Privacy Policy
POA Portal Privacy Policy
POA Portal is designed for private HOA and POA community management. This policy explains what information may be collected, how it is used, how sensitive financial data is protected, and how authorized users can ask questions or request changes.
Last updated: July 1, 2026 Public URL: https://poaportal.com/privacy-policy
Plain-language summary
- POA Portal uses community, owner, property, payment, document, inspection, communication, vendor, and bill records only to operate the portal and support association management.
- POA Portal does not sell personal information, payment data, vendor data, property records, association documents, or community records.
- Owner dues and assessment payments are processed through Stripe. POA Portal does not store raw card numbers, online banking usernames, or online banking passwords.
- Approved association bill payments are processed through PostGrid using only the payee, address, amount, check, and mailing details needed for that payment workflow.
- Provider API keys, webhook secrets, and other sensitive integration credentials are protected with application-level encryption when saved through the portal. User passwords are one-way hashed.
1. Scope
This policy applies to users of POA Portal, including homeowners, former owners, board members, managers, accountants, authorized portal administrators, and vendor or support contacts whose information is stored in the portal for association operations.
Individual associations may have additional governing documents, record-retention rules, payment policies, or legal notices. Those association-specific materials supplement this policy where applicable.
2. Information POA Portal may collect or store
| Category | Examples | Purpose |
|---|---|---|
| Account and contact information | Name, email address, phone number, mailing address, portal role, account status, login and security settings. | Authentication, support, notices, role-based access, account recovery, and association communication. |
| Association and property records | HOA name, property address or lot, owner/property links, board and manager records, documents, meetings, ARC requests, violations, issues, inspections, amenities, parking, and work orders. | Operating the private community portal and maintaining association business records. |
| Payment and receivable records | Invoices, dues, assessments, credits, refunds, Stripe payment status, transaction IDs, last-four display values, receipt dates, and reconciliation records. | Collecting homeowner payments, applying payments, issuing refunds when authorized, and supporting accountant review. |
| Payables and outbound payment records | Vendor bills, approvals, PostGrid cheque IDs, cheque numbers, mailing status, tracking information, payee addresses, and payment audit history. | Submitting and tracking approved association bill payments and supporting accountant exports. |
| System, security, and audit data | Login events, IP address, browser/device details, security events, support references, audit logs, and error diagnostics. | Security monitoring, troubleshooting, fraud prevention, integrity checks, and compliance recordkeeping. |
3. Payment processors and service providers
Stripe for homeowner payments
Payment card and bank-account details used for online homeowner payments are handled through Stripe-hosted or Stripe-secured flows. POA Portal stores payment status, payment identifiers, receipt information, reconciliation records, and limited display data needed to operate the owner account history and support authorized users.
PostGrid for association bill payments
POA Portal uses PostGrid for approved outbound association bill payments by cheque. Payee names, mailing addresses, amounts, cheque numbers, memo information, and provider status information may be sent to PostGrid only as needed to create, cancel when still available, refresh, and track approved bill-payment orders.
Other operational providers
POA Portal may use email delivery, hosting, backup, logging, security, and support providers. Those providers are used only as needed to operate, secure, support, or improve the portal.
4. How information is used
POA Portal uses information to authenticate users, enforce role-based access, manage HOA records, collect homeowner payments, submit approved outbound bill payments, maintain audit history, send association communications, support inspections and compliance workflows, provide documents and exports, prevent abuse, troubleshoot issues, and satisfy association recordkeeping obligations.
POA Portal does not use personal information or payment information for third-party advertising. POA Portal does not sell payment data, vendor data, homeowner information, or community records.
6. Security controls
POA Portal uses technical and administrative safeguards intended to protect portal data. These include role-based access control, tenant/HOA scoping, session security controls, CSRF protection, two-factor authentication for privileged accounts and sensitive actions, audit logging, secure headers, protected file access patterns, server-side validation, and least-privilege access design.
User passwords are stored using one-way password hashing. Sensitive integration credentials such as payment-provider secrets, webhook secrets, SMTP passwords, and protected provider identifiers are encrypted at the application layer when saved through the portal. The application does not store raw card numbers, online banking usernames, or online banking passwords.
No security system can guarantee absolute protection. Before production use, portal operators should protect server credentials, keep backups encrypted, restrict database access, keep software patched, use HTTPS, rotate any exposed test credentials, and limit administrative accounts to authorized personnel.
7. Data retention
Association records may be retained for the period needed to operate the portal, preserve audit trails, support accountant and legal recordkeeping, comply with association obligations, resolve disputes, and meet backup-retention requirements. Some records, such as invoices, payments, notices, inspection findings, violations, and audit logs, may need to be retained even after an individual user account is inactive.
Where information is no longer needed, POA Portal may delete, archive, de-identify, or restrict access to it according to association policy, system settings, and applicable legal requirements.
8. User choices and requests
Users may contact the association manager or POA Portal support to request help with account access, correction of inaccurate account information, questions about records, or questions about privacy and security. Some records cannot be changed or deleted if they are required for association operations, audit integrity, legal compliance, payment reconciliation, or accountant support.
Homeowner payment-method management, autopay changes, and refund requests follow the controls available inside the portal and the applicable Stripe payment workflow. Managers can update vendor, payable, and outbound-check records according to their assigned permissions and the provider status of each payment.
10. Children
POA Portal is intended for association business use by authorized adults and authorized association representatives. It is not directed to children under 13.
11. Changes to this policy
POA Portal may update this policy as the portal, providers, laws, or association workflows change. The last-updated date at the top of this page identifies the current version.
12. Contact
Questions about this privacy policy or portal data handling can be sent to support@poaportal.com. For association-specific records, users may also contact their HOA or POA manager.
