🌿 Plain-English Summary
If you want the full legal details, keep reading. If you just want to use the service, that's all you really need to know.
1. Information We Collect
We collect only the data necessary to provide the HOAIssueFix service. Categories:
A. Account Information
- Email address — required for sign-in and account recovery
- Hashed password — managed by our authentication provider (Supabase); we never see your plaintext password
- Optional name — only if you provide it during signup or in letter templates
B. HOA Violation Content (the data you submit)
- HOA notices you upload (PDF, image, or pasted text)
- Information you provide about your situation: state of residence, violation type, fine amount, deadlines, CC&R excerpts
- Letters and documents you generate using our tools
C. Billing Information
If you subscribe to a paid plan, billing is handled exclusively by LemonSqueezy. We never see or store your credit card number, CVV, or full payment details. We receive only a subscription identifier, plan tier, and renewal status.
D. Technical Data
- IP address (used for security and abuse prevention, then anonymized)
- Browser type, device type, and operating system (for compatibility)
- Pages visited and timestamps (essential analytics only)
E. Cases You Save (stored on your device)
The "Recent Cases" deadline tracker in your dashboard saves the case titles, fine amounts, and deadlines you enter in your own browser (localStorage). This stays on your device — it is not transmitted to or stored on our servers — and clearing your browser data removes it. (If we later offer optional cross-device sync, it will be stored in your own authenticated account and protected so only you can access it.)
2. How We Use Your Information
We use the data we collect only for these purposes:
- To provide AI-powered analysis of your HOA notice
- To generate appeal letters, dispute responses, and other documents you request
- To maintain your account and let you sign in
- To process subscription payments (via LemonSqueezy)
- To respond to your support requests
- To detect abuse, fraud, or security threats
- To improve the platform (using aggregated, anonymized usage patterns only)
3. AI Processing & Your HOA Notice
HOAIssueFix uses large language models (LLMs) to analyze your HOA violation. When you submit a notice:
- The text is sent to our AI provider (OpenRouter, which routes to Meta Llama or similar models) for analysis
- The AI generates a response — analysis, legal arguments, letter drafts — which is returned to your browser
- Our AI provider's policy prohibits using your data to train models, but you should treat any data you submit as if it could potentially be reviewed by humans for safety/abuse monitoring
What gets sent to the AI
Only the violation text, your state, your selected tool (analyzer, letter generator, etc.), and any context you choose to provide. Your email, account info, and billing data are never sent to the AI provider.
5. Third-Party Services
We use a small number of trusted infrastructure providers. Each handles a specific function:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication & database | Email, hashed password, account data |
| OpenRouter | AI inference (HOA analysis) | Your submitted violation text only |
| LemonSqueezy | Payment processing & subscriptions | Email, billing info you provide them |
| Cloudflare Pages | Website hosting & CDN | IP address, page requests (anonymized) |
Each provider has its own privacy policy. We review them annually and only work with providers that meet our security standards. Links: Supabase · OpenRouter · LemonSqueezy · Cloudflare.
6. Data Storage & Security
Your data is protected by:
- 256-bit TLS encryption on every connection between your browser and our servers
- Encryption at rest for all stored data on Supabase
- Strict access controls — only authorized personnel can access production systems
- Row-level security — your account data is isolated from other users' data at the database level
- Hashed passwords using industry-standard bcrypt; we never see plaintext passwords
That said, no system is 100% breach-proof. If we ever discover a security incident affecting your data, we'll notify you within 72 hours as required by GDPR and applicable state laws.
7. Data Retention
- Account data: Retained as long as your account is active. Deleted within 30 days of account deletion request.
- Uploaded HOA notices & analyses: Retained for 30 days by default. You can delete them at any time from your dashboard.
- Generated letters: Retained as long as your account is active so you can re-download them. You can delete them at any time.
- Billing records: Retained for 7 years for tax and accounting compliance, as required by US law.
- Server logs: Retained for 30 days for security and abuse detection, then automatically purged.
8. Your Rights
Regardless of where you live, you have these baseline rights:
- Right to access: request a copy of all data we hold about you
- Right to correction: ask us to fix inaccurate information
- Right to deletion: ask us to delete your account and data
- Right to portability: get your data in a machine-readable format
- Right to opt out: opt out of any non-essential data processing
- Right to lodge a complaint: with your local data protection authority
To exercise any of these rights, email [email protected] from the address tied to your account. We'll respond within 30 days (often within 48 hours).
9. Children's Privacy (COPPA)
HOAIssueFix is intended for adults (18+) who own property under HOA jurisdiction. We do not knowingly collect data from children under 13. If you believe a child has provided us data, please email [email protected] and we will delete it immediately.
10. California Residents (CCPA / CPRA)
If you're a California resident, the California Consumer Privacy Act gives you additional rights:
- Right to know what personal information we collect, how we use it, and who we share it with
- Right to delete personal information we have collected about you
- Right to correct inaccurate personal information
- Right to opt out of "sale" or "sharing" — we never sell or share your information for cross-context behavioral advertising, so this opt-out is effectively automatic
- Right to non-discrimination — we will never charge you more or provide a lesser service for exercising your CCPA rights
To exercise these rights, email [email protected]. We'll verify your identity using your account email before processing the request.
11. International Users
HOAIssueFix is operated from the United States and is designed for US homeowners (HOAs are predominantly a US legal structure). Our services are not directed at users outside the US.
If you access HOAIssueFix from outside the US, your data will be transferred to and processed in the United States. By using our service, you consent to this transfer.
EU/UK users (GDPR): Our legal basis for processing is (a) contract performance — to provide the service you requested — and (b) legitimate interest — to maintain platform security. You have all the rights listed in Section 8.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our service or applicable law. When we make material changes, we will:
- Update the "Last updated" date at the top
- Notify active account holders by email at least 30 days before the change takes effect
- Post a banner on the site for at least 14 days
Your continued use of HOAIssueFix after a Privacy Policy update constitutes acceptance of the revised terms.
13. Contact Us
Questions about this Privacy Policy, your data, or how to exercise your rights? We're a small team and we answer every email personally:
Response time: within 48 hours, often the same day
For data subject requests (CCPA / GDPR): include "Data Request" in the subject line
Mailing address: HOAIssueFix, Privacy Team, c/o [email protected]
This Privacy Policy was last reviewed on May 28, 2026.