Florida · §718

Built for HB 1021 + HB 913. Down to the section number. The software side of Florida condo compliance — statutory deadlines, notices, and records, dated and exportable.

§ 718.112(2)(c) — 48-hr notice

LEGAL · PRIVACY POLICY

Privacy Policy

Effective: 2026-04-30Last reviewed: 2026-04-30Version: 1.0Download as PDF →

This policy describes what data HOA Rocket collects in the operation of its compliance platform for Florida condominium associations, where that data lives, who can access it, and what you can ask us to do with it. We have written it without “we value your privacy” boilerplate. The specifics are below.

HOA Rocket is operated by Revis-1 LLC, a Florida limited liability company.

On this page (10 sections)

1.What we collect

We collect four categories of data.

  1. Authentication credentials. Email address, hashed password, and session tokens necessary to log you in. Authentication is operated through Better-Auth, which we self-host on our own infrastructure. No third party sees your credentials.
  2. Association data uploaded by users. Documents, notices, meeting minutes, records-request submissions and responses, vendor contracts, financial statements, reserve studies, milestone-inspection reports, and any other content that an authorized user of an association posts to the platform. This is the bulk of what we hold.
  3. Billing details. Name, billing address, and the last four digits of the payment instrument. Full card numbers and bank-account numbers are handled by Stripe and never stored on HOA Rocket servers.
  4. Audit logs and operational telemetry. Every meaningful action — login, document upload, document download, notice send, records-request response — is timestamped and recorded with the user, the association, and the source IP. Standard server logs (request paths, response codes, error traces) are retained for operational support.

We do not collect biometric data. We do not collect location beyond IP-derived approximate geography. We do not buy data about you from third parties.

2.Where it is stored

All production data lives in the United States.

  • Application database. PostgreSQL, hosted on Hetzner Online infrastructure in the Hillsboro, Oregon (US-West) and Ashburn, Virginia (US-East) regions. Encrypted at rest using AES-256.
  • Document storage. Hetzner Object Storage, US regions, encrypted at rest.
  • Backups. Encrypted, retained per the schedule in section 6 below, stored in a second US region from the primary.
  • Logs. Centralized logging service operated by us, US-hosted, retained for 90 days rolling.

We do not transfer association data outside the United States in the normal course of business.

3.Who can see it

  • Authorized users of the association.Board members and the association’s contracted CAM, at access levels the board configures. The board decides who in the association can see what.
  • HOA Rocket support staff.Limited members of our team can access an association’s data only when responding to a support request you have opened, or to investigate a confirmed security incident. Every such access is logged and visible to the board on request. We do not browse association data outside these conditions.
  • Sub-processors. Listed in section 4, each with a defined role.
  • Nobody else.We do not sell data. We do not share data with advertisers. We do not use association content to train machine-learning models, ours or anyone else’s.

4.Sub-processors

We use four sub-processors. Each handles a defined slice of data; none holds the full picture.

Sub-processorRoleData categoryPrivacy policy
Stripe, Inc.Billing and payment processingBilling name, address, payment instrumentstripe.com/privacy
Brevo (Sendinblue SAS)Transactional email delivery (notices, password resets, account email)Recipient email address, message contentsbrevo.com/legal/privacypolicy
Hetzner Online GmbHApplication hosting and object storage (US regions)All application and document data, encrypted at resthetzner.com/legal/privacy-policy
Better-AuthAuthentication library, self-hosted by HOA RocketCredentials never leave our infrastructuren/a — no third-party processor

Material changes to this list — adding a sub-processor, changing the data category handled by an existing one — are notified to subscribers at least 30 days in advance, by email to the account billing contact and by notice in the product.

5.Your rights and how to exercise them

Florida does not yet impose a comprehensive consumer-privacy statute on entities of our size. We extend the following rights regardless.

  • Access. You may request a copy of the personal data we hold about you, including the audit log of accesses to your account.
  • Correction.You may correct inaccurate personal data through the product’s account settings, or by writing us.
  • Deletion.You may request deletion of your personal account. Note: association data uploaded under a board’s authority is the association’s data, not yours individually; deletion of the association’s data is requested by the association, not by individual users. See section 6.
  • Export.You may export your association’s data — documents, audit log, notices, records — in machine-readable form at any time during the subscription and for 90 days after termination.

Requests go to [email protected]. We respond within 30 calendar days.

6.Retention

  • Active subscription. Association data is retained for the life of the subscription.
  • After cancellation. All association data is retained for 90 days after the end of the paid period to allow export and any disputed-cancellation reinstatement. After 90 days, data is deleted from production systems.
  • Backups. Encrypted backups roll off on a 35-day cycle, so deleted data is fully purged from backups within 35 days of production deletion.
  • Legal hold. If we receive a lawful preservation order or are notified of pending litigation involving the data, we extend retention as required and notify the subscriber unless prohibited by law.
  • Audit logs. Retained for the life of the subscription plus seven years, to support the compliance-evidence purpose of the platform.

7.Children

HOA Rocket is a B2B platform for community associations. Condominium owners and board members are by definition adults. We do not knowingly collect data from anyone under 18. If we learn we have, we delete it.

8.Security

We maintain reasonable administrative, technical, and physical safeguards: encryption in transit (TLS 1.2+), encryption at rest (AES-256), access controls scoped to least privilege, application-level audit logging, and periodic vendor security review. Detailed security practices are documented at /features/security.

If we confirm a breach affecting your association’s data, we notify the subscriber’s billing contact within 72 hours of confirmation. See the DPA at /legal/dpa for the incident-response procedure.

9.Contact

Questions, requests, complaints: [email protected].

Postal: Revis-1 LLC, attn. Privacy, [Address pending], Florida.

10.Updates to this policy

We may update this policy as the product, sub-processor list, or applicable law changes. Material changes — anything that materially expands what we collect, who can see it, or how long we keep it — are notified at least 30 days before they take effect, by email to the account billing contact and by notice in the product. Non-material changes (clarifications, corrections, contact-information updates) are posted with a revised effective date at the top of the page.

We are not your lawyer. This policy describes our practices; it is not legal advice for your association.

Related