Privacy Policy
Effective June 27, 2026 · Last updated June 27, 2026
This Privacy Policy explains how Boffo Digital, LLC ("Community Portal," "we," "us," or "our") collects, uses, discloses, and safeguards information when you use the Community Portal websites at communityportal.co and app.communityportal.co and related services (together, the "Service"). By using the Service, you agree to the practices described here.
Who this applies to
The Service is intended for community-association board members, officers, property managers, and their authorized users. It is not directed to children, and we do not knowingly collect personal information from anyone under 16.
Information we collect
- Account information — name, email address, role, association affiliation, and authentication credentials when you register or are invited to an account.
- Association records you provide — the documents, meeting records, financial summaries, compliance details, and related content you and your association upload or generate in the Service. You control this content.
- Billing information — subscription plan and payment status. Card payments are processed by our payment provider (Stripe); we do not store full card numbers.
- Usage and device information — log data, IP address, browser and device type, and interactions with the Service, used to operate, secure, and improve it.
- Cookies and similar technologies — see Cookies & analytics.
Google user data (Google Calendar integration)
If you choose to connect your Google account, we request access to your Google Calendar so the Service can keep your association's meetings — board meetings, owner meetings, budget hearings, and their statutory notice deadlines — in sync between Community Portal and your calendar. We request the narrowest scope needed for this feature.
- What we access — calendar events we create or manage on your behalf for association meetings and deadlines. We do not request access to your Gmail, Drive, contacts, or other Google services.
- How we use it — solely to create, read, update, and remove the calendar events associated with your association's meetings and compliance deadlines, at your direction.
- What we don't do — we do not use Google user data for advertising, we do not sell it, and we do not transfer it to third parties except as needed to provide this feature or as required by law.
- Limited Use — Community Portal's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
- Revoking access — you can disconnect the integration in your account settings at any time, and you can revoke Community Portal's access directly from your Google Account permissions. Revoking access stops future syncing; events already written to your calendar remain until you remove them.
How we use information
- To provide, maintain, and secure the Service and your account.
- To generate compliance dashboards, snapshots, reviewer links, and related outputs from the records you provide.
- To process subscriptions and send service, security, and transactional messages.
- To respond to support requests and improve the Service.
- To comply with legal obligations and enforce our terms.
How we share information
We do not sell your personal information. We share it only:
- With service providers (subprocessors) who operate the Service under contract — for example, cloud hosting and document storage (Amazon Web Services), payment processing (Stripe), and the Google Calendar integration you enable. They may process data only on our instructions.
- Within your association — content is visible to the authorized users of your account according to their roles.
- For legal reasons — when required by law, to protect rights and safety, or in connection with a corporate transaction, with notice where appropriate.
Where we store data and how we protect it
Documents and records are stored using Amazon Web Services in the United States. We use encryption in transit and at rest, access controls, and tenant isolation so each association's data is kept separate. No method of storage or transmission is perfectly secure, but we work to protect your information using commercially reasonable safeguards.
Data retention
We retain account and association records for as long as your account is active and as needed to provide the Service. After account closure we retain data for a limited period to meet legal, accounting, and dispute-resolution needs, then delete or anonymize it. You may request deletion as described below.
Your choices and rights
- Access, correct, or export the information in your account.
- Request deletion of your account and associated personal data, subject to legal retention.
- Disconnect the Google Calendar integration and revoke access at any time.
- Manage cookie and analytics preferences (see below).
To exercise any of these, contact us at hello@communityportal.co.
Cookies & analytics
We use essential cookies to operate the Service and may use privacy-respecting analytics to understand usage. Where required, analytics and non-essential cookies load only with your consent, and you can decline them without losing access to core functionality.
Changes to this policy
We may update this policy as the Service evolves or as the law requires. We'll revise the "Last updated" date above and, for material changes, provide a more prominent notice.
Contact us
Questions about this policy or your data? Email hello@communityportal.co or write to us at privacy@communityportal.co.
This document is provided for general information and is not legal advice.