Privacy Policy

We collect information from and about three kinds of people:

• Customers — HOA administrators, property managers, or other paid subscribers who sign up for the Service.
• Residents — members of a community whose administrator invited them to join.
• Visitors — anyone who browses our public pages or a community’s public-facing site.

For resident data, the community’s HOA administrator is the controller of that data and ResiHubly acts as a processor on their behalf.

You give us directly:

• Account details: name, email address, password (hashed with bcrypt), phone number, unit number, profile photo.
• Community details: HOA name, address, logo, brand color, board roster, amenities, bylaws and other documents you upload.
• Content: announcements, events, messages, complaints, reservations, and any other content you or your residents create inside the Service.
• Billing details: the HOA’s name and email, plus payment information collected and tokenized by Stripe (we never see your full card number).
• Support communications: anything you send to us via email, the contact form, or when you reply to one of our emails.

We get from third parties:

• Google (Sign-in with Google): if you choose to sign in with Google, Google sends us your basic profile (name, email address, Google account ID, profile image, and whether the email is verified). We only request the minimum OAuth scopes needed to identify you (openid,email, profile). We do not access your Gmail, Drive, Calendar, Contacts, or any other Google Workspace data, and we do not use Google data to build ad profiles.
• Stripe: subscription status, invoice history, the last 4 digits and brand of your payment method, and billing country.
• Email providers: delivery, bounce, and spam-complaint data so we can keep our messages deliverable.

Collected automatically:

• Device and browser info: user agent, IP address, operating system, screen size.
• Usage info: pages you view, links you click, timestamps, referring URL, and the community you were viewing.
• Strictly necessary cookies / session tokens used to keep you signed in.

We do not run third-party advertising trackers, Facebook Pixel, or re-targeting pixels on the application.

We use the information we collect to:

• operate and maintain the Service (authenticating you, loading your community, sending messages you asked us to send);
• deliver transactional email notifications (password reset, event RSVP, amenity booking, admin messages, contact form replies, billing receipts);
• process payments and manage subscriptions through Stripe;
• protect the Service from abuse, fraud, and unauthorized access, and enforce our Terms of Service;
• respond to support requests and contact you about service-related issues;
• improve the Service, debug errors, and analyze aggregate usage patterns;
• comply with legal obligations and respond to lawful requests.

We do not sell personal information. We do not sharepersonal information with third parties for their own advertising or marketing. We do not use Google user data for advertising, and we do not transfer Google user data to third parties except as strictly needed to provide or improve the sign-in feature, or as required by law.

Where the GDPR or UK GDPR applies, we rely on the following legal bases: (a) performance of a contract when we provide the Service you signed up for; (b) legitimate interest in keeping the Service secure, preventing abuse, and communicating with customers; (c) consentwhere required (you can withdraw consent at any time); and (d) legal obligation where we have to keep records.

We share personal information only with:

• Your community. If you are a resident, your HOA administrators can see your name, email, unit, profile, and anything you post inside the community (messages, RSVPs, complaints, reservations).
• Service providers (processors) that help us run the product, under contractual confidentiality and data-protection terms:
  • Stripe — payment processing.
  • Amazon Web Services — database, file storage, and hosting (US regions).
  • Google — optional single sign-on.
  • Transactional email provider(s) — to deliver emails.
  • Cloudflare — DNS, TLS, and bot / DDoS protection.
• Legal, safety, and compliance — to comply with a subpoena or other lawful request, to protect our rights, or to protect someone’s safety.
• Business transfers — if ResiHubly is acquired or merged, personal information may transfer to the acquirer, subject to this Privacy Policy.

ResiHubly uses only strictly necessary cookies / local-storage values to: (i) keep you signed in (NextAuth session token), (ii) remember your UI preferences, and (iii) secure the application with CSRF tokens. These cookies are essential to the Service and cannot be disabled without breaking core functionality. We do not use advertising or cross-site tracking cookies.

We keep personal information for as long as your account or community is active, and for a reasonable period afterward to comply with legal, accounting, and security obligations (typically up to 24 months after account closure, except for payment records which we retain for 7 years as required by US tax and financial regulations). You can request earlier deletion at any time (see Section 9).

We protect personal information using industry-standard safeguards, including TLS 1.2+ in transit, encryption at rest for the database and file storage, bcrypt-hashed passwords, role-based access inside the application, audited cloud infrastructure, and regular backups. No system is perfectly secure — if we become aware of a breach that affects you, we will notify you as required by law.

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete your account and personal information (“right to be forgotten”).
• Export a copy of your personal information in a portable format.
• Object to, or restrict, certain processing.
• Withdraw consent where processing is based on consent.
• Opt-out of “sale” or “sharing” of personal information (CCPA/CPRA). ResiHubly does not sell or share personal information for cross-context behavioral advertising, so there is nothing to opt out of, but you may still submit a request.
• Non-discrimination — we won’t charge you more or give you a worse experience for exercising these rights.

To exercise any of these rights, email[email protected]from the email address associated with your account. We’ll respond within 30 days (45 days for CCPA requests, extendable where allowed by law). If you are a resident, we may forward your request to your HOA administrator, who is the controller of that data.

ResiHubly is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe we have inadvertently collected information from a child under 13, email us and we will delete it.

ResiHubly is hosted in the United States. If you access the Service from outside the US, your information will be transferred to, stored in, and processed in the US (and potentially other countries where our service providers operate). We use appropriate safeguards for any such transfers as required by applicable law.

Service-related emails (password resets, billing receipts, RSVP confirmations, admin messages, community broadcasts you opted into by joining a community) are considered transactional and can’t be turned off without leaving the community. We do not send marketing email to residents without their community’s consent. If you believe you received email from ResiHubly in error, forward it to[email protected]and we will investigate.

ResiHubly’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, ResiHubly only uses Google user data to provide the “Sign in with Google” feature: authenticating you, creating or matching your ResiHubly account, and displaying your name/profile photo inside your community. We never use Google user data for advertising, human review, or to train AI models.

We may update this Privacy Policy from time to time. If a change is material, we’ll give you reasonable advance notice by email or through the Service. The “Last updated” date at the top reflects the current version.

Questions or requests regarding this Privacy Policy? Reach the ResiHubly privacy team at [email protected] or via the contact form.

ResiHubly · Cincinnati, Ohio, USA