Home · Privacy Policy
Terms of Service · Privacy Policy · Security & PCI · Accessibility
Privacy Policy
This Privacy Policy explains how Commonwell ("we", "us") collects, uses, and
shares personal information when you use the Service. For community data,
Commonwell acts as a processor on behalf of each community (the
"controller"); the community decides what data to collect and why.
1. Information we collect
- Account information: name, email, phone, mailing/unit address, role.
- Community content: documents, announcements, requests, violations,
dues and payment records you or your community create.
- Payment metadata: provided by our payment processor (card brand, last four,
payout status). We do not store full card or bank account numbers.
- Usage and device data: IP address, user agent, and log/event data used
to operate, secure, and debug the Service.
2. How we use information
To provide and maintain the Service; process dues and vendor payments; send
transactional and community communications; secure the Service and prevent
abuse; comply with legal obligations; and improve the product.
3. How we share information
- Service providers (sub-processors): our payment processor (payments), our
cloud infrastructure provider (hosting, email, storage, database), Twilio
(optional SMS), Intuit/QuickBooks (optional accounting sync). Each processes
data only to provide its service.
- Your community: administrators of your community can access member data
within that community.
- Legal: where required by law or to protect rights and safety.
- We do not sell personal information.
4. Data retention
We retain personal data for as long as your community account is active and as
needed to provide the Service, then delete or anonymize it, subject to legal and
financial-record retention requirements (e.g., payment/ledger history).
5. Your rights (GDPR / CCPA)
Depending on where you live, you may have rights to access, correct, export, or
delete your personal data, and to object to or restrict certain processing. To
exercise these rights, contact privacy@commonwell.app or your community
administrator. We will respond within the timeframe required by applicable law.
California residents have the rights described in the CCPA, including the right
not to be discriminated against for exercising them.
6. Security
We use encryption in transit, hashed credentials, scoped access, and audit
logging. Payment card data is handled solely by our PCI DSS Level 1 payment
processor. See our Security & PCI page for details.
7. International transfers
The Service runs on a global edge network. Where data is transferred
across borders, we rely on appropriate safeguards as required by law.
8. Children
The Service is not directed to children under 16 and we do not knowingly collect
their personal information.
9. Changes
We may update this Policy; material changes will be notified. The "last updated"
date above reflects the current version.
10. Contact
privacy@commonwell.app
