role you select, and your association name. We use email as your sign-in identity.

Content you create. Associations, meetings, agendas, minutes, motions, attendance, officer rosters, attached documents, and anything else you enter or upload.

Usage data. Standard web logs (IP address, user agent, pages visited, timestamps) for security and debugging. Aggregated anonymous traffic data via Ahrefs Analytics.

We do not collect Social Security numbers, payment card data, government IDs, or other sensitive personal data through this Service.

2. How we use it

  • To run the Service: store your data, send you verification and notification email, and let you collaborate within your association.
  • To keep it secure: detect abuse, prevent bot signups, investigate incidents.
  • To improve it: understand which features are used so we can prioritize improvements.
  • To contact you about important account matters (e.g. password reset, deprecations, terms changes). We don't send marketing email without separately asking.

3. Where your data is stored

  • Database (account info, association/meeting/officer data, minute content): Render-managed PostgreSQL, hosted in the Oregon region.
  • File attachments and approved-minutes PDFs: Microsoft Azure Blob Storage.
  • Blog images: Cloudinary.
  • Verification + contact email: routed through SendGrid (Twilio).

All transit is encrypted (HTTPS / TLS). Backups are managed by the underlying providers per their standards.

4. Tenant isolation

Each user only sees data from associations they have explicit access to. We do not share content between tenants. Administrative access to the production database is restricted to operators of HOA Fiscal and audited.

5. Sharing with third parties

We share the minimum necessary data with the service providers listed in Section 3 so they can perform their function (e.g. SendGrid receives your email address to deliver the verification email). We don't sell your data, and we don't share it with advertisers.

We may disclose data if compelled by valid legal process, or to defend our legal rights or the safety of others.

6. Your choices

  • Edit your name & email: visit your profile.
  • Export your data: any approved meeting can be exported as a .docx or .zip. Other data export available by request to info@hoafiscal.com.
  • Delete your account: email us at info@hoafiscal.com and we'll remove your account and your association's data within 30 days, unless a co-tenant on the association is still using it.
  • Opt out of analytics: most browsers can block third-party scripts via privacy mode or extensions. We don't use cookies for advertising.

7. Children

This Service is not directed at children under 13 and we do not knowingly collect data from them.

8. Security

We use industry-standard practices: TLS in transit, encryption-at-rest provided by our cloud vendors, password hashing via Django's PBKDF2 default, single-use email-verified registration, rate limiting on sensitive endpoints, and explicit tenant-isolation checks on every view that touches association data.

Despite our efforts, no system is perfectly secure. As Section 5 of the Terms of Service emphasizes, you should keep your own backup copies of any official minutes.

9. Changes

We may update this policy. Material changes will be communicated via email to active users. The "Effective" date above marks the current version.

10. Contact

Privacy questions? Email info@hoafiscal.com.