Privacy Policy · Strawberry Station HOA

1. Who we are

This website is operated by the volunteer board of the Strawberry Station Homeowners Association (SSHOA), located in Moncks Corner, South Carolina. We use this site to publish announcements, share the calendar of community events, gather neighbor input on items the board has opened for comment, and conduct internal board business. We are not a commercial business and we do not sell products or services through this site.

2. Information we collect

From visitors to the public homepage, we collect only:

Standard server access logs (IP address, user-agent, requested URL, timestamp), retained for up to 30 days for operational and security purposes
Page-level usage measurements (counts only — no individual tracking, no advertising cookies)

From board members who sign in, we additionally collect:

Email address (used as your sign-in identifier)
A securely hashed password (we never store or see your plaintext password)
Display name and the role you hold on the board
Records of opinions / votes you cast on items, with timestamp
Records of posts and items you author, with timestamp

3. How we use your information

We use the information above only for:

Authenticating board members and authorizing access to internal areas
Recording board sentiment and posting board-authored content for the wider HOA
Notifying board members by email when a new item opens for board comment or vote
Maintaining an audit trail of who took what action on the site
Diagnosing and protecting against abuse (security logs)

We do not use your information for advertising, profiling, or third-party marketing. We do not sell or rent any information to anyone.

4. Third-party services

This site is built on Google Cloud Platform infrastructure. The third parties that necessarily process information on our behalf are:

Google Cloud (Firebase Authentication, Firestore, Cloud Run, Cloud Storage) — hosts the website, stores account data and content, and enforces sign-in security. Governed by the Firebase Privacy Statement and Google Cloud's Data Processing Addendum.
Google Gmail SMTP — used to deliver outbound notification emails (e.g. "a new item is open for board comment") to board members. Email contents are not retained by the SMTP relay beyond delivery.

No other third parties have access to your information.

5. Cookies & local storage

The site does not set tracking cookies. Firebase Authentication stores a small sign-in token in your browser's local storage so you don't have to log in every time you visit the board area. That token is set only after you successfully sign in and you can clear it at any time by signing out or by clearing site data in your browser settings.

6. How we protect information

All traffic to and from this site is encrypted with TLS
Passwords are hashed using Firebase's industry-standard scrypt implementation; nobody — including the board — can read your plaintext password
Database access rules deny all reads and writes by default; we explicitly grant only the access that each role actually needs
The board is a small group of volunteers; board members may see board-internal content (other members' votes, draft posts, etc.) by virtue of being on the board

7. Your rights

You can:

Ask the board to show you what information we have about you
Ask us to correct anything that's wrong
Ask us to delete your account and the personal data tied to it (we may need to keep an anonymized record of votes you cast for the integrity of the board's audit trail)
Opt out of email notifications at any time

8. Children

This site is intended for adult homeowners and board members. We do not knowingly collect information from children under 13.

9. Changes to this policy

If we make material changes to this policy we will post the updated version here and update the "Last updated" date at the top.

10. Contact

Questions, requests, or complaints about this policy can be sent to the board at the address on the Contact page.