Privacy Policy - HOARiskInsights

1. INTRODUCTION

HOA Risk Insights is a service of Compliance Review Solutions (“Company,” “we,” “our,” or “us”), a California-based HOA document review service. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our website at www.HOARiskInsights.com, submit documents for review, or purchase any of our report products (Report A, Report B, or Report C).

By accessing our website or submitting an order, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our services.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly
When you submit an order, contact us, or use our website, you may provide:
Name (buyer, seller, or agent)
Property address
Email address
Phone number
Payment information (processed through Stripe; we do not store card numbers)
HOA documents uploaded for review (PDF files)
Any other information included in order intake forms

2.2 Information Collected Automatically
When you visit our website, we may automatically collect:
IP address and browser type
Pages visited and time spent on our site
Referring URLs
Device type and operating system
Cookies and similar tracking technologies (see Section 7)

2.3 HOA Documents and Third-Party Data
As part of our service, you upload HOA disclosure documents, reserve studies, financial statements, and related materials. These documents may contain personal information about homeowners, association members, and other individuals. We process this information solely to produce the report you have ordered. We do not use document contents for any purpose beyond report generation and quality review.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

To process and fulfill your report order
To communicate with you regarding your order status, missing documents, or report delivery
To process payments through Stripe
To improve our services and report quality
To respond to inquiries, support requests, or feedback
To send order confirmations and transactional communications
To comply with applicable laws and regulations
To protect the security and integrity of our services

We do not use your personal information or uploaded documents to train AI models, build marketing profiles, or for any purpose unrelated to your order.

We do not sell your personal information. We may share your information in the following limited circumstances:

4.1 Service Providers
We work with trusted third-party vendors to operate our business, including:
Stripe — payment processing
Bluehost — website hosting and email services
Anthropic (Claude AI) — AI-assisted document analysis for report generation, accessed via the Anthropic API
Amazon Web Services (AWS) — cloud infrastructure and AI model access via Amazon Bedrock, which may be used as an alternative or supplement to the Anthropic API for report generation
WordPress / Formidable Forms — online intake forms
These providers are contractually required to protect your information and may only use it to perform services on our behalf.

4.2 Legal Compliance
We may disclose information if required by law, court order, subpoena, or government request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers
In the event of a merger, acquisition, or sale of business assets, your information may be transferred as part of that transaction. We will notify you of any such change and your options regarding your information.

4.4 With Your Consent
We may share your information for any other purpose with your explicit consent.

5. HOA DOCUMENTS AND CONFIDENTIALITY

Documents you upload for report generation are treated as confidential. We use them exclusively to produce your ordered report. Uploaded documents are not shared with third parties except as described in Section 4.1 (service providers processing data on our behalf).

Reports produced by Compliance Review Solutions are intended solely for the use of the ordering party. Our reports carry a copyright notice and are not to be reproduced, shared, or redistributed without written permission. See the copyright notice on each report for full terms.

Document files are retained for a limited period following report delivery to allow for quality review and any necessary corrections. Files are deleted in accordance with our standard data retention schedule. Contact us at in**@*************ts.com to request earlier deletion.

6. CALIFORNIA PRIVACY RIGHTS (CCPA / CPRA)

As a California-based service, we are committed to compliance with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). California residents have the following rights:

6.1 Right to Know

You have the right to request that we disclose what personal information we have collected about you, the categories and sources of that information, the purposes for which it is used, and the categories of third parties with whom it is shared.

6.2 Right to Delete

You have the right to request deletion of personal information we have collected about you, subject to certain exceptions (such as information needed to complete a transaction or comply with a legal obligation).

6.3 Right to Correct

You have the right to request correction of inaccurate personal information we hold about you.

6.4 Right to Opt Out of Sale

We do not sell personal information. No opt-out is required, but you have the right to confirm this at any time.

6.5 Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. Exercising your rights will not affect the quality or price of our services.

6.6 How to Exercise Your Rights

To submit a privacy rights request, contact us at:

Email: in**@*************ts.com
Phone: (925) 693-0679

We will respond to verifiable requests within 45 days. We may need to verify your identity before processing your request.Suggested text: If you request a password reset, your IP address will be included in the reset email.

7. COOKIES AND TRACKING TECHNOLOGY

Our website may use cookies and similar technologies to improve functionality, analyze traffic, and understand visitor behavior. Cookies are small text files stored on your device.

Types of Cookies We May Use

Essential cookies — required for the website to function (e.g., form session cookies)
Analytics cookies — help us understand how visitors interact with the site
Preference cookies — remember your settings and choices

You may control or disable cookies through your browser settings. Disabling certain cookies may affect website functionality. We do not use cookies to track your activity across unaffiliated third-party websites.

8. DATA SECURITY

8. DATA SECURITY

We implement reasonable technical and administrative safeguards to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These measures include:

Encrypted data transmission (SSL/TLS)
Access controls limiting who can view uploaded documents and order data
Use of reputable, security-certified third-party processors (Stripe, Bluehost, Anthropic)
Internal policies governing handling and retention of client documents

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. If you believe your information has been compromised, please contact us immediately at in**@*************ts.com.

9. PAYMENT INFORMATION

All payment transactions are processed through Stripe, a PCI-compliant payment processor. We do not store, transmit, or have access to your full credit card number, CVV, or bank account details. Stripe’s privacy practices are governed by their Privacy Policy, available at stripe.com/privacy.

By submitting payment information, you authorize Stripe to process the transaction on our behalf in accordance with your order.

10. AI ASSISTED REPORT GENERATION

Our report products use AI language models to analyze uploaded HOA documents and generate findings. We currently use, or may use in combination, the following AI platforms:

10.1 Anthropic (Claude AI) — via the Anthropic API

When documents are processed through the Anthropic API, the content of those documents is transmitted to Anthropic’s systems in accordance with Anthropic’s API usage policies and privacy terms. Under Anthropic’s API terms, data submitted via the API is not used to train Anthropic’s models by default. For current details on Anthropic’s data practices, please review their Privacy Policy at anthropic.com/privacy.

10.2 Amazon Web Services (AWS) — via Amazon Bedrock

We may also access AI models (including Anthropic’s Claude models) through Amazon Bedrock, AWS’s managed AI service. When documents are processed through AWS Bedrock, the content of those documents is transmitted to Amazon Web Services in accordance with AWS’s data privacy commitments. AWS does not use customer data submitted through Bedrock to train underlying AI models. For current details on AWS data practices, please review the AWS Privacy Notice at aws.amazon.com/privacy and the Amazon Bedrock service terms.

10.3 Our Commitment Regardless of Platform

Regardless of which AI platform processes your documents for a given order, the following commitments apply:

Your documents are transmitted solely for the purpose of automated data extraction in order to generate your ordered report.
Your data is not used for AI model training by either provider under their current API/enterprise terms.
All reports are subject to quality review by Compliance Review Solutions before delivery. The final report represents the work product of Compliance Review Solutions, not an automated AI output.

11. CHILDREN’S PRIVACY

Our services are intended for adults engaged in California real estate transactions. We do not knowingly collect personal information from individuals under the age of 18. If we learn that we have inadvertently collected information from a minor, we will delete it promptly. If you believe we have collected information from a minor, please contact us at in**@*************ts.com.

12. LINKS TO THIRD-PARTY WEBSITES

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. DATA RETENTION

We retain personal information and uploaded documents for as long as necessary to fulfill the purposes described in this Privacy Policy, including providing your report, responding to follow-up requests, and meeting legal or business obligations. When information is no longer needed, we delete or anonymize it in accordance with our internal retention policies.
To request deletion of your information prior to the end of our standard retention period, contact us at in**@*************ts.com.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will update the Effective Date at the top of this document and, where appropriate, notify you by email or a notice on our website.

Your continued use of our services after the updated policy is posted constitutes your acceptance of the changes. We encourage you to review this policy periodically.

14. CONTACT US

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us:

Business Name: Compliance Review Solutions
Website: www.HOARiskInsights.com
Email: in**@*************ts.com
Phone: (925) 693-0679

This Privacy Policy is provided for informational purposes and does not constitute legal advice.
For questions about your specific legal rights under California law, consult a licensed California attorney.