Privacy Policy

Last updated: May 19, 2026

HOA Basecamp helps self-managed condos and HOAs run their finances, documents, and projects in one place. Privacy matters here because the data you put into the app is your community's — budgets, member lists, contracts, maintenance history. This page explains what we collect, why, and what happens to it.

If anything below is unclear, email jeff.sanchez987@gmail.com and we'll answer.

What we collect

When you use HOA Basecamp, we collect:

  • Account information. Your name, email address, and password — handled and stored by Clerk, our authentication provider. We never see your password in plain text.
  • Community information.Your community's name, address, unit count, and the role and unit number assigned to you inside that community.
  • Content you create. Budget line items, documents you upload, maintenance requests, project notes, comments, reimbursement requests, photos, and contractor quotes.
  • Billing information. If your community subscribes, payment details are collected by Stripe directly. We never see or store credit card numbers — Stripe sends us a customer ID and a subscription status.
  • Operational logs. Standard server logs (request paths, IP addresses, error traces) used to keep the service running and debug issues.

How we use it

We use the data above to:

  • Run the service for your community.
  • Send invite emails when a board member adds someone to a community (via Resend).
  • Process subscription payments and renewals (via Stripe).
  • Investigate bugs, abuse, and security incidents.

We do not sell your data. We do not share your community's information with other communities. We do not use your content to train AI models.

Sub-processors we share data with

HOA Basecamp is a small operation, and we rely on a handful of well-known service providers to actually deliver the product. Each sees only the slice of data they need for their specific job:

  • Clerk — authentication. Sees your name, email, and password.
  • Supabase — database and file storage. Holds everything your community puts into the app.
  • Vercel — hosts the application and serves traffic. Sees request metadata.
  • Stripe — billing. Sees payment details for subscribing communities.
  • Resend — transactional email. Sees the invite emails we send on your behalf.
  • Upstash — rate limiting. Briefly sees user IDs and IP addresses to enforce request limits.

How long we keep it

We keep your community's data for as long as the community has an active account on HOA Basecamp.

  • Documents and budget periods you delete are held for 30 days in a recoverable state, then permanently removed by a daily automated job. The 30-day window is enforced by the SOFT_DELETE_RETENTION_DAYS constant in the application.
  • Declined invite notifications are removed automatically after 30 days, or immediately when dismissed.
  • If your community cancels its subscription, the account is paused. Reach out to us to fully delete the data.
  • Billing records are kept by Stripe per their retention policy.
  • Server logs are kept for a short, rolling window (typically 30 days) for debugging.

Your rights

You can:

  • See what we have. Inside the app, you already see everything your community has put in. Use the Settings → Your Data panel to download a full JSON export of your account-level data.
  • Correct it. Edit your name and email in Settings. Edit content via the relevant page.
  • Delete it. Use the Settings → Your Data panel to permanently delete your account. Community data (budgets, documents, projects) is owned by the community and will remain.
  • Export it. Use the Settings → Your Data panel to download a machine-readable copy of your personal data.

If you're in California (CCPA) or the EU/UK (GDPR), you have additional rights — including the right to object to processing and to lodge a complaint with a supervisory authority. The same email address handles those requests.

Cookies

HOA Basecamp uses two cookies:

  • Clerk session cookie — keeps you signed in.
  • active_community_id— remembers which community you last opened, so you don't have to pick again on every page. This is a server-set, http-only cookie.

We don't use third-party tracking or advertising cookies.

Security

Data is encrypted in transit (HTTPS) and at rest by Supabase. Files are served via short-lived signed URLs scoped to your community. Authentication is handled by Clerk. We use Row Level Security on the database to keep communities isolated. No system is perfectly secure — if you spot something concerning, email us.

Children

HOA Basecamp is a tool for adult homeowners and board members. We don't knowingly collect data from anyone under 13.

Changes to this policy

If we change anything material, we'll update the “Last updated” date above and, where it makes sense, send a notice to the email on your account. Keep using the app means you accept the current version.

Contact

Questions, requests, or concerns: jeff.sanchez987@gmail.com.