Privacy Policy
Effective date: July 1, 2026 Last updated: July 1, 2026
This Privacy Policy explains how WhoIsMyHOA collects, uses, discloses, stores, and otherwise processes information when you access or use the WhoIsMyHOA website, applications, features, communications, and related services, collectively referred to as the “Service.”
The Service is operated by the owner of WhoIsMyHOA, referred to in this Privacy Policy as “WhoIsMyHOA,” “we,” “us,” or “our.”
By using the Service, you acknowledge the practices described in this Privacy Policy. This Privacy Policy should be read together with our Terms of Use.
1. Scope of This Privacy Policy
This Privacy Policy applies to information processed through the Service, including information collected when you:
- Visit or search the website;
- Create or use an account;
- Submit a review, rating, comment, or response;
- Submit a property correction or update;
- Upload supporting or verification documents;
- Verify a connection to a property or organization;
- Report content or request a correction;
- Contact us;
- Claim or manage an association or management-company profile; or
- Otherwise interact with the Service.
This Privacy Policy does not govern the privacy practices of third-party websites or services that may be linked from the Service.
2. Information We Collect
The information we collect depends on how you use the Service and which features are available.
### 2.1 Information You Provide Directly
We may collect information that you provide directly, including:
- Your name or display name;
- Email address;
- Account credentials or authentication information;
- Verification codes and verification status;
- Your stated relationship to a property, association, or management company;
- Property, unit, association, or management-company information;
- Reviews, ratings, comments, responses, and corrections;
- Reports, complaints, appeals, and moderation requests;
- Information submitted through the Contact page;
- Documents, photographs, screenshots, or other files you upload;
- Communications you send to us;
- Consent and policy-acknowledgment records; and
- Other information that you choose to provide.
You are not required to include your legal name in a public review unless a particular feature expressly requires it.
### 2.2 Account Information
If you create an account, we may collect and maintain:
- Your email address;
- Your account identifier;
- Authentication and login records;
- Account creation and update dates;
- Account status;
- Roles or permissions;
- Verification status;
- Records of accepted policy versions;
- Submission history;
- Moderation and enforcement history; and
- Security-related account activity.
Passwords, when used, should be processed through the authentication system rather than stored in readable form by WhoIsMyHOA.
### 2.3 Property-Connection and Identity Verification Information
Certain features may allow or require you to verify a relationship to a property, association, or management company.
Depending on the verification method, we may collect:
- Your stated role, such as owner, former owner, tenant, board member, property manager, agent, or neighbor;
- The relevant property or association;
- Documents showing a connection to the property;
- Business email-domain information;
- Communications from an association or management company;
- Verification decisions and review notes; and
- The date, source, and status of the verification.
Verification means only that the applicable verification process was completed. It does not guarantee that all information provided by a verified user is accurate.
We may limit the information extracted from verification documents to what is reasonably needed to assess the claimed connection.
### 2.4 Reviews, Corrections, and Other User Submissions
When you submit content, we may collect:
- The text and ratings you submit;
- The property, association, or management company connected to the submission;
- Your selected role or relationship;
- Whether you choose to display or conceal that role publicly;
- Supporting information or documents;
- Submission, edit, moderation, and publication dates;
- Moderation results and reasons;
- Reports or disputes concerning the submission;
- Information used to detect duplicate, manipulated, or abusive submissions; and
- Technical information associated with the submission.
Information placed in a public review, response, correction, or profile may be displayed publicly as described at the point of submission.
### 2.5 Documents and Uploaded Files
You may be able to upload files to support a correction, verify a relationship, report content, or contact us.
Uploaded files may contain personal information about you or another person. Before uploading, you should remove information that is not necessary, including:
- Social Security numbers;
- Bank-account or payment-card information;
- Account passwords;
- Medical information;
- Government identification numbers;
- Signatures that are not needed;
- Information about children;
- Unrelated contact information; and
- Other sensitive or confidential information.
We may collect file metadata, including the filename, file type, file size, upload date, associated account, and associated property or submission.
Unless a feature expressly states otherwise, uploading a document does not mean that the complete document will be published publicly.
### 2.6 Contact and Support Information
When you contact us, we may collect:
- Your name;
- Email address;
- The category of your request;
- Your message;
- The related property, association, company, review, or submission;
- Attachments;
- Communications concerning the request;
- The status and resolution of the request; and
- Information needed to verify your identity or authority.
### 2.7 Information Collected Automatically
When you use the Service, we and our service providers may automatically collect technical and usage information, such as:
- Internet Protocol address;
- Browser type and version;
- Device type;
- Operating system;
- Language and regional settings;
- Referring and exit pages;
- Pages viewed;
- Searches performed;
- Links or buttons selected;
- Date and time of access;
- Approximate location derived from an IP address;
- Session identifiers;
- Error and diagnostic information;
- Security and fraud-detection signals; and
- Cookie or similar technology identifiers.
We may use this information to operate the Service, understand usage, detect abuse, troubleshoot errors, improve performance, and protect security.
### 2.8 Cookies and Similar Technologies
The Service may use cookies, local storage, pixels, software-development kits, or similar technologies.
These technologies may be used for:
- Authentication and session management;
- Remembering user preferences;
- Security and fraud prevention;
- Measuring website performance;
- Diagnosing technical problems;
- Understanding how users navigate the Service; and
- Analytics.
We do not currently state that we use information for targeted advertising unless and until such practices are implemented and disclosed.
Your browser may allow you to block or delete cookies. Blocking essential cookies may prevent some features from functioning correctly.
If a cookie-management tool is made available, you may use that tool to manage eligible preferences.
### 2.9 Information From Public and Third-Party Sources
We may collect information from public and third-party sources, including:
- Government and public-record databases;
- Registries of deeds and assessors;
- Public association or management-company websites;
- Public business records;
- Mapping and address services;
- Property or real-estate data providers;
- Users and community contributors;
- Associations and management companies;
- Publicly available documents; and
- Other lawful sources.
This information may include property addresses, association names, management-company information, public contact details, documents, recorded interests, and other property-related information.
Public availability does not necessarily mean that information is accurate, current, or appropriate for every use.
3. How We Use Information
We may use collected information to:
- Provide and operate the Service;
- Create and manage accounts;
- Authenticate users and send verification codes;
- Display property, association, and management-company information;
- Publish reviews, ratings, corrections, and responses;
- Process property updates and corrections;
- Verify claimed connections to properties or organizations;
- Evaluate supporting documents;
- Moderate content;
- Detect fabricated reviews, duplicate submissions, spam, fraud, harassment, and other abuse;
- Investigate reports and disputes;
- Communicate with users;
- Respond to privacy, support, legal, and correction requests;
- Maintain audit and accountability records;
- Improve search, matching, data quality, and usability;
- Develop summaries, classifications, confidence indicators, or aggregate statistics;
- Diagnose technical problems;
- Protect the security and integrity of the Service;
- Enforce our Terms of Use and Community Guidelines;
- Comply with legal obligations and valid legal requests;
- Establish, exercise, or defend legal claims; and
- Support other purposes disclosed at the time information is collected.
4. Automated Processing and Artificial Intelligence
We may use automated systems or artificial-intelligence services to assist with tasks such as:
- Detecting spam or abusive content;
- Identifying potentially sensitive information;
- Classifying submissions;
- Comparing corrections;
- Identifying duplicate or coordinated activity;
- Flagging submissions for human review;
- Summarizing information;
- Improving property and association matching;
- Extracting limited information from uploaded documents; and
- Supporting moderation and quality-control processes.
Automated processing may produce inaccurate or incomplete results. Where appropriate, flagged content may be reviewed by a person before a final action is taken.
We may send relevant portions of a submission to contracted technology providers that process information on our behalf. We intend to limit information shared to what is reasonably necessary for the task.
We do not authorize service providers to use private verification documents or nonpublic user submissions to train general-purpose artificial-intelligence models unless that practice is separately disclosed and appropriately authorized.
5. Public and Nonpublic Information
### 5.1 Information That May Be Public
Depending on the feature and your selections, public information may include:
- Reviews and ratings;
- Comments and responses;
- Property corrections;
- Property, association, and management-company information;
- A display name;
- A general user role, such as owner, tenant, or agent;
- Verification indicators;
- Submission dates;
- Manager or association responses; and
- Other content clearly designated as public when submitted.
Public information may be viewed, copied, indexed by search engines, quoted, or shared by other people.
Do not include information in a public field that you do not want publicly available.
### 5.2 Information That Is Generally Not Public
Unless otherwise disclosed, we generally do not display publicly:
- Your login email address;
- Authentication credentials;
- Verification codes;
- Full verification documents;
- Internal moderation notes;
- Raw security logs;
- Nonpublic contact requests; or
- Information submitted solely to verify identity or authority.
A verification badge or role may reveal that a connection was verified without displaying the underlying document.
6. How We Disclose Information
We may disclose information in the circumstances described below.
### 6.1 Service Providers
We may disclose information to vendors and contractors that help us operate the Service, such as providers of:
- Website and cloud hosting;
- Database services;
- File storage;
- Authentication;
- Email delivery;
- Analytics;
- Mapping and address lookup;
- Customer support;
- Cybersecurity;
- Spam and fraud prevention;
- Document processing;
- Content moderation; and
- Artificial-intelligence services.
These providers may process information only as necessary to provide services to us, subject to their agreements and applicable law.
The specific providers used by the Service may change over time.
### 6.2 Public Disclosure at Your Direction
We disclose content publicly when you submit it through a feature identified as public, such as a review, rating, correction, response, or public profile.
We may display a public submission together with related information such as its date, property, rating, stated role, or verification status.
### 6.3 Public Content and Dispute Handling
When reviewing a report, correction, appeal, or dispute, we may refer to or share content that is already publicly available through the Service, such as a published review, response, rating, correction, or property-page information.
When reviewing a report, correction, appeal, or dispute, we may refer to or share content that is already publicly available through the Service, such as a published review, response, rating, correction, or property-page information.
We do not disclose a reviewer’s or reporting user’s nonpublic account information to an association, management company, property representative, or other affected party merely because that party disputes or receives a negative review.
This means we do not ordinarily disclose information such as:
- A user’s login email address; * Verification documents; * Private contact-form submissions; * Internal account identifiers; * IP addresses or technical logs; * Internal moderation notes; or * Other nonpublic identifying information.
We may ask a user who submitted disputed content to provide additional information directly to WhoIsMyHOA. We may also inform an affected party of our moderation decision or request clarification from them without identifying the submitting user.
Nonpublic information may be disclosed only:
- With the user’s consent or at the user’s direction; * To service providers processing information on our behalf; * When reasonably necessary to investigate fraud, abuse, or a security incident; * When required by valid legal process or applicable law; or * As otherwise specifically described in this Privacy Policy.
### 6.4 Legal and Safety Reasons
We may disclose information when we reasonably believe disclosure is necessary to:
- Comply with applicable law;
- Respond to a subpoena, court order, warrant, or other valid legal process;
- Respond to a lawful request from a government authority;
- Protect the rights, safety, or property of WhoIsMyHOA, our users, or others;
- Investigate fraud, abuse, security incidents, or violations of our policies;
- Prevent or address unlawful conduct;
- Enforce agreements; or
- Establish, exercise, or defend legal claims.
Where legally permitted and appropriate, we may seek to narrow overly broad requests.
### 6.5 Business Transfers
If WhoIsMyHOA is involved in a merger, acquisition, financing, restructuring, bankruptcy, asset sale, or transfer of all or part of the Service, information may be disclosed or transferred as part of that transaction.
Any successor’s use of personal information will remain subject to applicable law and the privacy commitments governing the information at the time of transfer, unless users are notified otherwise as required.
### 6.6 With Your Consent or Direction
We may disclose information when you consent to or direct the disclosure.
### 6.7 Aggregate or Deidentified Information
We may use and disclose information that has been aggregated or deidentified so that it does not reasonably identify an individual.
For example, we may publish aggregate statistics about review categories, property-data coverage, correction activity, or management-company ratings.
We will not intentionally attempt to reidentify information that we maintain as deidentified, except as permitted for security testing, legal compliance, or evaluating the effectiveness of deidentification.
7. Sale of Personal Information and Targeted Advertising
WhoIsMyHOA does not sell personal information for money.
We also do not use personal information to display targeted advertising based on activity across unrelated websites or services.
Some privacy laws define “sale,” “sharing,” or targeted advertising broadly. If our practices change, we will update this Privacy Policy and provide any choices required by applicable law.
8. Data Retention
We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:
- Provide and maintain the Service;
- Preserve published content and the integrity of discussions;
- Process corrections and disputes;
- Maintain verification, moderation, and audit records;
- Prevent fraud and repeated abuse;
- Comply with legal obligations;
- Resolve disputes; and
- Enforce agreements.
Retention periods may vary based on the type of information and how it is used.
For example:
- Account information may be retained while an account is active and for a reasonable period afterward;
- Published submissions may remain available after account deletion where necessary to preserve the Service’s records and public information;
- Verification documents may be retained only as long as reasonably necessary to complete verification, address disputes, satisfy legal requirements, or prevent abuse;
- Contact and moderation records may be retained while a request is open and for a reasonable period afterward;
- Security logs may be retained for fraud prevention, investigation, and system protection;
- Backups may retain information temporarily until overwritten through ordinary backup processes; and
- Information subject to a legal hold may be retained until the hold is released.
We may delete, anonymize, or aggregate information when it is no longer reasonably needed.
Specific retention periods should be established internally and may be added to this Privacy Policy when finalized.
9. Data Security
We use administrative, technical, and physical measures designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure.
Depending on the system and information involved, these measures may include:
- Access controls;
- Authentication;
- Encryption in transit or at rest where appropriate;
- Restricted administrative permissions;
- Logging and monitoring;
- Secure hosting and storage providers;
- Backup procedures;
- Vendor management;
- Rate limiting;
- Spam and abuse prevention; and
- Incident-response procedures.
No website, database, or transmission method is completely secure. We cannot guarantee that unauthorized access, loss, or misuse will never occur.
You are responsible for protecting your account credentials and for using a secure email account. Notify us through the Contact page if you believe your account or information has been compromised.
10. Data Breach Notification
If we determine that a security incident requires notification under applicable law, we will provide legally required notices to affected individuals, regulators, or other authorities.
The timing, method, and contents of a notice will depend on the circumstances and applicable legal requirements.
11. Your Choices and Requests
Depending on your account, location, and applicable law, you may be able to:
- Access certain account information;
- Correct certain account information;
- Change your display name or public role settings;
- Edit or delete certain submissions;
- Request correction of inaccurate information;
- Request deletion of your account;
- Request deletion of certain personal information;
- Object to or restrict certain processing;
- Withdraw consent where processing is based on consent;
- Request a copy of certain personal information;
- Report or appeal moderation decisions; and
- Opt out of eligible nonessential communications.
These rights are not absolute. We may retain or continue processing information where permitted or required for reasons such as:
- Legal compliance;
- Fraud and abuse prevention;
- Security;
- Recordkeeping;
- Dispute resolution;
- Protection of other users’ rights;
- Preservation of public submissions;
- Exercise of free-expression rights; or
- Establishment, exercise, or defense of legal claims.
To submit a privacy request, use the Contact page and select the privacy or account request category.
We may need to verify your identity before completing a request. Verification may require confirming access to your email account or providing information reasonably related to your account or submission.
We may decline requests that cannot be verified, are excessive or repetitive, would adversely affect another person’s rights, or are not required under applicable law.
12. Account Deletion and Public Submissions
Deleting an account may disable access to the account and remove or deidentify certain profile information.
Account deletion does not necessarily remove:
- Public reviews, corrections, comments, or responses;
- Information copied or shared by others;
- Moderation or audit records;
- Records needed for fraud prevention;
- Records needed to resolve disputes;
- Information retained for legal compliance;
- Deidentified or aggregated information; or
- Temporary backup copies.
Where appropriate, we may remove the connection between a retained public submission and the deleted account or replace a display name with a generic designation.
You may separately request review of a public submission through the Contact page.
13. Email and Communications
We may send transactional or service-related emails concerning:
- Account verification;
- Login or security activity;
- Property corrections;
- Document or role verification;
- Review moderation;
- Reports and disputes;
- Contact requests;
- Policy changes;
- Service changes; and
- Other account-related matters.
You generally cannot opt out of communications necessary to operate your account or respond to your requests.
If we send optional promotional communications, they will include an appropriate method to unsubscribe. Unsubscribing from promotional messages will not stop necessary service communications.
14. Third-Party Links and Services
The Service may link to third-party services, including government websites, public-record systems, mapping services, association websites, property-management websites, or other resources.
We do not control those services and are not responsible for their privacy, security, content, or data-handling practices.
Review the privacy policies of third-party services before providing information to them.
15. Children’s Privacy
The Service is intended for adults and is not directed to children under 13.
We do not knowingly collect personal information through accounts or submission features from children under 13.
If you believe that a child under 13 has provided personal information through the Service, contact us so that we can review and, where appropriate, delete the information.
Users must be at least 18 years old to create an account or submit public content unless we expressly introduce a different eligibility rule.
16. Sensitive Personal Information
The Service is not designed to collect highly sensitive personal information such as:
- Social Security numbers;
- Financial account credentials;
- Payment-card numbers;
- Medical records;
- Biometric identifiers;
- Precise geolocation;
- Government identification documents unrelated to an approved verification method; or
- Information about children.
Do not include such information in reviews, corrections, comments, contact messages, or uploaded documents unless we expressly request it and it is necessary for a stated purpose.
If we identify unnecessary sensitive information, we may redact, restrict, reject, or delete it.
17. Information About Other People
You should provide information about another person only when you have a lawful and legitimate reason to do so.
Do not post another person’s private contact details, financial information, account information, medical information, identification numbers, signatures, or other sensitive information.
If you upload a document containing information about another person, you are responsible for determining that you are permitted to provide it and for redacting information that is not necessary.
18. State and Other Privacy Rights
Privacy rights may vary depending on where you live.
If applicable law grants you rights beyond those described in this Privacy Policy, you may submit a request through the Contact page.
We will evaluate requests under the laws that apply to the requester and the relevant information.
We will not unlawfully discriminate against a person for exercising an applicable privacy right.
19. Do Not Track Signals
Some browsers offer a “Do Not Track” setting.
There is not currently a universally accepted standard for responding to all browser-based Do Not Track signals. The Service may not respond to such signals unless required by applicable law.
If we implement support for legally recognized browser-based opt-out preference signals, this Privacy Policy will be updated accordingly.
20. International Users
WhoIsMyHOA is currently intended primarily for users and properties in the United States.
If you access the Service from outside the United States, your information may be processed and stored in the United States or other countries where our service providers operate.
Privacy and data-protection laws in those locations may differ from the laws in your country.
We do not represent that the Service is currently designed to comply with every privacy law outside the United States.
21. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
When we make changes, we will revise the “Last updated” date. If changes are material, we may provide additional notice through the Service, by email, or by another reasonable method.
Changes will apply prospectively from the stated effective date unless otherwise required by law.
If a change materially affects how previously collected information is used, we will provide any notice or obtain any consent required by applicable law.
22. Contact Us
Questions, requests, or concerns regarding this Privacy Policy or our privacy practices may be submitted through the Contact page.
Select “Privacy or account request” when appropriate.
You may also use the Contact page to:
- Request access to or correction of account information;
- Request account deletion;
- Ask about a verification document;
- Report exposed personal information;
- Report a suspected security incident; or
- Exercise an applicable privacy right.