Privacy Policy

This Privacy Policy describes how RootLabs I.T. Services ("RootLabs," "we," "our," or "us") handles your personal information when you use HOAnderful, our homeowner association management platform (the "Platform" or "Service").

We are committed to protecting your privacy and ensuring transparency about our data practices. By using HOAnderful, you acknowledge and accept the practices described in this policy.

1. Information We Collect

To provide our homeowner association management services, we collect various types of information:

2. How We Use Your Information

RootLabs uses your information for the following purposes:

• Service Delivery: To operate the HOAnderful platform, manage your account, and enable core features including fee tracking, payment processing, announcements, and community boards.
• Identity Verification: To confirm your membership status within your HOA and ensure only authorized users access community-specific data.
• Financial Operations: To facilitate HOA fee payments, generate billing statements, track payment history, and maintain accurate financial records for your association.
• Communication: To deliver important community announcements, system notifications, billing reminders, and respond to your support inquiries.
• Platform Improvement: To analyze usage patterns, identify technical issues, develop new features, and enhance overall user experience.
• Security and Compliance: To detect and prevent fraudulent activity, enforce our terms of service, protect against security threats, and comply with applicable laws and regulations.
• Legal Obligations: To maintain records as required by Philippine law and respond to valid legal requests from authorities.

3. Information Sharing and Disclosure

We never sell, rent, or trade your personal information to third parties. However, we may share your data in the following limited circumstances:

4. Data Retention and Storage

We retain your personal information for different periods depending on the type of data and its purpose:

• Active Account Data: Your account information and community records are retained while your HOA maintains an active subscription and for 30 days after subscription termination to allow for data export.
• Financial Records: Payment history and transaction records are retained for a minimum of 7 years to comply with Philippine accounting and tax regulations.
• Technical Logs: System logs and usage data are typically retained for 90 days for security monitoring and troubleshooting purposes.
• Deleted Accounts: Upon account deletion request, we anonymize or delete personal data within 90 days, except where longer retention is required by law.

All data is stored on secure servers located in data centers that comply with industry security standards. We implement encryption for data in transit and at rest.

5. Security Measures

We take data security seriously and implement multiple layers of protection:

• Encryption: All data transmitted between your device and our servers is encrypted using industry-standard TLS/SSL protocols. Sensitive data is also encrypted when stored in our databases.
• Access Controls: We enforce strict role-based access controls, requiring strong passwords and limiting data access to only those who need it to perform their duties.
• Security Monitoring: Our systems are continuously monitored for suspicious activity, unauthorized access attempts, and potential security vulnerabilities.
• Regular Audits: We conduct periodic security assessments and code reviews to identify and address potential weaknesses.
• Data Isolation: Each HOA's data is logically isolated from other communities using multi-tenant architecture with strict separation controls.

While we implement robust security measures, no system is completely secure. We encourage you to use strong, unique passwords and report any suspicious activity immediately.

6. Your Privacy Rights

Under the Data Privacy Act of 2012 (Republic Act No. 10173) of the Philippines, you have specific rights regarding your personal information:

• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Rectification: You can request correction of inaccurate or incomplete personal data.
• Right to Erasure: You may request deletion of your personal information, subject to legal retention requirements.
• Right to Object: You can object to certain types of data processing, including direct marketing.
• Right to Data Portability: You can request your data in a structured, machine-readable format for transfer to another service.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
• Right to File a Complaint: You may lodge a complaint with the National Privacy Commission if you believe your rights have been violated.

To exercise any of these rights, please contact our Data Protection Officer at [email protected]. We will respond to your request within 15 days, as required by law. Some requests may require identity verification for security purposes.

7. Children's Privacy

HOAnderful is designed for use by adults (18 years and older) who are homeowners, tenants, or authorized HOA representatives. We do not intentionally collect personal information from minors under 18 years of age. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly. Parents or guardians who believe we may have collected information from a minor should contact us immediately at [email protected].

8. Cookies and Tracking Technologies

HOAnderful uses cookies and similar technologies to enhance your experience and analyze platform usage:

• Essential Cookies: Required for authentication, security, and basic platform functionality. These cannot be disabled.
• Functional Cookies: Remember your preferences and settings to improve your experience.
• Analytics Cookies: Help us understand how users interact with the platform to identify improvements.

Upon your first visit, you will see a cookie consent banner where you can choose which categories of cookies to allow. Essential cookies are always active as they are necessary for platform operation. Analytics and functional cookies are only set with your explicit consent. You can change your preferences at any time through the cookie preferences panel.

9. Data Breach Notification

In the event of a data breach or security incident involving your personal information, we comply with the requirements of Section 20(f) of the Data Privacy Act of 2012 (RA 10173) and NPC Circular No. 16-03:

• NPC Notification: We will notify the National Privacy Commission within 72 hours of becoming aware of a breach involving sensitive personal information or when reasonably likely to affect the data subject's rights.
• Data Subject Notification: Affected data subjects will be promptly informed about the nature of the breach, the categories of data involved, the remedial measures taken, and steps they should take to protect themselves.
• Internal Escalation: Security incidents are logged, investigated, and tracked through our Security Incident Management System with designated escalation procedures.

If you suspect a security incident or data breach involving your HOAnderful account, please contact our Data Protection Officer immediately at [email protected].

10. Updates to This Privacy Policy

We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Effective Date" at the top of this page and, where appropriate, sending an email notification to the address associated with your account. We encourage you to review this policy periodically. Your continued use of HOAnderful after changes are posted constitutes your acceptance of the updated policy.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: