Six Pillars of Security
Comprehensive protection for your HOA's most sensitive data
Data Encryption
All data encrypted at rest and in transit
- AES-256 encryption for data at rest
- TLS 1.3 for all data in transit
- Encrypted database backups
- Secure key management practices
Bank-Level Security
Enterprise security standards and practices
- SOC 2 Type II aligned controls
- Regular third-party security audits
- Vulnerability scanning & penetration testing
- Security incident response procedures
Role-Based Access
Granular permissions for every user type
- Four user roles: Admin, Board, Manager, Resident
- Permission-based feature access
- Audit logging for sensitive actions
- Session timeout controls
Audit Logging
Complete activity trails for compliance
- All financial transactions logged
- User login/logout tracking
- Document access history
- Configuration change records
PCI-Compliant Payments
Stripe handles all payment data securely
- PCI DSS Level 1 certified (via Stripe)
- No credit card data stored on our servers
- Tokenized payment processing
- Fraud detection & prevention
Automated Backups
Daily encrypted backups with recovery options
- Daily automated database backups
- Point-in-time recovery capability
- Geographically distributed backup storage
- 30-day backup retention
Infrastructure & Reliability
Built on enterprise-grade cloud infrastructure for maximum uptime and performance
99.9% Uptime SLA
Enterprise-grade reliability with guaranteed availability
Cloud Infrastructure
Hosted on AWS with multi-region redundancy
24/7 Monitoring
Continuous system monitoring and alerting
Disaster Recovery
Documented DR procedures with regular testing
Compliance & Privacy
Designed with privacy regulations in mind, giving you and your residents control over data
CCPA Ready
California Consumer Privacy Act compliant data practices
Data Retention
Configurable retention policies aligned with HOA requirements
Right to Deletion
Support for data deletion requests per privacy regulations
Privacy by Design
Data minimization and purpose limitation built-in
State Cybersecurity & AI Compliance
New 2026 state laws introduce specific requirements for AI transparency, data security, and digital portals. HOACart.AI is designed to help you stay compliant with these emerging regulations.
New York
AI Disclosure Requirements
Effective: January 1, 2026
Requirements
- •Mandatory disclosure when AI/bots interact with tenants or applicants
- •Clear labeling of AI-generated content (synthetic voices, avatars, chatbots)
- •$1,000 fine per violation for using AI to pose as licensed property managers without disclosure
- •Explicit consent required before AI-assisted screening decisions
HOACart.AI Compliance
- All AI features clearly labeled in user interface
- AI Audit Log tracks every automated decision
- Tenant-facing AI interactions display disclosure notices
- Human review workflow available for all AI decisions
Washington
AI Transparency & Anti-Discrimination
Effective: July 1, 2026
Requirements
- •Tenant "Right to Know" when AI assists in housing decisions
- •Prohibition on algorithmic rent discrimination based on protected classes
- •Detailed AI audit logging for screening, rent calculations, and eviction flags
- •Tenants can challenge AI-assisted decisions and request human review
HOACart.AI Compliance
- Comprehensive AI Audit Log with exportable records
- Human override capability for all AI decisions
- Challenge tracking system with resolution documentation
- Anti-discrimination guardrails in all automated processes
Florida
Digital Portal & Data Security Mandate
Effective: July 1, 2026
Requirements
- •Condos (25+ units) and HOAs (100+ parcels) must provide secure digital member portals
- •Official records accessible electronically with proper authentication
- •Secure storage of financial and governance documents
- •Associations with >$500K annual revenue require licensed Community Association Manager
HOACart.AI Compliance
- Secure resident portal with role-based access control
- Encrypted document storage with audit trails
- SOC 2 aligned security practices exceed requirements
- Automated revenue threshold monitoring for CAM compliance
Security Incident Detection & Response
HOACart.AI employs automated threat detection and a documented incident response plan to identify, contain, and recover from security incidents while keeping your data protected.
Automated Threat Detection
Brute Force Attacks
Multiple failed logins from same IP
Auto-block after 5 attempts
Credential Stuffing
Distributed login attempts
Pattern detection & alerting
Session Hijacking
Suspicious IP changes during session
Session invalidation
Data Exfiltration
Unusual bulk data exports
Export limits & alerts
SQL Injection
Malicious query patterns
Input sanitization & blocking
XSS Attempts
Script injection in inputs
Content filtering & logging
Incident Response Phases
Identify & classify incident
Isolate & preserve evidence
Remove threat & patch
Restore & monitor
Post-incident analysis
Our Notification Commitment
In the unlikely event of a security breach affecting your data, we commit to:
- 72-hour notification to affected customers as required by CCPA and state regulations
- Clear communication about what data was affected and recommended protective steps
- Regulatory compliance with state-specific notification requirements (CA, FL, NY, WA, IL)
- Post-incident report with root cause analysis and preventive measures
Security FAQ
Common questions about how we protect your HOA's data
All financial data is encrypted using AES-256 encryption at rest and TLS 1.3 in transit. We use bank-level security practices including regular security audits, vulnerability scanning, and strict access controls. Your payment data is processed through Stripe, a PCI DSS Level 1 certified payment processor—we never store credit card numbers on our servers.