Privacy Policy

Last updated July 2026.

This policy may be updated from time to time as the service or legal requirements change; when we make a material change we will provide reasonable notice and update the date above, and continued use after an update means you accept the revised policy.

This is the current Privacy Policy that applies to all HOA Library customers. It describes how the HOA Library platform, operated by Navecta LLC ("Navecta"), handles information. Navecta is not a law firm and nothing here is legal advice. Governing law: Arizona.

1. Who we are and our roles

HOA Library is a hosted, access-controlled, full-text-searchable archive that makes a homeowners association's ("the Association") records easy for authorized members to find and view. Two parties handle information:

If you have a question about your records, your account, or a correction, the Association is the right point of contact, and we route requests accordingly (see Section 8).

2. What information we collect

Member account information. Name, email address, and the role assigned to the account (member, board, management-company manager, admin, or deletion authority). Where the Association's authorized roster includes it, an account record may also carry the member's unit or property address and phone number, used to match the account to the roster and to contact the member about the service. Passwords are collected to authenticate you and are stored only as a salted hash, never in plain text; Navecta never sees or retains your plaintext password. Account membership is derived from the Association's authorized roster; being on the roster is what entitles a person to an account.

Documents and record content. The Association's records (governing documents, meeting minutes, financials made available to members, and similar), including the text extracted from them by optical character recognition (OCR) so they can be searched, and AI-generated summaries stored alongside them as a search aid.

Usage and access logs. Records of activity such as logins, document views, searches, AI questions asked, uploads, publish actions, and administrative actions, together with timestamps and account identifiers. These logs support security, the records-integrity and audit story the Association relies on, rate limiting, and troubleshooting. Standard server-side technical data (such as IP address and request metadata) is processed by our hosting provider to deliver and protect the service.

We do not ask for and do not intend to collect Social Security numbers, government ID numbers, or payment-card numbers from members through this platform. Each Association decides which records it loads; where an Association loads only member-viewable records, confidential and executive-session material is kept in its other systems and is not placed in the archive. Where a member-viewable record may still contain personal information, the platform provides a "sensitive" flag and a keyword/pattern PII scan to help administrators restrict that record (see Section 5).

HOA-authorization verification documents (self-serve signup). When someone signs up to create an Association's account through our public self-serve signup, before the account is unlocked for real data we ask them to upload documents that show they are authorized to represent that Association (for example a state corporation-commission officer filing or annual report, a management-company authorization letter, or board minutes or resolution). We collect these solely to confirm the submitter's authority to set up and administer that Association's account.

These verification documents are not part of the Association's member archive: they are stored in a restricted, access-controlled location separate from the records archive, are never shown to members or to any other Association, and can be viewed only by Navecta's review staff, through short-lived, purpose-limited links, for the purpose of the authorization review. We keep only the decision metadata (who reviewed it, when, and the outcome) for our audit records, and we delete the uploaded verification documents within 30 days after the verification is decided (approved or rejected).

3. Why we collect it and how it is used

We use the information above only to operate the service for the Association:

We do not use member data for advertising, and we do not build advertising profiles.

4. We do not sell or share your data

Navecta does not sell member data, and does not share it for any party's marketing or advertising. We do not trade, rent, or monetize member or record data. We disclose information only:

5. How we protect it (security)

Navecta applies defense-in-depth on enterprise-grade infrastructure:

Honest limits. No internet-connected system can be guaranteed completely impervious. The platform runs on Cloudflare's certified, enterprise-grade infrastructure, but the HOA Library application itself has not yet undergone an independent third-party security audit or certification (for example SOC 2, ISO 27001, or HIPAA), and we do not claim those certifications. A pre-launch security hardening pass was completed, and Navecta is prepared to support a further independent security review; we apply industry-standard safeguards to keep risk at a reasonable level.

6. Third-party processors

We rely on a small number of vetted providers, used only to deliver the service:

These providers process data under their own terms and contractual commitments and only to provide their service to us. No other sub-processors are used; if one is added, this section will be updated and the Association informed.

7. Data retention

8. Your rights (access, correction, deletion)

Because the Association is the controller of its records and account roster, requests are routed appropriately:

We will not unilaterally alter or delete the Association's records in response to a member request; such matters are decided by the Association under its policies and applicable law.

9. Cookies and sessions

The platform uses a session mechanism (a cookie or equivalent token) solely to keep you logged in and to operate the service securely. We do not use third-party advertising or cross-site tracking cookies.

10. Children's data

The service is intended for adult homeowners and authorized Association members and is not directed to children. We do not knowingly collect personal information from children under 13. The platform is not a children's service.

11. Breach notification

If Navecta becomes aware of a confirmed security breach affecting the Association's data, Navecta will notify the Association without undue delay, and within 72 hours of confirming a breach, with the information reasonably available, and will support the Association in meeting any notification obligations it owes its members under applicable state law (for an Arizona Association, A.R.S. Sec. 18-552) and other applicable law. The Association, as controller, is responsible for notifications it must make to affected individuals.

12. Changes to this policy

We may update or modify this Policy from time to time as the service or legal requirements change. We will provide reasonable notice of material changes through the Association, the effective date above will be updated, and continued use of the service after an update constitutes acceptance.

13. Contact


This is Navecta LLC's current published Privacy Policy and may be revised. Navecta LLC is not a law firm and this is not legal advice.