Privacy Policy
Civentry — a product of Daddisyn Labs, LLC, Moorpark, California
Effective date: June 5, 2026
Last updated: June 5, 2026
1. Overview
This Privacy Policy explains what information Civentry ("we," "us," "our") collects, how we use and protect it, and the choices you have. Civentry provides software for community associations (HOAs) to organize financial documents, generate AI-assisted summaries, control resident transparency, and manage vendor bids. We handle sensitive financial documents and treat that responsibility seriously.
This policy is written with California's Consumer Privacy Act (CCPA), as amended by the CPRA, in mind, and we honor the rights described below to the extent the CCPA applies to us. The CCPA applies to a business only if it meets certain thresholds (for example, annual gross revenue over a statutory amount, or buying, selling, or sharing the personal information of 100,000+ California consumers or households per year, or deriving 50% or more of revenue from selling or sharing personal information). We may not currently meet these thresholds, but we follow CCPA-aligned practices as a matter of trust and forward-readiness.
2. Information We Collect
Account information. Name, email address, and role within your Organization.
Organization (HOA) information. Organization name, address, unit count, and management type (self-managed or professionally managed).
Documents you upload. Financial reports, budgets, reserve studies, bank statements, vendor invoices, delinquency reports, governing documents, and similar files. These may contain personal information about residents that you choose to upload.
Data derived from documents. Structured financial data extracted from your uploads by automated and AI processing.
Resident information (if you upload or enter it). Resident names, email addresses, and access links used to share board-approved, resident-safe summaries.
Usage data. Login events, feature usage, session data, and audit logs generated as you use the Service.
Payment information. Handled entirely by our payment processor, Stripe. We do not collect or store your full payment card or bank account numbers.
3. Information We Do Not Collect
To be clear about our boundaries, Civentry does not collect:
- individual homeowner payment history beyond what appears in documents you upload;
- Social Security numbers or other government identifiers;
- full credit card or bank account numbers (these are handled by Stripe);
- medical or health information.
4. How We Use Information
We use information to:
- provide, operate, and maintain the Service;
- process uploaded documents and generate AI-assisted summaries, talking points, and analyses for your review and approval;
- enforce role-based access and tenant isolation;
- process subscriptions and billing (via Stripe);
- communicate with you (transactional emails, security alerts, support);
- maintain audit logs and meet security, compliance, and legal obligations;
- develop, maintain, secure, and improve the Service. We may use aggregated or de-identified usage and performance information for this purpose. We do not use the contents of one Organization's uploaded documents to expose, display, or provide identifiable information to another Organization.
We do not use the contents of your uploaded financial documents for advertising, and we do not sell or share your personal information (see Section 8).
5. AI Processing
AI-assisted features are powered by Anthropic's Claude API. When you upload a document, its contents may be processed by Anthropic to generate extractions and summaries. Some documents may also first be processed by a document-parsing provider (LlamaIndex / LlamaParse) to extract text and structure before AI analysis. According to Anthropic's current commercial API data-use policy, Anthropic does not use API inputs or outputs to train its models by default, unless the customer affirmatively opts into a data-sharing or model-improvement program. Civentry does not opt into such training use. Anthropic processes this data as a service provider/subprocessor to provide the AI functionality. AI outputs are drafts that require human review before they are published or shared; see our AI Disclaimer.
6. How We Share Information (Service Providers / Subprocessors)
We share information only with service providers necessary to operate the Service, each bound by a data processing agreement:
| Provider | Purpose |
|---|---|
| Supabase | Database, authentication, and document storage |
| Anthropic | AI analysis of documents |
| LlamaIndex / LlamaParse | Document parsing and text extraction from uploaded files |
| Stripe | Payment processing |
| Vercel | Application hosting |
| Resend | Transactional email delivery |
We may also disclose information if required by law or valid legal process, to protect the rights, property, or safety of Civentry, our users, or others, or in connection with a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honor this Policy or will provide notice and choices as required by law.
7. Data Retention and Deletion
- We retain Organization documents and data for the duration of your active subscription.
- After cancellation, data is retained for 90 days and then permanently deleted.
- You may request immediate deletion of specific documents; deletion is permanent and not reversible.
- Audit logs are retained for at least 12 months for security and compliance.
8. Your Privacy Rights (California / CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect about you and how it is used;
- Delete personal information we hold about you, subject to legal exceptions;
- Correct inaccurate personal information;
- Opt out of sale or sharing of personal information — Civentry does not sell or share personal information, so there is nothing to opt out of, but we honor the right;
- Non-discrimination — you will receive equal service regardless of the privacy choices you make.
To exercise these rights, contact hello@civentry.com. We will acknowledge and respond to verifiable requests within the timeframes required by law (generally within 45 days, with one possible extension). To protect your information, we will take reasonable steps to verify your identity before acting on a request, and we may decline requests we cannot verify. You may use an authorized agent to submit a request on your behalf, subject to verification.
9. Security
We protect information using role-based access enforced at the database level, tenant isolation between Organizations, encryption in transit (TLS 1.2 minimum, TLS 1.3 preferred) and at rest (AES-256), private document storage with short-lived signed access URLs, multi-factor authentication for administrative roles, and audit logging. No system is perfectly secure, but security is built into our architecture. See our Security & Data Handling page for detail.
10. Data Breach Notification
In the event of a breach involving personal information, we will notify affected individuals and any required authorities in the most expedient time possible and without unreasonable delay, consistent with California's data-breach notification law (Cal. Civ. Code §§1798.29, 1798.82) and any other applicable law, subject to the legitimate needs of law enforcement.
11. Children's Privacy
The Service is not directed to children and is intended for use by adults acting on behalf of community associations. We do not knowingly collect personal information from children under 13.
12. Changes to this Policy
We may update this Policy. We will post the updated version with a new "Last updated" date and provide additional notice for material changes as required by law.
13. Contact
Privacy questions or requests: hello@civentry.com
Daddisyn Labs, LLC, Moorpark, California