Privacy Policy

Last updated: March 2026

1. Data We Collect

When you use HOApro.us, we collect the following categories of information:

Account Information

Your name, email address, and password (stored as a PBKDF2 hash — we never store plaintext passwords). For organizational accounts, your HOA or company name.

Document Form Data

Information you enter to complete document templates, such as community names, addresses, meeting dates, officer names, and other HOA-specific details. This data is used solely to populate your requested document.

Usage Logs

Standard server-side logs including IP addresses, browser user-agent strings, pages visited, and timestamps. These logs are used for security monitoring and service improvement. Logs are retained for 90 days.

Billing Information

Subscription status and payment references (e.g., Stripe customer ID). We do not store credit card numbers or CVV codes on our servers. All payment data is handled directly by Stripe.

2. How We Use Your Data

We use the information we collect for the following purposes:

  • To create and manage your account and authenticate your sessions.
  • To generate HOA documents based on the form data you provide.
  • To store and retrieve your generated documents via secure cloud storage.
  • To process subscription payments and manage billing through Stripe.
  • To send transactional emails (account confirmation, password reset, billing receipts).
  • To monitor for fraud, abuse, and security incidents.
  • To improve the reliability and quality of our template library and platform.
  • To comply with applicable legal obligations.

We do not sell your personal data. We do not use your data for advertising or behavioral profiling.

3. Data Storage

All user data is stored exclusively in the United States using Cloudflare’s infrastructure:

  • Cloudflare D1 (SQLite): Account records, subscription status, and document metadata are stored in Cloudflare D1 databases in U.S. data centers.
  • Cloudflare R2: Generated document files (PDF/DOCX) are stored in Cloudflare R2 object storage in U.S. regions.
  • Cloudflare Workers: Serverless compute handling API requests, running at Cloudflare edge nodes.

Data is encrypted at rest using AES-256 encryption provided by Cloudflare’s storage infrastructure, and in transit using TLS 1.3.

4. Sub-processors

We engage only two third-party sub-processors that may process personal data:

Cloudflare, Inc.

San Francisco, CA — Infrastructure, hosting, database, file storage, CDN, and DDoS protection. Data remains in U.S. data centers.

Stripe, Inc.

San Francisco, CA — Subscription billing and payment processing. Stripe processes payment card data under their own PCI-DSS compliance program.

For the full sub-processor list, see our Sub-processors page.

5. No AI Sub-processors

We do not use AI services to process your data.

HOApro.us generates documents using a deterministic template engine (server-side placeholder substitution). Your document form data is never transmitted to OpenAI, Anthropic, Google, or any other AI or large language model service. There are no AI sub-processors in our stack.

6. Cookies

We use a minimal cookie policy. By default, we set only one cookie:

hoapro_session

HttpOnly session cookie. Expires in 7 days. Used to maintain your authenticated session. Not accessible by JavaScript.

We do not set advertising, tracking, or third-party analytics cookies by default. Google Analytics (GA4) is available as an optional analytics tool but requires your explicit opt-in consent in accordance with our CCPA/GDPR cookie consent banner. For full details, see our Cookie Policy.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and associated personal data.
  • Portability: Request a machine-readable export of your data.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@hoapro.us. We will respond within 45 days. Identity verification may be required before processing your request.

8. California Residents — CCPA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights, including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of personal information.

We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising.

For a full description of your CCPA rights, see our CCPA Notice for California Residents.

9. Contact

For privacy-related questions, data requests, or concerns, contact our privacy team at privacy@hoapro.us. We aim to respond to all privacy inquiries within 5 business days.

Privacy questions? Contact us at privacy@hoapro.us
Privacy Policy — HOApro.us | HOApro.us