Privacy Policy · HawkHOA for FishHawk Ranch
Version 1.1, effective 2026-05-04
Privacy Policy v1.1, effective 2026-05-04. This policy is under ongoing attorney review prior to public launch. Privacy questions and corrections to privacy@hoastream.com.
Data controller
The data controller for HOAStream and any product offering operated under it (including HawkHOA for FishHawk Ranch) is JeLe Ventures LLC, a Florida limited-liability company. Once the Florida fictitious-name registration is approved, the controller name will read “JeLe Ventures LLC d/b/a HOAStream”.
Our privacy philosophy
We collect almost nothing. HawkHOA is designed around a minimal-data principle: the less we collect, the less there is to leak, mishandle, or misuse.
What we collect
- Your questions. We log the question you ask and the answer HawkHOA gives for audit purposes (3-year retention).
- A session identifier. An anonymous UUID in your browser so we can rate-limit abuse. Not tied to your identity.
- A hashed IP address. For abuse detection, discarded after 24 hours. The real IP is never stored.
- Consent acknowledgment. When you accept the first-session disclaimer, we log that you accepted (with a timestamp) so we can prove the disclaimer was shown.
- A residency check on your street address. To enter the member-only preview, HawkHOA sends your address to the public Hillsborough County property appraiser and confirms it is a real FishHawk Ranch parcel. Your address is not stored. Only an anonymous HMAC-signed residency cookie is kept in your browser (30-day expiry), so you don't have to re-verify on every visit.
What we do NOT collect
- Your real name or address
- Your HOA lot or unit number
- Location data
- Cross-site tracking (no Google Analytics, no Facebook pixel)
- Payment information
Who processes your data
Your question is transmitted to:
- Anthropic (Claude API), generates the AI response. Operating under zero-data-retention when available.
- Voyage AI, generates search embeddings. Operating under zero-data-retention when available.
- Supabase, stores the audit log with Row-Level Security isolating FishHawk Ranch data from other tenants. Specific enforcement layers are described in the Security section below.
- Vercel, hosts this web interface.
- Upstash, rate limiting.
- Postmark, sends transactional email (verification codes, board signup confirmations, drafts-ready notifications). Receives only the recipient email address, the message body, and standard delivery metadata (IP at send time, bounce status).
Your rights
Close the browser tab to delete your client-side chat history. Audit-log deletion requests will be handled through the operator contact channel published before public launch. Because your audit-log entries are tied only to an anonymous session UUID, not to your name, address, or unit, we cannot identify which entries belong to you unless you provide your session UUID at the time of the request.
Security
All data is encrypted in transit (TLS 1.3) and at rest. Tenant isolation is enforced today through (a) parameterized queries scoped to the authenticated tenant context, (b) automated tenant-isolation test suites that run on every deploy, and (c) a nightly database-level audit that alerts the operator to any unexpected cross-tenant exposure or grant drift. Postgres Row-Level Security is enabled schema-wide and all anonymous-role grants have been revoked. A dedicated application database role (NOBYPASSRLS) cut-over is staged and pending so that RLS becomes the database-layer enforcement in addition to the application-layer controls described above. The /trust page lists this milestone.
Privacy contact
Privacy requests and data-rights inquiries: privacy@hoastream.com (monitored by JeLe Ventures LLC, the operator of HOAStream and the HawkHOA community product). Accessibility-specific inquiries: accessibility@hoastream.com.
Note: CIRA / RealManage at FishRan@ciramail.com handles HOA-related questions but is not the data controller for HawkHOA for FishHawk Ranch.