Privacy Policy

Last updated: March 12, 2026

1. Information We Collect

Account Information

• Email address
• First and last name
• HOA community name
• Mailing address (street, city, state, zip)
• State of residence
• Hashed password (bcrypt)

Photo Data

• Uploaded photo files
• EXIF metadata (GPS coordinates, timestamp, camera info)
• Perceptual image hash (for duplicate detection)

Biometric Data

• Facial recognition embeddings (512-dimensional vectors)
• Face crop images
• Quality metrics (confidence, sharpness, pose)

Vehicle Data

• Vehicle photos uploaded by users
• Automated license plate recognition (OCR) results
• User-provided vehicle descriptions and tags

Usage Data

• IP addresses
• T&C / biometric consent timestamps and versions
• Upload history and disclaimer acceptance records
• Session data and login activity

2. How We Use Your Information

We use collected information solely to:

• Authenticate your account
• Process uploaded photos through our face detection pipeline
• Match faces within your HOA community's database
• Generate color-coded alerts and community awareness notifications
• Process vehicle reports through automated license plate recognition
• Send email notifications about matches, alerts, and account activity
• Maintain audit trails for legal compliance and dispute resolution

3. Data Sharing

We do not share your data with third parties except:

• AWS SES for email delivery (email addresses only)
• As required by valid legal process (see Section 8)

We do not sell biometric data or any personal information.

4. Data Storage & Security

• All data is stored on our private server infrastructure
• Passwords are hashed with bcrypt
• Sessions use secure, HTTP-only cookies scoped to /postwatch
• Database connections use connection pooling with pre-ping health checks
• CSRF protection on all form submissions
• Each HOA community's data is completely isolated at the database level

5. Data Retention

Data is retained for the duration of your account's active participation. You may delete your account and all associated personal data at any time through your Account Settings page. Content assigned to HOAPOST, LLC under our Terms & Conditions may be retained after account deletion. Disclaimer acceptance audit logs and legal compliance records are retained permanently.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access your personal data
• Request correction of inaccurate data
• Delete your account and personal data via Account Settings
• Withdraw consent for biometric processing (by deleting your account)
• Receive information about what data we hold about you

7. Biometric-Specific Privacy

For detailed information about our biometric data practices, including collection methods, consent procedures, storage, retention, accuracy limitations, and your rights, see our Biometric Data Notice.

8. Law Enforcement Requests & Legal Process

HOAPOST, LLC will disclose user data to law enforcement or government agencies only when compelled by valid legal process, which may include:

• Subpoena — for basic account information (name, email, registration date, IP logs).
• Court Order (18 U.S.C. § 2703(d) or equivalent) — for account activity records, upload history, and metadata.
• Search Warrant — for content data including photographs, biometric embeddings, and stored communications.

HOAPOST, LLC requires valid legal process issued by a court of competent jurisdiction before disclosing user data. We will notify affected users of requests for their information unless prohibited by law or court order (e.g., a nondisclosure order under 18 U.S.C. § 2705(b)).

Emergency requests: In cases involving imminent danger of death or serious physical injury (18 U.S.C. § 2702(b)(8) and (c)(4)), HOAPOST, LLC may disclose information to law enforcement without legal process at its sole discretion.

Law enforcement requests should be directed through proper legal channels. HOAPOST, LLC reserves the right to challenge requests it believes are overbroad, legally deficient, or otherwise objectionable.

9. Children's Privacy (COPPA Compliance)

PostWatch is not directed to, designed for, or intended for use by children under the age of 13. HOAPOST, LLC does not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501-6506).

PostWatch requires all users to be at least 18 years of age. By creating an account, you represent and warrant that you are at least 18 years old. If we learn that we have inadvertently collected personal information from a child under 13, we will promptly delete that information and terminate the associated account.

If you believe a child under 13 has created an account or provided personal information through PostWatch, please notify HOAPOST, LLC in writing at P.O. Box 53, Fairburn, GA 30213 so we can take appropriate action.

10. Data Breach Notification

In the event of a security breach that affects your personal data or biometric information, HOAPOST, LLC will:

• Investigate and contain the breach as quickly as reasonably possible.
• Notify affected users within the timeframe required by applicable law, including but not limited to the Georgia Personal Identity Protection Act (O.C.G.A. § 10-1-912), which requires notification in the most expedient time possible and without unreasonable delay.
• Provide notification that includes: the nature of the breach, the types of data affected, steps HOAPOST, LLC is taking in response, and recommended steps users should take to protect themselves.
• Notify applicable state regulatory authorities as required by law.

Given that PostWatch processes biometric data, which is considered sensitive personal information under multiple state statutes, HOAPOST, LLC treats any breach involving biometric data with heightened urgency and response.

11. Service Ownership

PostWatch is a service provided by and wholly owned by HOAPOST, LLC. PostWatch is not a separate legal entity. All data collection, processing, and storage described in this Privacy Policy is performed by HOAPOST, LLC.

12. Changes to This Policy

HOAPOST, LLC reserves the right to update this Privacy Policy at any time. Material changes will be communicated through the platform or via email. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

13. Contact

For privacy inquiries, submit a written request to:
HOAPOST, LLC — P.O. Box 53, Fairburn, GA 30213

Written correspondence is the sole and exclusive method of contact with HOAPOST, LLC.