← Back to Sign In
Legal

Privacy Policy

Effective Date: April 16, 2026 Last Updated: April 16, 2026 Las Vegas, Nevada, United States
01

Introduction

OnlyHOA.com ("OnlyHOA," "Company," "we," "us," or "our") operates an online community management platform accessible at https://onlyhoa.com and related subdomains (the "Platform"). This Privacy Policy describes how we collect, use, disclose, and safeguard personal information submitted by users of the Platform, including homeowners, board members, property managers, and administrative personnel (collectively, "Users").

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree, you must discontinue use of the Platform immediately.

OnlyHOA is operated exclusively for users located in the United States. This Policy is governed by applicable United States federal law and the laws of the State of Nevada, including the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act (CPRA) where applicable.
02

Information We Collect

We collect the following categories of personal information:

A. Information You Provide Directly

  • Account Registration Data: First name, last name, email address, phone number, mailing address, unit number, and password credentials.
  • Community Profile Data: Role within a homeowners association (e.g., homeowner, board member, property manager), community affiliation, and unit information.
  • Communications: Messages, announcements, support inquiries, contact form submissions, and any other content you submit through the Platform.
  • Financial Data: General ledger entries, invoice records, and association fee information as entered by authorized community administrators. OnlyHOA does not process or store payment card numbers.
  • Documents and Files: Any documents, images, or attachments uploaded to the Platform.

B. Information Collected Automatically

  • Log Data: IP address, browser type and version, operating system, referring URLs, pages visited, access timestamps, and session duration.
  • Device Identifiers: Device type, screen resolution, and user agent string.
  • Session Data: Authentication tokens and session identifiers stored server-side.

C. Information from Third-Party Authentication Providers

If you authenticate via Google or Microsoft OAuth, we receive your name, email address, and profile picture URL from those providers subject to their respective privacy policies. We do not receive or store your third-party account passwords.

03

How We Use Your Information

We use the personal information we collect for the following purposes:

  • To create, maintain, and authenticate your account on the Platform.
  • To provide, operate, and improve the features and functionality of the Platform.
  • To facilitate communication between community members, board members, and management personnel.
  • To send transactional notifications, system alerts, and service-related communications.
  • To enforce our Terms of Service and investigate potential violations.
  • To generate aggregated, de-identified analytics for internal business purposes.
  • To maintain audit logs and security records as required for platform integrity.
  • To comply with applicable legal obligations, court orders, and governmental requests.
  • To respond to your inquiries submitted via support channels.

We do not sell, rent, or otherwise transfer your personal information to third parties for monetary consideration. We do not use personal information to serve targeted advertising.

04

Disclosure of Information

We may disclose your personal information to the following categories of recipients:

  • Community Administrators: Property managers and board members of your associated community may access your profile information, unit data, and communications within the scope of their administrative role.
  • Service Providers: Third-party vendors that provide hosting, database management, email delivery, and infrastructure services, subject to confidentiality obligations and data processing agreements.
  • Legal Compliance: We may disclose information when required by law, regulation, legal process, or enforceable governmental request, including to respond to subpoenas, court orders, or law enforcement inquiries.
  • Business Transfers: In connection with a merger, acquisition, asset sale, or other corporate restructuring, your information may be transferred to the successor entity, subject to equivalent privacy protections.
  • Protection of Rights: We may disclose information where necessary to protect the rights, property, or safety of OnlyHOA, its users, or the public.

We do not disclose personal information to unaffiliated third parties for their independent marketing purposes.

05

Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, to maintain your account in active standing, and to comply with applicable legal, accounting, and regulatory requirements.

Upon termination or deactivation of a user account, we will retain personal information for a period not to exceed seven (7) years for audit and legal compliance purposes, after which time it will be securely deleted or anonymized in accordance with our data retention schedule.

Users may submit a Data Subject Access Request (DSAR) to request deletion of their personal information prior to the end of the retention period, subject to our legal obligations to retain certain records. DSAR requests may be submitted to legal@onlyhoa.com.

06

Security

OnlyHOA employs industry-standard and bank-grade technical and organizational security measures to protect personal information against unauthorized access, disclosure, alteration, or destruction, including:

  • Encryption at Rest: Personally identifiable information (PII) fields are encrypted using AES-256 encryption with tenant-scoped encryption keys.
  • Password Security: User passwords are hashed using Argon2id, a memory-hard key derivation function, and are never stored in plaintext.
  • Access Controls: Role-based permission profiles enforce least-privilege access. All administrative access is logged via immutable audit trails.
  • Transport Security: All data in transit is protected by TLS 1.2 or higher.
  • Session Management: Authentication sessions are secured with anti-forgery tokens, IP logging, and configurable session timeouts.

Notwithstanding the foregoing, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security and disclaim liability for unauthorized access beyond our reasonable control.

07

Your Rights Under the CCPA / CPRA

California residents and users of the Platform have the following rights with respect to their personal information:

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you in the preceding twelve (12) months.
  • Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions permitted by law.
  • Right to Correct: You may request correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising. No opt-out is required.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
  • Right to Limit Use of Sensitive Personal Information: You may request that we limit the use of sensitive personal information to purposes reasonably necessary to provide the Platform.

To exercise any of the above rights, please submit a verifiable request to legal@onlyhoa.com. We will respond within forty-five (45) days of receipt of a verifiable request, with a possible extension of an additional forty-five (45) days when reasonably necessary.

08

Cookies and Tracking Technologies

The Platform uses session cookies and authentication cookies that are strictly necessary for Platform functionality, including maintaining authenticated sessions and anti-CSRF protection. We do not use third-party tracking cookies, advertising pixels, or cross-site behavioral tracking technologies.

You may configure your browser to refuse cookies; however, doing so may impair your ability to use authenticated features of the Platform.

09

Third-Party Services

The Platform integrates with the following third-party services, each governed by their own privacy policies:

  • Google OAuth 2.0 — Authentication service. Privacy policy: policies.google.com/privacy
  • Microsoft Identity Platform — Authentication service. Privacy policy: privacy.microsoft.com
  • IONOS — Email delivery infrastructure.
  • Anthropic Claude API — AI-powered document search feature, gated by community feature flag. Queries are processed subject to Anthropic's data usage policies.

OnlyHOA is not responsible for the privacy practices of third-party services. We encourage you to review their respective privacy policies.

10

Children's Privacy

The Platform is designed exclusively for use by adults in connection with the administration of residential homeowners associations. Access to the Platform requires an invitation issued by an authorized community administrator; the Platform does not permit open public registration. Accordingly, the Platform is not directed to, and does not knowingly solicit or collect personal information from, individuals under the age of thirteen (13).

In the course of community management operations, a community administrator may input contact information associated with a property whose legal owner or designated household contact is a minor. If you are a community administrator and are aware that a household contact or property owner of record is a minor under the age of thirteen (13), you must contact us at legal@onlyhoa.com prior to entering that individual's personal information into the Platform so that appropriate safeguards may be applied.

If OnlyHOA becomes aware that personal information has been collected from or entered on behalf of a child under the age of thirteen (13) without the implementation of appropriate safeguards or verifiable parental consent as required by the Children's Online Privacy Protection Act (COPPA), we will take prompt steps to delete or restrict access to such information.

If you believe we have inadvertently collected or retained personal information pertaining to a minor under the age of thirteen (13), please contact us immediately at legal@onlyhoa.com. We will investigate and respond to all such notices within a reasonable time.

The Platform's invitation-gated onboarding model is designed to limit access to verified adult community stakeholders. OnlyHOA does not knowingly facilitate the collection of personal data from minors and relies on community administrators to exercise due diligence regarding the personal information they enter on behalf of household contacts.
11

Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. Material changes will be communicated to registered users via email notification to the address associated with your account and/or via a prominent notice on the Platform prior to the changes becoming effective.

Your continued use of the Platform following the effective date of any modification constitutes your acceptance of the revised Privacy Policy. The "Last Updated" date at the top of this page reflects the date of the most recent revision.

12

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

OnlyHOA.com is operated from Las Vegas, Nevada, United States. All inquiries will be addressed in accordance with applicable law.

© 2026 OnlyHOA.com · All rights reserved.
Privacy Policy Terms of Service legal@onlyhoa.com