Summary: BoardArmor collects only the information necessary to operate your HOA management workspace. We do not sell your data. We do not share it with third parties except the service providers listed in this policy. Your HOA data belongs to your HOA.
1. Who We Are
BoardArmor LLC ("BoardArmor," "we," "our," or "us") is a software company incorporated in Oregon, providing an AI-powered HOA management platform to self-managed homeowners associations and rental property managers. Our platform is available at app.board-armor.com.
This Privacy Policy describes how we collect, use, and protect information when you use our platform. By using BoardArmor, you agree to the practices described in this policy.
2. Information We Collect
2.1 Account Information
When you create a BoardArmor account, we collect:
- Name and email address
- Password (stored in encrypted form โ we never see your plaintext password)
- Organization name, address, and contact information
- Billing information (processed by Stripe โ we do not store card numbers)
2.2 HOA and Community Data
As you use the platform, you may enter information about your community including:
- Homeowner and resident names, unit numbers, email addresses, and phone numbers
- Violation records and notices
- Dues, payment records, and financial data
- Maintenance requests and vendor information
- Meeting minutes and board documents
- Uploaded documents (CC&Rs, insurance policies, contracts)
- Emergency incident records
This data is entered by you and belongs to your organization. We treat it as confidential.
2.3 Usage Data
We automatically collect limited technical information when you use the platform:
- Browser type and operating system
- Pages visited and features used
- Date and time of access
- IP address
2.4 Communications
When you contact us for support or send email communications through the platform, we retain those communications to provide support and improve our service.
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the BoardArmor platform
- Process payments and manage subscriptions
- Send transactional emails on behalf of your HOA board (violation notices, dues reminders, emergency broadcasts)
- Provide customer support
- Send service-related notifications (billing, security, product updates)
- Improve and develop new features
- Comply with legal obligations
We do not use your data for advertising, and we do not sell your data to any third party.
4. How We Share Your Information
We share your information only with the following service providers who help us operate the platform. Each is bound by their own privacy policies and data processing agreements:
- Supabase (supabase.com) โ Database and authentication. Your data is stored on Supabase servers in the United States.
- Netlify (netlify.com) โ Hosting and serverless functions. Processes requests to run the platform.
- Stripe (stripe.com) โ Payment processing. Handles all billing and subscription management. We do not store your credit card information.
- Resend (resend.com) โ Email delivery. Sends transactional emails on behalf of your board.
- Anthropic (anthropic.com) โ AI processing. Certain AI-powered features send text input to Anthropic's API for processing. See Section 5 for details.
We do not share your information with any other third parties except as required by law or to protect our legal rights.
5. AI Features and Third-Party Processing
Important: BoardArmor uses Anthropic's Claude API to power AI features including the violation letter writer, CC&R document scanner, meeting minutes generator, and legal advisor. When you use these features, the text you enter is sent to Anthropic's servers for processing.
5.1 What is sent to Anthropic
- Text you type into AI-powered input fields (violation descriptions, questions, agenda items)
- Document text when you use the AI document scanner
5.2 What is NOT sent to Anthropic
- Homeowner personal information (names, addresses, emails) โ unless you type it directly into an AI prompt
- Financial data or payment information
- Your account credentials
5.3 Anthropic's Data Practices
Anthropic does not use API inputs and outputs to train their models by default. Data sent via the API is not stored permanently by Anthropic beyond what is needed to process the request. For more information, see anthropic.com/privacy.
5.4 Best Practices
We recommend not including sensitive personal information (Social Security numbers, financial account numbers, medical information) in AI prompts. Use general descriptions where possible.
6. Data Security
We implement industry-standard security measures to protect your information:
- All data is encrypted in transit using TLS/SSL
- Database access is protected by Row Level Security โ each organization's data is isolated and inaccessible to other organizations
- Passwords are hashed and never stored in plaintext
- Payment processing is handled entirely by Stripe, which is PCI-DSS compliant
- Server-side functions use restricted service role keys that are never exposed to browsers
No system is perfectly secure. If you discover a security vulnerability, please contact us immediately at security@board-armor.com.
7. Data Retention
We retain your data for as long as your account is active. If you cancel your subscription:
- Your data remains accessible for 30 days after cancellation
- After 30 days, your data is deleted from our active database
- Backup copies may be retained for up to 90 days before permanent deletion
You may request deletion of your data at any time by contacting us at privacy@board-armor.com.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your personal information
- Portability: Request your data in a machine-readable format
- Opt-out: Opt out of non-essential communications
To exercise any of these rights, contact us at privacy@board-armor.com. We will respond within 30 days.
California residents: Under the California Consumer Privacy Act (CCPA), you have additional rights including the right to know what personal information is collected and the right to opt out of the sale of personal information. We do not sell personal information.
9. Children's Privacy
BoardArmor is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last Updated" date at the top of this policy. Your continued use of BoardArmor after changes are posted constitutes your acceptance of the updated policy.