HOAdesk ("we," "us," or "our") operates the hoadesk.io platform and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, store, and protect information when you use our Service. By accessing or using HOAdesk, you agree to the practices described in this policy.

HOAdesk is a software-as-a-service platform designed for homeowners association management. Because our Service handles sensitive community data — including resident information, financial records, and meeting recordings — we take your privacy seriously and are committed to transparency about our data practices.

1. Information We Collect

We collect information necessary to provide, maintain, and improve the Service. The types of information we collect depend on how you interact with HOAdesk and the features your organization uses.

Account Information

When you create an account, we collect your name, email address, and password. Passwords are hashed using industry-standard algorithms and are never stored in plain text. If you sign in through a third-party authentication provider, we receive your name and email from that provider but do not receive or store your third-party password.

Organization Information

When your HOA is set up on the platform, we collect organization-level details including the association name, mailing address, unit count, and governing document references. This information is used to configure your workspace and generate compliance-aware reports.

Meeting Recordings and Transcripts

If your organization uses the AI-powered meeting minutes feature, we collect audio or video recordings of board meetings that you upload or record through the Service. These recordings are processed to generate transcripts and structured meeting minutes. Recordings and transcripts are associated with your organization account and are accessible only to authorized members of your organization.

Financial Data

Through our QuickBooks integration, we may access and process financial information related to your association, including assessment amounts, payment records, dues schedules, and account balances. This data is synchronized between HOAdesk and QuickBooks to provide unified financial reporting. We do not store credit card numbers, bank account numbers, or other direct payment instrument details on our servers.

Resident Information

Your organization may enter resident and homeowner data into the Service, including names, unit or lot numbers, mailing addresses, email addresses, and phone numbers. This information is managed by your organization and is used to facilitate communications, track ownership records, and manage community operations.

Usage Data

We automatically collect information about how you interact with the Service, including the features you use, session duration, pages visited, and actions taken within the platform. This data helps us understand how the Service is used and identify areas for improvement.

Device and Browser Information

When you access the Service, we may collect technical information such as your IP address, browser type and version, operating system, device type, screen resolution, and referring URL. This information is used for security monitoring, troubleshooting, and ensuring compatibility across devices.

2. How We Use Your Information

We use the information we collect for the following purposes:

Provide and operate the Service — to create and manage your account, configure your organization workspace, and deliver the core features of the platform including document management, communication tools, and compliance tracking.
Process meeting recordings — to transcribe audio and video recordings using AI-powered speech-to-text services and generate structured meeting minutes, action items, and voting records from those transcriptions.
Generate reports and compliance documents — to produce meeting minutes, financial summaries, and other documents that help your organization meet its legal and governance obligations.
Send notifications and announcements — to deliver system notifications, board communications, resident announcements, and other messages initiated by your organization or required for the operation of the Service.
Provide customer support — to respond to your inquiries, troubleshoot issues, and provide technical assistance when you contact us.
Improve and develop the Service — to analyze usage patterns, identify bugs, test new features, and make data-driven decisions about product development. When we use data for analytics and improvement purposes, we aggregate or de-identify it wherever possible.
Ensure security and prevent fraud — to monitor for unauthorized access, detect suspicious activity, and protect the integrity of the Service and our users' data.

3. Data Storage and Security

We take the security of your data seriously and implement administrative, technical, and physical safeguards designed to protect the information we collect and store.

Infrastructure and Hosting

HOAdesk data is hosted on Supabase, which runs on Amazon Web Services (AWS) infrastructure. Our database, authentication, and file storage services are operated within Supabase's managed environment, which benefits from AWS's physical security controls, network protections, and data center certifications.

Encryption

All data transmitted between your browser and our servers is encrypted in transit using TLS 1.2 or higher. Data stored in our databases and file storage systems is encrypted at rest using AES-256 encryption. Database backups are also encrypted.

Meeting Recordings

Meeting recordings uploaded to or captured by the Service are stored securely in encrypted cloud storage. Organization administrators can delete recordings at any time through the platform. When a recording is deleted, it is removed from our active storage systems, and any associated temporary processing files are purged within 30 days.

AI Processing

Meeting transcription and minute generation are powered by Anthropic Claude for AI analysis and Deepgram for speech-to-text processing. When your recordings and transcripts are sent to these services for processing, the data is transmitted securely and used solely to generate your requested output. Anthropic does not use your data to train its models. We carefully select AI partners that offer strong data processing agreements and do not retain customer data beyond what is necessary to fulfill the immediate request.

Security Practices

We employ role-based access controls, audit logging, regular vulnerability assessments, and secure development practices. We are working toward SOC 2 Type II compliance and continuously evaluate our security posture against industry standards. In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities in accordance with applicable law.

4. Data Sharing

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share your information only in the limited circumstances described below.

Third-Party Service Providers

We use trusted third-party services to operate and improve the platform. These providers access your data only as necessary to perform services on our behalf and are contractually obligated to protect it:

Supabase — database hosting, authentication, and file storage (infrastructure hosted on AWS).
Anthropic — AI-powered analysis for generating meeting minutes, summaries, and compliance reports from transcripts.
Deepgram — speech-to-text transcription of meeting recordings.
QuickBooks (Intuit) — financial data synchronization for associations that enable the accounting integration.
Vercel — application hosting and content delivery.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, such as a subpoena, court order, or government request. We may also disclose information when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a law enforcement request.

Business Transfers

If HOAdesk is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your information is transferred and becomes subject to a different privacy policy.

5. Your Rights

We believe you should have meaningful control over the data you entrust to us. Depending on your jurisdiction, you may have some or all of the following rights:

Access your data — you can request a copy of the personal information we hold about you. Organization administrators can access and export organization-level data directly through the platform at any time.
Delete your data — you can request deletion of your personal information. Organization administrators can delete meeting recordings, resident records, and other organization data through the platform. Account deletion requests can be submitted to our support team and will be processed within 30 days.
Export your data — you can export your organization's data, including meeting minutes, resident directories, and financial summaries, in standard formats through the platform's built-in export features.
Opt out of communications — you can unsubscribe from promotional emails at any time by clicking the unsubscribe link in any marketing email. Note that you may still receive transactional communications necessary for the operation of the Service, such as security alerts and billing notifications.
Correct your data — you can update your account information at any time through your profile settings. If you believe other data we hold about you is inaccurate, contact us and we will review and correct it.

To exercise any of these rights, please contact us at privacy@hoadesk.io. We will respond to verified requests within 30 days. We may ask you to verify your identity before processing certain requests to protect your account security.

6. Cookies and Tracking

HOAdesk uses a minimal set of cookies and similar technologies to operate the Service. We do not use cookies for advertising purposes and do not participate in third-party ad networks.

Essential Cookies

We use essential cookies to authenticate your session, maintain your login state, and remember your preferences. These cookies are strictly necessary for the Service to function and cannot be disabled. They are typically set in response to actions you take, such as logging in or setting your preferences.

Analytics

We may use minimal, privacy-respecting analytics to understand aggregate usage patterns, such as which features are most used and how users navigate the platform. We do not use invasive tracking technologies, and we do not build advertising profiles based on your activity. Where analytics are used, we prefer tools that respect user privacy and do not share data with third-party advertisers.

7. Children's Privacy

HOAdesk is designed for use by homeowners association board members, property managers, and adult community residents. The Service is not intended for use by children under the age of 13, and we do not knowingly collect personal information from children under 13.

If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to delete that information promptly. If you believe we may have inadvertently collected information from a child under 13, please contact us at privacy@hoadesk.io.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will notify users by posting a notice within the Service and, where appropriate, sending an email to the address associated with your account.

We encourage you to review this policy periodically. The "Effective Date" at the top of this page indicates when this policy was last revised. Your continued use of the Service after a revised policy takes effect constitutes your acceptance of the updated terms.

9. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@hoadesk.io
Website: hoadesk.io

We will make every effort to respond to your inquiry within 30 business days. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.