Legal

Privacy Policy

Last updated: May 2026

This Privacy Policy describes how ManagedWell ("we", "us", "our") collects, uses, and protects information when you use our HOA and property management platform.

Plain English summary: We collect what we need to run your HOA on our platform — names, emails, addresses, financial info you choose to share. We don't sell your data. We use a small number of trusted vendors (database, hosting, payments, AI) to make the product work, listed below.

What We Collect

Account Information

When you create an account, we collect your name, email address, password (stored hashed, never plaintext), phone number (optional), and your role in the community.

HOA / Property Information

If you register a community or property, we collect its name, address, unit count, board structure, and any documents, announcements, or financial records you choose to upload or enter.

Bank Account Information (via Plaid)

If you choose to connect a bank account, we use Plaid Inc. to make that connection securely. Plaid is a financial-data network used by thousands of fintech apps. You authenticate directly with your bank inside Plaid's interface — your bank username and password are never seen by ManagedWell.

Once connected, Plaid gives us a read-only access token that lets us request, on your behalf:

Account name, type (checking / savings), and the masked last 4 digits of the account number
Current and available balances
Transaction history (date, amount, merchant name, category)
Notifications when there are new transactions or when the connection needs to be re-authenticated

Plaid is read-only: ManagedWell cannot move money in or out of any connected bank account. We do not use Plaid for Auth, Identity, Income, or Assets products. You can disconnect any bank account at any time from HOA Portal → Admin → Banking or Rental Portal → Property Settings; doing so revokes Plaid's access token immediately and deletes the local copy.

Plaid's collection and use of your information is governed by Plaid's End User Privacy Policy.

Payment Information

Subscription payments and any owner-paid dues processed through the platform are handled by Stripe. Stripe is PCI DSS Level 1 certified. ManagedWell never sees or stores full card numbers, CVV codes, or bank account/routing numbers.

AI Assistant Conversations

When you use the AI assistant, your questions and the AI's responses are logged so the assistant can maintain conversational context. Your community's documents are used to generate context-aware answers but are not used to train the underlying AI model.

Usage Data

We collect basic usage information (IP address, browser type, pages visited) to operate the service securely and improve the product.

How We Use Your Information

Operating the platform: storing your community's data, processing payments, sending notifications
Improving the product: understanding how users interact with features
Security: detecting fraud, unauthorized access, and abuse
Communications: sending account-related emails and product updates (you can opt out of non-essential emails)

Who We Share Information With

We share information only with vendors necessary to operate the service:

Supabase — Postgres database, file storage, and realtime infrastructure (SOC 2 Type 2)
Vercel — application hosting (SOC 2 Type 2)
Anthropic — AI assistant "Ernie", powered by Claude (SOC 2 Type 2; commercial-tier API — Anthropic does not train on your data)
Plaid — read-only bank balance and transaction data (SOC 2 Type 2, ISO 27001). Plaid End User Privacy Policy
Stripe — subscription billing and ACH/card processing (SOC 1, SOC 2, PCI DSS Level 1)
Resend — transactional email — invites, password resets, announcements (SOC 2 Type 2)
Google — document storage integration (when enabled by your community)

We do not sell your information to third parties. We do not share your data for advertising purposes.

Data Retention

We retain your data while your account is active. If you close your account, we will delete or anonymize your personal information within 90 days, except where we are required to retain it for legal, accounting, or security purposes.

Your Rights

You have the right to:

Access the personal information we hold about you
Correct inaccuracies in your data
Request deletion of your account and personal data
Export your data in a portable format
Object to certain uses of your data
Disconnect any connected bank account at any time — doing so revokes the Plaid access token immediately and deletes our local copy of the bank metadata + transaction history scoped to that connection

To exercise these rights, contact us at hello@managedwell.ai. We respond to deletion requests within 30 days.

Security

We protect your data with industry-standard security measures: encrypted connections (TLS), hashed passwords (bcrypt), database-level access controls, and least-privilege service accounts. No system is perfectly secure, but we work to protect your information at every layer.

Children's Privacy

ManagedWell is not directed to children under 13. We do not knowingly collect information from children. If we learn we have collected information from a child under 13, we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify users by email and update the "Last updated" date at the top of this page.

Contact Us

Questions about privacy? Email hello@managedwell.ai.