Privacy Policy

Last updated: April 13, 2026

Table of Contents
  1. Information We Collect
  2. How We Collect Information
  3. How We Use Your Information
  4. Third-Party Services
  5. No Sale of Personal Information
  6. Your Rights Under the CCPA
  7. Data Retention
  8. Cookies
  9. Children's Privacy
  10. Security Measures
  11. Changes to This Policy
  12. Contact Information

This Privacy Policy describes how Issue-Monkey (issue-monkey.org) collects, uses, and protects your personal information. Please also review our Terms of Service.

1. Information We Collect

We collect the following categories of personal information:

Category Examples
Account information Name, email address, profile photo (if provided via OAuth)
Property contacts Name, email address, phone number, mailing address of property owners and residents
Issue data Issue descriptions, photos, GPS coordinates, timestamps
Billing information Managed by Stripe; we do not store credit card numbers
Usage data Session information for authentication purposes
2. How We Collect Information

We collect personal information through the following methods:

  • Account registration: When you create an account with an email address or through an OAuth provider (such as Google Sign-In)
  • User input: When you create issues, add notes, upload photos, or enter property and contact details
  • CSV import: When administrators import property and contact data in bulk via CSV file upload
  • OAuth providers: When you sign in with Google, we receive your name, email address, and profile photo from Google
  • Automatic collection: Session identifiers for authentication when you use the service
3. How We Use Your Information

We use collected information to:

  • Provide the service: Display issues, properties, contacts, and maps within your HOA community
  • Send notifications: Deliver email notifications about issue updates, user invitations, and account activity via SendGrid
  • Generate AI violation notices: Process issue data through OpenAI to generate draft violation notice text for board review
  • Geocode addresses: Convert property addresses to map coordinates using Google Maps APIs
  • Process payments: Manage subscriptions and billing through Stripe
  • Improve the service: Understand usage patterns to fix bugs and add features
4. Third-Party Services

We share limited personal information with the following third-party service providers, solely to operate the service:

Provider Purpose Data Shared
Stripe Payment processing and subscription management Email address, billing details
SendGrid Transactional email delivery Email addresses, user names (in email content)
Google Maps Address geocoding and map display Property addresses
OpenAI AI-generated draft violation notices Issue descriptions, property addresses, violation details

Each third-party provider is governed by their own privacy policy. We do not authorize these providers to use your data for any purpose other than providing their service to us.

5. No Sale of Personal Information

We do not sell your personal information. Issue-Monkey has never sold personal information and has no plans to do so. We do not share your data with third parties for their own marketing purposes.

6. Your Rights Under the California Consumer Privacy Act (CCPA)

If you are a California resident, you have the following rights under the CCPA:

  • Right to Know: You have the right to request that we disclose what categories and specific pieces of personal information we have collected about you, the sources of that information, the business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request the deletion of your personal information that we have collected. Upon receiving a verified request, we will delete your information unless an exception applies.
  • Right to Opt-Out of Sale: Because we do not sell personal information, this right is not applicable. However, you may still submit a request and we will confirm that no sale of your data has occurred.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, quality of service, or access based on exercising your privacy rights.
How to Exercise Your Rights

To submit a CCPA request, contact us at [email protected]. We will verify your identity before processing your request. We will respond to verifiable requests within 45 days. If we need additional time, we will notify you of the extension and the reason for it.

You may also designate an authorized agent to make a request on your behalf. The authorized agent must provide proof of authorization.

7. Data Retention

We retain your personal information according to the following schedule:

  • Active accounts (paid subscription): Data is retained for as long as the account is active and the subscription is current.
  • Expired trials (no subscription): After the 90-day trial expires, data remains accessible in read-only mode for 90 days.
  • Archived data: After the 90-day grace period, data is archived and retained for 1 year.
  • Permanent deletion: After the 1-year archival period, all data is permanently deleted and cannot be recovered.

You may request early deletion of your data at any time by contacting [email protected].

8. Cookies

Issue-Monkey uses a single session cookie for authentication purposes. This cookie identifies your login session and is required for the service to function.

We do not use:

  • Tracking cookies
  • Third-party analytics cookies
  • Advertising cookies
  • Cross-site tracking technologies
9. Children's Privacy

Issue-Monkey is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at [email protected].

10. Security Measures

We take the security of your data seriously and implement the following measures:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
  • Password hashing: User passwords are hashed using bcrypt and are never stored in plain text.
  • Tenant data isolation: Each HOA community's data is logically isolated. Users can only access data belonging to their own community.
  • Secure credential storage: API keys and database credentials are stored in environment variables, not in source code.
  • Prepared statements: All database queries use parameterized prepared statements to prevent SQL injection.

While we strive to protect your personal information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice within the service at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Information

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at: