We understand that your data is invaluable

Our clients never have to choose between security for convenience. We value the relationships we have with our clients, which is why we take extreme care to protect their privacy and security. We’ve implemented numerous steps to ensure our software is a source of control, and not a source of concern. We encourage you to explore our Security & Privacy section to learn more about what we’re doing to keep our clients, and their data, safe and secure.

We take numerous steps to ensure that your data is safeguarded and remains private. Read more about the technology and process safeguards we have in place, as well as our contractual obligations to our clients.

These security features have been designed exclusively for administrators. Implement these best practices when using HOA Central.

We earn money by selling software, not by selling or sharing your data. Find out how we store and protect it.

You rely on our system to do your job, so we do our best to ensure it is available 24/7. If we must perform maintenance that will impact your user experience, we will make sure to inform you about it in advance.

We are prepared for the unexpected. Learn more about how we will respond if something doesn’t go according to plan.

HOA Central is compliant with all relevant legislation and standards relating to privacy and anti-spam. Specific information can be found on our Compliance page.

Our comprehensive approach to data protection

There should be no mysteries about the security and privacy features we implement. It’s a layered process, and one that works well. This is how we safeguard our entire system so that your information remains safe.

Technology Safeguards

• Encryption. All data transfers are encrypted to prevent unauthorized third parties from gaining access to your data. In addition, your password is stored using a technique called a “one-way hash”. This means that only you (not even HOA Central employees) know your password.
• Firewalls. All access to the “back-end” functions of HOA Central is protected with a firewall. Only authorized individuals have access.
• Minimum password length and password lockout. Your HOA Central password must be at least 8 characters long. In addition, if 5 wrong passwords are entered, we will lock your account and request that you reset your password. This is to prevent unauthorized users from guessing your password.
• Notification of login from a new device. Every time your account is used on a new device, you will receive an email notice. If you get an alert and you did not log in from the new device, you can change your password immediately.
• Tracking of IP addresses. Whenever an end-user accesses HOA Central, we record their IP address so that we can identify where the request came from.
• Two-factor authentication. We enable and use two-factor authentication wherever possible for back-end services used by HOA Central. It is also available for anyone using our platform.

Process Safeguards

• Training. All HOA Central employees are required to complete data security training to ensure they understand our obligations to protect your information.
• Limited access. Only employees who have a relevant business need are given access to your personal information.
• Secure servers. Our servers are hosted by Microsoft Azure Services, which are SOC 2 Type2 certified on an annual basis. Azure provides both our primary server environment and our failovers.

Contractual Obligations

• Client agreements. Our service agreement, which all clients sign before commencing service, contains a section that outlines our confidentiality obligations to protect their information.
• Employment agreements. Our employees agree to be bound by our privacy policy and must adhere to everything contained within it. Failure to comply with this policy is grounds for discipline up to and including termination of employment.
• Subcontractor agreements. From time to time, we may work with third parties to conduct our business. Third parties will only be given access to client data if absolutely required, and in these cases, they will be contractually obligated to follow our privacy policy. Furthermore, we will conduct due diligence to ensure the contractor has sufficient safeguards in place to protect your information.

Security features for our clients

We encourage everyone to use everything that HOA Central has to offer. That includes the security features we have designed exclusively for them. We believe it’s important to give you the tools you need to take full control of your own account. All clients should follow these best practices when using HOA Central.

Customize groups and permissions

Administrators have the authority to create separate groups for different roles. That means all residents can be categorized into one group, and security staff can be added to a completely separate group.

By creating groups, you can tailor access to features, and confidently send sensitive information to specific people.

When creating multiple groups, make sure that they are properly marked as “staff” or “resident” to avoid any confusion or mix-ups. As a precautionary measure, groups marked as “resident” will never be able to access any of the administrative features or functions.

Minimize access to a need-to-know basis

Always give people the minimum access required to do their job, never more. If more access is needed later on, it's easy to expand permissions.

Individual accounts

We can’t emphasize this enough: Never use a shared account. Creating a joint or shared account for you and your colleague may seem harmless, but it can create issues if one person suddenly changes the password. Plus, it makes it more challenging for you to track changes made within the account.

HOA Central never charges for additional administrative accounts, so there’s no reason why you should feel obligated to share an account. When you’re the only one managing your account, it’s far less likely that you would be held accountable for something that you didn’t do.

Two-factor authentication

Two-factor authentication is a security process where the person who is trying to log in to an account or app must provide two different authentication factors to verify their identity. For example, a user will enter their password to log on to their account. Once they have entered the correct password, they will then receive a text message with a unique code. The account will prompt the user to enter that unique code. If the password and the code are both correct, the user is permitted entry to their account. Two-factor authentication offers a higher level of security than a password alone. This process makes it harder for attackers to gain access to a person’s account because knowing the password is not enough to gain entry. Two-factor authentication is available to all HOA Central users. We strongly encourage everyone to use it.

Some information should never be shared

We are in the business of selling software, not client data. We promise to always use your information responsibly, and never share it with anyone who does not have the authority to see it. We may use your data to help us build better services and software for you.

How we use your data

Our team will never use your residents’ personal information without your permission. However, we may use client data in aggregate to understand any prevailing usage patterns or needs. We will use that information as part of our product development process to create new or enhance existing features and services.

We do use your data in aggregate to find trends about how our software and services are being used. We may look at statistics relating to usage so that our customer success team can follow up with you to ensure you’re getting the most out of the software.

Why we collect personal data

In order to provide a full range of services to our clients, we require access to personal information about the owners and residents of the associations that we service. This information is required of all homes, not just the homes which use the system, in order to provide full functionality to the community’s property management team. Many features, like reports, will not provide full and useful information if the entire list of doors and owners is not loaded into the system.

Upon commencing service with us, the board or property manager turns over current copies of personal information so that we may get all system functions up and running. By turning over this information to us, the board is providing its consent for us to use the information as outlined above.

In cases where owners provide updates to their own information through our online system, the online system explains how the information will be used.

Disclosure

We will never share or disclose your private information to anyone unless directed by a court order.

Retention

If you terminate your relationship with HOA Central, your information will be removed immediately from our production system. The data may be retained in our backup files for up to 12 months after your subscription has ended. After that time, all of your information is completely removed from our system.

Backups

Our production databases are synchronized between our two datacenters in real time. In addition, database backups are made to a third site every 15 minutes. These backups are encrypted both during transmission, and while at rest.

Location

Regardless of where are our clients live, all client data on the HOA Central platform is stored in Canada.

Sub-Processors

At HOA Central, we use certain sub-processors to assist us in providing our services. A sub-processor is a third party data processor engaged by HOA Central, who has or will have access to, or will process service data (which may contain personal data). HOA Central engages different types of sub-processors to perform various functions, as explained below.

Due diligence. HOA Central uses a commercially reasonable selection process by which it evaluates the security, privacy and confidentiality practices of proposed sub-processors that will or may have access to, or will process service data.

Updates. As our business grows and evolves, the sub-processors we engage may also change. We will endeavor to provide the owner of the account with notice of any new sub-processors.

List of Current Sub-processors

People need downtime… but our software doesn’t

We truly appreciate that you’ve trusted HOA Central to help you carry out your property management tasks and procedures. We understand how big a deal that is, and we strive to provide consistent, reliable service at all times. This section explains our commitment to you regarding up-time and system availability.

Service level agreement (SLA)

Here’s our commitment to you: HOA Central will be available 99.95% of the time, which equates to less than 4.5 hours of downtime per year. So, what about the other 0.05%? If anything is happening with the software that will impact your user experience, we will post a notification about the incident on our status page ( https://status.propertycontrol.com/).

Your time is valuable. If the service level we have committed to is not met, our clients can ask for a credit for the time they were unable to use the software.

Scheduled maintenance

We do require a small amount of time to perform maintenance work on the software. Maintenance is important as it keeps everything running smoothly. Notification of any planned maintenance will be posted on the status page ( https://status.propertycontrol.com/) at least 24 hours in advance of the work being done.

Planned maintenance will be conducted outside of core business hours. No scheduled maintenance will ever be performed on weekdays between the hours of 8:30 am – 6 pm Eastern Time. (We generally do maintenance earlier in the morning between 7 and 8).

We take rules seriously

We follow the rules. HOA Central is compliant with all relevant legislation and standards for privacy and anti-spam. We take privacy rules and regulations seriously, and we make necessary adjustments every time a law is updated.

Anti-Spam Legislation

We are compliant with the Canadian Anti-Spam Legislation (CASL) and the U.S. CAN-SPAM Act. CASL protects consumers and businesses from the misuse of digital technology, including spam and other electronic threats. The U.S. CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to stop receiving emails from a company, and bestows penalties for violations. Our company is fully compliant with all requirements, including unsubscribe management, proper labeling of all messages, and confirmation from administrators before they can post an announcement.

We give residents the control to unsubscribe from HOA Central emails at any time. They can also customize their preferences so they can opt-out of certain notices without fully unsubscribing.

PCI compliance

Payment card industry (PCI) compliance is mandated by credit card companies to help ensure the security of credit card transactions. Payment card industry compliance refers to the technical and operational standards that businesses must follow to secure and protect credit card data provided by cardholders. We are not PCI compliant, because our partner, Stripe, is. HOA Central has integrated with Stripe so that residents can easily and conveniently pay for amenity bookings, buy guest passes, or pay monthly fees or a fine. Stripe manages and holds all card data submitted through HOA Central; we do not hold any payment card data.

Do you have additional questions about compliance?

If you have questions about compliance with any specific privacy laws that may apply to your state or country, please submit your inquiry here.