Privacy Policy

Working draft, last updated 2026-05-02

1. Who we are

HOA Notes is a California focused real estate disclosure analysis service operated by Craig Kokesh. The service reads California Homeowners Association (HOA) disclosure packets, generates a buyer brief, and delivers it to the requesting real estate agent or buyer. Contact: hello@hoanotes.com.

2. What we collect

• Contact information you give us when requesting a brief or signing up for the pilot: name, email address, brokerage affiliation, phone (optional), Multiple Listing Service (MLS) identifier (optional).
• Payment information processed through our payment provider (Stripe). HOA Notes never sees or stores full card numbers; Stripe handles tokenization end to end.
• Disclosure packet content you upload for analysis. This is the document set provided by the seller or the seller's agent under California Civil Code section 4525. We process the packet, generate a brief, and retain the source files for the period described under "Retention" below.
• Service usage data: timestamps, packet sizes, processing duration, error logs. Used to operate and improve the service.
• Cookies and similar technologies: a session cookie for the request flow. No cross site tracking, no advertising trackers, no third party analytics that share data outside HOA Notes.

3. How we use it

• Generate the buyer brief, red flag list, and agent talking points you requested.
• Deliver the brief to the email address you provide.
• Bill you for the service through Stripe.
• Improve the service: anonymized aggregate metrics on packet types, common red flags, processing time. Specific packet contents are not used to train third party Artificial Intelligence (AI) models.
• Communicate with you about your request, billing, or major service changes.

4. Service providers we share with

HOA Notes uses a small set of vendor services to operate. We share only the minimum data required for each.

• Anthropic: the underlying language model service used to read the packet and draft the brief. Packet text is sent to Anthropic for processing. Anthropic's policy on customer data is at anthropic.com/legal/privacy.
• Cloudflare: web hosting, content delivery, and Distributed Denial of Service (DDoS) protection.
• Railway: backend processing infrastructure for the analysis pipeline.
• Stripe: payment processing.
• Resend: transactional email (brief delivery, billing receipts).
• HubSpot: customer relationship records (your contact info, your active brief requests).
• Sentry: error monitoring (technical error context, not packet content).

We do not sell your personal information. We do not share your information with advertising networks. We do not enable cross site or cross device tracking.

5. Retention

• Source disclosure packets: 90 days after delivery, then deleted. You may request immediate deletion at any time.
• Generated briefs: 24 months after delivery, so you can re access them via the link we sent. After that, deleted.
• Contact records: while you have an active subscription or for 24 months after your last paid brief, whichever is longer.
• Billing records: 7 years to comply with California and federal tax recordkeeping requirements.

6. Your California rights (CCPA and CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) give you the following rights:

• Right to know: ask us what personal information we have about you.
• Right to delete: ask us to delete your personal information.
• Right to correct: ask us to correct inaccurate personal information.
• Right to limit use of sensitive personal information: HOA Notes does not knowingly collect sensitive personal information as defined under CPRA, but you may still exercise this right.
• Right to opt out of sale or sharing: HOA Notes does not sell or share personal information for cross context behavioral advertising.
• Right to non discrimination: we will not deny service, charge a different price, or provide a different level of service because you exercised any of these rights.

To exercise any of these rights, email hello@hoanotes.com with the request type. We will respond within 45 days.

7. Security

Transport encryption (HTTPS) end to end. At rest encryption on all storage providers. Two factor authentication on every operator account. Quarterly review of vendor access. We are a small operation, so security posture is hands on rather than ISO certified; if your brokerage requires a Service Organization Control 2 (SOC 2) report or equivalent, contact us before contracting.

8. Children

HOA Notes is a business to business service for licensed California real estate agents and their clients. We do not knowingly collect personal information from anyone under 16.

9. Changes

Material changes to this policy will be announced by email to active customers at least 30 days before they take effect. The effective date at the top of this page tracks revisions.

10. Contact

Questions, requests, complaints: hello@hoanotes.com.