Data Processing Addendum

Last updated: March 2026

Overview

A Data Processing Addendum (“DPA”) is a contractual document that establishes the terms under which HOApro.us processes personal data on behalf of a customer in its role as a data processor or service provider under applicable privacy law.

Our standard DPA is available upon request and is designed for enterprise customers and property management companies that:

  • Manage multiple HOA communities and require contractual data processing terms.
  • Are subject to CCPA, state privacy laws, or industry-specific data obligations.
  • Require documented sub-processor lists and notification rights as part of their own compliance programs.
  • Need a formal agreement governing deletion timelines, breach notification, and audit rights.

What Our Standard DPA Covers

The HOApro.us standard DPA addresses the following topics:

Scope and Roles

Defines HOApro.us as a “service provider” (under CCPA) or “data processor” and the customer as a “business” or “controller” for the data processed through the platform.

Applicable Law

Covers data processing obligations under the California Consumer Privacy Act (CCPA/CPRA) and other applicable U.S. state privacy laws. Does not extend to GDPR (EU) as our service is U.S.-only.

Processing Instructions

Limits our processing of customer personal data to the documented purposes necessary to deliver the HOApro.us service. Prohibits us from selling, sharing, or retaining data beyond the service scope.

Sub-processors

Lists our approved sub-processors (Cloudflare and Stripe) and establishes a notification process for any future changes to the sub-processor list. See our Sub-processors page for the current list.

Security Measures

Describes the technical and organizational security measures we maintain, including encryption, access controls, and incident response procedures consistent with our Security page.

Data Deletion

Specifies timelines and procedures for deletion of customer data upon account termination or upon written request.

Breach Notification

Commits to notifying affected customers within 72 hours of a confirmed breach involving their data, consistent with applicable state notification laws.

Audit Rights

Provides enterprise customers with reasonable rights to request documentation of our security and compliance practices, including third-party audit reports where available.

How to Request a DPA

To request a Data Processing Addendum, contact our legal team at legal@hoapro.us with the following information:

  • Your organization name and HOApro.us account email.
  • The number of HOA communities you manage on our platform.
  • Any specific compliance requirements or provisions you need addressed (e.g., CCPA, specific state law, internal policies).

We will respond with a draft DPA within 5 business days for standard requests. Custom DPA negotiations for enterprise accounts may require additional time.

Individual users and small HOA boards do not typically require a DPA. Our Privacy Policy and Terms of Service govern data processing for standard accounts and serve as the data processing agreement for most users.

Enterprise & Property Management Accounts

Property management companies and enterprise customers managing multiple communities have specific needs for documented data governance. In addition to DPA requests, we can provide:

  • A written description of our security controls and infrastructure architecture.
  • Responses to security questionnaires (CAIQ, SIG Lite, vendor assessment forms).
  • Evidence of Cloudflare and Stripe compliance certifications (SOC 2, PCI DSS).
  • Custom data retention and deletion schedules for enterprise accounts.

Contact legal@hoapro.us for enterprise compliance discussions.

Request a DPA at legal@hoapro.us