Privacy Policy
Last updated: May 28, 2026
1. Overview
Boardly ("we," "us," or "our") operates the Boardly SaaS platform. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your personal data. By using the Service, you agree to this policy.
2. Information We Collect
Account information: When you register, we collect your name, email address, and a hashed password. We also store your community CC&R rules if you choose to save them.
Payment information: Payments are processed by Stripe. We do not store credit card numbers or full payment details. We receive and retain transaction metadata (amount, date, Stripe session ID, product) to track credit balances and subscription status.
HOA records and violation data: We store violation descriptions, recipient names and email addresses, and any information you enter when creating a violation notice. This data belongs to you and is used solely to provide the Service.
Violation photos: Photos you upload for AI-powered violation detection are stored in cloud storage (Cloudflare R2) and associated with your account. Photos are used to generate violation notices via AI vision analysis.
Usage data: We collect standard server logs including IP addresses, browser type, pages visited, and timestamps to operate and improve the Service.
3. How We Use Your Information
- To create and manage your account and deliver the Service.
- To process payments and manage subscription credits.
- To generate AI-drafted violation notices from your uploaded content.
- To send violation notices via email on your behalf.
- To respond to support requests.
- To send transactional emails (account confirmation, billing receipts).
- To detect, prevent, and address technical issues or abuse.
- To improve our AI models and product features (using aggregated, anonymized data only).
We do not sell your personal data. We do not use your data to train AI models in identifiable form without your consent.
4. Third-Party Services
We share data with trusted third parties only as necessary to provide the Service:
- Stripe — Payment processing. Stripe receives your payment information and processes billing. See Stripe's Privacy Policy.
- OpenAI — AI notice generation. Violation photos and descriptions are sent to OpenAI's GPT-4o API to draft notices. OpenAI's data handling is governed by their API data usage policies.
- Cloudflare R2 — Cloud storage for violation photos.
- Render / hosting provider — Cloud hosting for the application and database.
- Meta Pixel — We use Meta's advertising pixel (ID: 1530601088458024) on our marketing pages to measure the effectiveness of our ads. This may collect anonymized browsing data for ad attribution.
- Polsia — Our underlying infrastructure provider handles email delivery, file storage, and platform operations.
5. Cookies & Tracking
We use session cookies to keep you logged in. We also use the Meta Pixel on our public marketing pages, which may set cookies for ad measurement purposes. You can disable cookies in your browser settings, though this may affect Service functionality.
We do not use analytics cookies beyond what is described here. We do not sell cookie data to advertisers.
6. Data Retention
We retain your account data for as long as your account is active. If you close your account, we will delete or anonymize your personal data within 90 days, except where we are required to retain it for legal or financial compliance (e.g., billing records for up to 7 years).
Violation photos and notice data are deleted within 90 days of account closure.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — Request a copy of the personal data we hold about you.
- Correction — Request correction of inaccurate or incomplete data.
- Deletion — Request deletion of your personal data ("right to be forgotten").
- Portability — Request your data in a machine-readable format.
- Objection / Opt-out — Object to processing of your data for certain purposes.
To exercise any of these rights, email us at privacy@boardlyhq.com. We will respond within 30 days.
8. CCPA (California Residents)
If you are a California resident, you have the right to know what personal information we collect, to request deletion, and to opt out of the "sale" of personal information. Boardly does not sell personal information. To submit a CCPA request, contact privacy@boardlyhq.com.
9. GDPR (EU/EEA Residents)
If you are located in the European Economic Area, our legal basis for processing your personal data is: (a) contract performance — to provide the Service you signed up for; (b) legitimate interests — to operate and improve the Service; and (c) your consent — for optional features. You may contact us at privacy@boardlyhq.com to exercise your GDPR rights.
10. Children's Privacy
The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.
11. Data Security
We implement industry-standard security measures including encrypted data transmission (HTTPS/TLS), hashed passwords, and access controls. No method of transmission over the Internet is 100% secure. We cannot guarantee absolute security, but we will notify you promptly in the event of a breach affecting your data, as required by applicable law.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.
13. Contact
Privacy questions or requests: privacy@boardlyhq.com
General support: support@boardlyhq.com