Privacy Policy

In plain English. Avōt builds software that helps homeowner associations (“HOAs”) manage covenant enforcement, community complaints, peer review voting, and resolution tracking. This Privacy Policy (this “Policy” or “Privacy Policy”) explains what information we collect, how we use it, how we share it, and what rights you have. We have written this Policy to be honest and readable — not a lawyer’s document. If something here is unclear, please email us at privacy@avotapp.com.

A note on our two different roles. Avōt plays different privacy-law roles depending on the context, and it is important to be upfront about that:

• When your HOA uses the Platform, your HOA is in charge. When information is submitted through the Platform as part of HOA governance — violation reports, photos and videos, vote records, governing documents, case files, resolution records — your HOA decides what to collect and what to do with it. We handle that information for your HOA, under your HOA’s instructions. In privacy law, your HOA is the “controller” (sometimes called a “business”) and Avōt is the “processor” (sometimes called a “service provider” or “contractor”).
• When you visit our Website, we are in charge. When you browse the Website, fill out a demo request or contact form, or otherwise interact with our Website, Avōt is the controller. That is our own relationship with you, and this Policy describes how we handle it.

If you are a resident, Board Member, or Property Manager and you want to exercise rights over data submitted through the Platform, please contact your HOA first — your HOA controls that information. We will help your HOA respond. If you are a Website visitor, you can contact us directly at privacy@avotapp.com.

What’s in this Policy

1.  Who This Policy Applies To

2.  Our Two Roles: Controller and Processor

3.  Information We Collect

4.  How We Use Information

5.  AI Features

6.  How We Share Information

7.  Subprocessors and Service Providers

8.  The Two Payment Environments

9.  How Long We Keep Information

10.  Sensitive Information

11.  Security

12.  Your Privacy Rights (U.S. State Laws)

13.  International Visitors

14.  Children

15.  Cookies, Analytics, and Tracking Signals

16.  Third-Party Links

17.  Changes to This Policy

18.  How to Contact Us

Who This Policy Applies To

This Policy applies to everyone whose personal information we may collect, use, or share through the Website or the Platform, including:

• Website visitors — anyone who visits the Website, requests a demo, or sends us a message through a contact form.
• Board Members and Admin Board Members — individuals who use the Platform on behalf of an HOA to run governance and enforcement workflows. Each Community has a single Admin Board Member who manages the Community’s Avōt account; for HOA Customers covering multiple Communities, each Community has its own designated Admin Board Member.
• Residents — homeowners and residents who use the Platform within their own community to report issues, participate in Community Review, or track resolution.
• Property Managers — third-party managers who use the Platform with limited permissions, if the HOA has chosen that option.

Separate documents govern the legal relationship between Avōt and each of those users. If you are an HOA customer, your contract is the Master SaaS Agreement, which is located at https://avotapp.com/legal/msa, and the applicable Order Form. If you are an individual user of the Platform, your contract is the Platform End User Terms, which is located at https://avotapp.com/legal/end-user-terms. If you are a visitor to the Website, the Website Terms of Use located at https://avotapp.com/terms-and-conditions apply. This Privacy Policy sits alongside those documents.

Our Two Roles: Controller and Processor

Website Visitor Data — Avōt controls

When you visit the Website, request a demo, submit a contact form, or otherwise interact with our Website, Avōt determines what information to collect and why. Avōt is the controller for that data, and this Policy is your direct notice from us about how we handle it.

Community Data — HOA controls, Avōt processes

When an HOA (“Customer”) licenses the Platform, the Customer submits, uploads, and generates a wide range of information in the course of its governance and enforcement activities — violation reports, case files, vote records, governing documents, photos and videos, resident identifiers, and related workflow data (collectively, “Community Data”). The Customer decides what to submit, what to act on, and how to use it.

For Community Data, the Customer is the data “controller” (or “business” under California law). Avōt is the “processor” (or “service provider” or “contractor”). We process Community Data on the Customer’s behalf and under its documented instructions, as set out in the Master SaaS Agreement and the Data Processing Addendum, which is located at https://avotapp.com/legal/dpa. We do not sell Community Data, share it for cross-context behavioral advertising, or use it for our own marketing purposes.

If you are a resident, Board Member, or Property Manager, please direct requests about Community Data to your HOA first. Avōt will assist the HOA in responding to valid requests.

Information We Collect

Community Data Processed Through the Platform

When an HOA Customer uses the Platform, the following categories of information may be submitted, generated, or processed. This table is the same data inventory that appears in Avōt’s Data Processing Addendum — we reproduce it here so that residents, Board Members, and Property Managers can see it in one place.

Community Data is processed by Avōt on behalf of the HOA. The HOA is responsible for deciding what to collect, what to retain, and how to use it in its own governance and enforcement activities.

Website Visitor Data Collected by Avōt

When you interact with our Website, we collect information in the following ways:

• Information you give us. If you fill out a demo request or contact form, we collect the information you provide, such as your name, email address, phone number, company or HOA name, role, and any message you send.
• Information collected automatically. When you visit the Website, our servers and common web technologies automatically receive information such as your IP address, browser type and version, device type, operating system, referring URL, pages visited, time and date of access, and similar log data. We may also use cookies and similar technologies as described in Section 15.

Information From Third Parties

We also receive personal information from sources other than the individual to whom it relates, in limited and predictable ways:

• From HOA Customers. HOA Customers submit Community Data to the Platform — including information about residents, Board Members, and other individuals — in the course of their governance and enforcement activities. That information is Community Data and is handled on the HOA’s behalf as described in Section 2.2 above.
• From service providers and subprocessors. Our hosting, infrastructure, analytics, communications, payment, and similar service providers may process personal information about your interactions with the Website or the Platform on our behalf and return that information to us. See Section 6
• From authorized agents and representatives. If you submit a request through an authorized agent, attorney, or similar representative, we may receive information from that person in connection with the request.
• From public sources and referrals. We may receive limited information about prospective HOA customers from publicly available sources (for example, an HOA’s public governance contacts) or from referrals by existing customers, vendors, or partners, for the limited purpose of business development.

How We Use Information

Community Data

Avōt uses Community Data only as needed to:

provide, operate, maintain, and support the Platform for the HOA Customer, including account provisioning, user authentication, and permissions management;

maintain and improve the security, reliability, and functionality of the Platform;

respond to support requests and follow the Customer’s documented instructions; and

comply with applicable law and valid legal process.

We do not sell Community Data, share it for cross-context behavioral advertising, or use it to build products or services for anyone other than the Customer that submitted it. We do not use Community Data to train, fine-tune, or improve any artificial-intelligence or machine-learning model without the Customer’s explicit prior written consent. We do not combine Community Data from one Customer with data from another Customer except as permitted by law or expressly authorized by the Customer.

Website Visitor Data

Avōt collects and uses Website visitor data for its own business purposes, including to:

operate, secure, and improve the Website;

respond to demo requests, contact-form submissions, and other inquiries;

provision and support HOA customer accounts and manage the Avōt-customer relationship;

send marketing and business communications where permitted by law (you can unsubscribe at any time using the link in our emails or by emailing privacy@avotapp.com);

measure Website performance, usage, and engagement (for example, which pages are visited);

maintain internal records, prevent fraud, and protect the security and integrity of the Website and our business; and

comply with applicable law and protect our legal rights.

We do not sell Website visitor data or share it for cross-context behavioral advertising.

Aggregated and De-Identified Data

We may create aggregated, anonymized, or de-identified data from information we hold — for example, usage statistics that do not identify any person, property, Community, or Customer (“Aggregated Data”). We use Aggregated Data for lawful business purposes, including to improve the Platform, develop new features, generate benchmarks and analytics, and produce industry reports. We do not attempt to re-identify Aggregated Data.

AI Features

Some parts of the Platform use artificial-intelligence features to assist with covenant-matching, remedy suggestions, and workflow actions (“AI Features”). We want to be direct about a few things:

• Advisory only. AI Feature outputs are suggestions, not decisions. The HOA’s Board is always responsible for the final enforcement decision. AI outputs are not legal advice and are not a guarantee of any outcome.
• No training on Customer Data without consent. We do not use Community Data to train, fine-tune, or improve any AI or machine-learning model without the Customer’s explicit prior written consent. We include appropriate restrictions in our agreements with our AI providers, and we configure our AI providers’ services to route Customer Data through endpoints that do not retain it after the request completes.
• Current provider disclosed separately. Our current material AI provider is disclosed at https://avotapp.com/legal/ai-providers, along with what data is processed and the provider’s own privacy link. We keep this page up to date as our AI provider lineup changes.
• Accuracy caveat. AI-generated outputs can be inaccurate, incomplete, or unsuitable for a particular matter. A qualified human must review any AI output before any enforcement action is taken.

How We Share Information

We share information only in the limited circumstances described below.

• With the HOA (for Community Data). Within each Community, information is visible to users and administrators in the manner permitted by the Platform’s design and the HOA’s configuration. For example, photos and videos submitted with a violation report may be visible to the Board and, in some workflows, to other Authorized Users. Photos and videos are not automatically filtered or redacted by Avōt.
• With subprocessors and service providers. We use a limited set of vendors to help us run the Platform and the Website. See Section 7.
• With the HOA’s Stripe account (for payments). If the HOA uses our Payments Module, payments from residents flow through the HOA’s own Stripe account, not ours. See Section 8.
• For legal and safety reasons. We may disclose information if we reasonably believe disclosure is necessary to (a) comply with law, legal process, or a government or regulatory request; (b) enforce our contracts; (c) protect the rights, property, or safety of Avōt, our Customers, their Authorized Users, or the public; or (d) respond to an emergency. If we receive a legally binding request for Community Data, we will, unless legally prohibited, promptly notify the HOA Customer so it can take appropriate steps.
• In a business transfer. If we are involved in a merger, acquisition, financing, bankruptcy, or sale of all or part of our business or assets, personal information may be transferred as part of that transaction. Community Data will remain subject to the protections of the applicable HOA contract.
• With consent or at your direction. We may share information with other third parties when you ask us to or with your consent.

We do not sell your personal information, as “sell” is defined under California, Colorado, Connecticut, Utah, Virginia, or other applicable U.S. state privacy law. We do not share personal information for cross-context behavioral advertising.

Subprocessors and Service Providers

We use a limited set of third-party vendors to help us operate the Platform and the Website, including providers of application hosting and infrastructure, artificial-intelligence services, payment processing for HOA subscription fees, and transactional email delivery. These vendors only process information as necessary to provide services to us and are bound by contractual obligations on privacy, confidentiality, and security.

We maintain a current list of our material subprocessors at https://avotapp.com/legal/subprocessors. We update that list as our subprocessor lineup changes. A separate list of Avōt’s current AI providers is maintained at https://avotapp.com/legal/ai-providers. For HOA Customers, advance-notice and objection procedures for material subprocessor changes are set out in the Data Processing Addendum at https://avotapp.com/legal/dpa.

The Two Payment Environments

The Platform involves two completely separate payment environments. We think it is important to describe them accurately so you understand who handles what.

Payment Environment 1 — HOA-to-Avōt subscription

When an HOA pays Avōt for its subscription, the payment flows through Avōt’s own Stripe account. In that environment, Avōt is the merchant of record. We receive billing-contact information and limited payment-method metadata for the HOA. We do not receive or store full payment card numbers; Stripe handles that directly. Stripe’s privacy practices are described at https://stripe.com/privacy.

Payment Environment 2 — HOA-to-Resident collections

If the HOA uses our optional Payments Module to collect dues or fines from residents, those payments flow through the HOA’s own, independently established Stripe account — not Avōt’s. Avōt’s role is limited to providing the user interface and technical connectivity that lets the HOA initiate and manage those collections. Avōt never collects, holds, touches, accesses, or controls resident-facing funds in Payment Environment 2. Avōt is not the merchant of record, the debt collector, or the financial institution in that environment — the HOA is.

If you are a resident and have questions about a dues or fine payment, please contact your HOA or its designated manager. For privacy questions about Stripe’s role, see https://stripe.com/privacy.

How Long We Keep Information

Community Data

We retain Community Data for as long as the HOA Customer’s subscription is active. After the subscription expires or is terminated, the Customer has a thirty (30)-day retrieval window during which it can request a copy of its Community Data in a standard, machine-readable format. After that window, we delete or destroy Community Data in our possession or control, including copies held by subprocessors, except to the extent retention is required by law. Community Data archived in our routine backup systems may remain until it is deleted in the ordinary course, and in the meantime remains subject to the confidentiality, security, and access restrictions described in our contracts. The HOA Customer is responsible for keeping its own records of governance actions, votes, enforcement decisions, and resident communications for any audit, legal-hold, or business-continuity purpose.

Website Visitor Data

We keep Website visitor data only as long as reasonably necessary for the purposes described in this Policy, to comply with law, to resolve disputes, or to enforce our agreements. For example, we retain contact-form submissions and demo-request information for a period reasonably tied to the sales process and ongoing customer relationship, and server logs for standard operational and security windows.

Sensitive Information

We want to be honest about sensitive information. HOA enforcement activity sometimes involves information that can be sensitive in context — for example, photos or videos that show people, vehicles, or property features that could reveal health, disability, family status, national origin, or other attributes; descriptions of conduct that touch on protected characteristics; and materials about minors who may be depicted in enforcement photos submitted by the HOA.

What that means in practice:

• Treatment. We treat information that may be sensitive under applicable law with the same confidentiality, access, and security controls as the rest of Community Data, and we do not use it for any purpose other than providing the Platform to the HOA.
• No secondary use. We do not use sensitive information for advertising, profiling, or any cross-customer analytics. We do not use it to train AI models without the Customer’s explicit prior written consent.
• HOA responsibility. The HOA is the controller for Community Data and is responsible for deciding what to collect, whether any consents are required under applicable law, and how long to keep it. Authorized Users are responsible for submitting content they have the legal right to submit.
• No intentional submission of special categories. Consistent with our Data Processing Addendum, and unless otherwise expressly agreed in writing, HOAs should not intentionally submit special categories of personal data (as defined under applicable law), other sensitive personal information, or personal data relating to children. If such data is submitted incidentally as part of Community Data in the course of governance or enforcement activity, Avōt processes it consistent with the Data Processing Addendum and this Policy. The HOA is responsible for ensuring that any submission of sensitive or special category personal data complies with applicable law, including obtaining any required consents from the relevant data subjects.
• Right to limit. California residents and residents of some other states have a right to ask us to limit use of sensitive personal information to what is necessary to provide the service you requested. We already limit our use in that way as a general matter; see Section 12.

Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, loss, or destruction. These safeguards may include:

• encryption of data in transit (HTTPS/TLS) and at rest (AES-256);
• role-based access controls and least-privilege access for Avōt personnel and subprocessors;
• security monitoring and access logging;
• DDoS protection at the platform infrastructure layer; and
• Platform infrastructure that runs on hosting and cloud-infrastructure providers maintaining SOC 2 Type II certification under their respective third-party auditors,

in each case as implemented in our production environment. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security. If we confirm a security incident affecting Community Data, we will notify the affected HOA Customer as described in the Data Processing Addendum. You can help by using a strong, unique password, keeping your contact information up to date, and letting us know promptly if you suspect unauthorized access to your account.

Your Privacy Rights (U.S. State Laws)

Depending on where you live and subject to applicable exemptions and limitations, you may have rights under a comprehensive U.S. state consumer privacy law — including the right to know or access, correct, delete, and obtain a portable copy of your personal information; to opt out of sale, sharing, or targeted advertising; to limit certain uses of sensitive personal information; to appeal a denial of a rights request; and to receive non-discriminatory treatment for exercising privacy rights. These rights are available in a growing list of states (for example, California, Colorado, Connecticut, Virginia, and Utah), and the specific rights available to you depend on your state of residence. Residents whose state law applies generally have the following rights, subject to the conditions and exceptions in the applicable law:

How to Exercise Your Rights

• Community Data (Platform users). If your request relates to information submitted through the Platform as part of HOA governance, please contact your HOA first. Your HOA is the controller for that information and decides whether and how to grant the request. Avōt will support the HOA in responding. If you cannot reach your HOA or need our help, email privacy@avotapp.com and we will route your request to the right place.
• Website Visitor Data. If your request relates to information you gave us or that we collected through the Website, email privacy@avotapp.com with the subject line “Privacy Rights Request.” We will acknowledge your request within a reasonable time and respond within the time required by applicable law (generally 45 days from receipt, with a permitted extension where applicable).
• Verification. We may ask you to verify your identity before we process your request (for example, by confirming information you previously provided to us). We will only use that verification information to respond to your request.
• Authorized agents. You may use an authorized agent to submit a request where allowed by law. We will ask for written proof of the agent’s authority and may ask you to verify your identity directly.
• Appeals. If we deny your request, you may appeal by replying to our response or emailing privacy@avotapp.com with the word “Appeal” in the subject line. We will respond within the time required by applicable law.

Notice at Collection (California)

For California residents, this Policy is intended to serve as Avōt’s notice at collection and California privacy notice to the extent applicable. Section 3 of this Policy describes the categories of personal information we collect, the sources from which we collect it, and the purposes for which we use them. We retain personal information for the periods described in Section 9. Section 6 describes the categories of recipients to whom we disclose personal information, and Section 7 describes our service providers and subprocessors in more detail. We do not sell or share personal information as those terms are defined under the California Consumer Privacy Act, and we do not use or disclose sensitive personal information for purposes that would require a right to limit beyond what is necessary to provide the service you requested.

International Visitors

The Website and the Platform are operated in the United States and designed primarily for U.S.-based operations. If you access them from outside the United States, your information may be processed in the United States and other jurisdictions where we or our service providers operate. Those jurisdictions may have different data-protection rules than your home country. If European or United Kingdom data-protection laws apply to our processing in a particular case, Avōt and the applicable HOA will address those requirements through the contractual and transfer mechanisms described in the Data Processing Addendum.

Children

The Platform is not directed to children under 18, and we do not knowingly collect personal information directly from children under 18 for Avōt’s own purposes. Residents and other individual users of the Platform must be at least 18 years old, as described in the Platform End User Terms. HOA Customers potentially could submit enforcement photos or case files that depict or reference minors in the course of covenant enforcement activity; that content is Community Data and is handled as described in this Policy and the Data Processing Addendum, on the HOA’s behalf. If you believe a child under 13 has provided personal information to us directly through the Website in violation of this Policy, please email privacy@avotapp.com and we will take appropriate steps to delete it.

Cookies, Analytics, and Tracking Signals

The Website may use cookies, pixels, local storage, software development kits, and similar technologies to make the Website function, remember your preferences, maintain security, understand usage, and measure performance. The specific technologies in use may change over time as the Website evolves.

Most browsers let you control cookies through browser settings. If you disable certain cookies or similar technologies, some Website features may not function properly. Where required by applicable law, we will provide a cookie banner, consent tool, or similar notice and will process your choices accordingly.

At the time of this Policy, Avōt does not sell personal information, does not share personal information for cross-context behavioral advertising, and does not use Website tracking technologies for targeted advertising. If any of those practices changes, we will update this Policy and implement any required consent or opt-out mechanisms before the change goes live.

If our processing later becomes subject to an opt-out right under applicable law — for example, if we begin to sell personal information, share it for cross-context behavioral advertising, or use it for targeted advertising — we will implement and recognize valid opt-out preference signals, such as Global Privacy Control or other universal opt-out mechanisms, before any such processing begins, to the extent required by applicable law.

Third-Party Links

The Website and the Platform may contain links to third-party websites and services. We are not responsible for the privacy practices of those third parties. We recommend reviewing the privacy policies of any third-party site you visit.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated Policy at https://avotapp.com/legal/privacy and update the “Last Updated” date at the top. The updated Policy takes effect when posted unless a later effective date is stated. If we make a material change, we will provide any additional notice required by applicable law or by our contracts with HOA Customers.

How to Contact Us

If you have questions about this Privacy Policy or our privacy practices, or if you want to exercise any of the rights described above, please contact us:

Avōt, Inc.

Attn: Privacy

6360 I-55 North, Suite 350

Jackson, Mississippi 39211

Email: privacy@avotapp.com