CommunoApp Privacy Policy
CommunoApp is a community management platform operated by ClaretCode Technologies LLC, a limited liability company registered in Carlisle, Pennsylvania, USA ("CommunoApp," "we," "us," "our"). This Privacy Policy explains what personal information we collect, how we use and share it, how long we keep it, and what rights and choices you have. By creating an account or using the Services, you acknowledge that you have read and understood this Privacy Policy.
1. Scope
This Policy applies to:
- CommunoApp mobile applications (iOS and Android)
- CommunoApp web applications and admin portals
- CommunoApp backend APIs and hosted services
- All platform features: community feeds, events, amenities, services marketplace, chat and messaging, notifications, polls, emergency alerts, and account management
It does not apply to third-party websites, applications, or services linked from or integrated with the platform. Those services have their own privacy policies.
2. Information We Collect
2.1 Account and Profile Data
When you create an account and build your profile, we collect:
- Identity information: first name, last name, username, email address, phone number (and country code)
- Credentials: password (stored as a cryptographic hash — never in plaintext)
- Profile data: profile photo, bio, hometown, current city, street address, city, state, ZIP/postal code, country, birthday, gender, and personal preferences (e.g., dietary preferences)
2.2 Community Content and Activity
When you participate in communities, we collect and store:
- Posts, comments, and reactions you submit to community feeds
- Polls you create or vote in, and your responses
- Event RSVPs (including guest counts) and activity sign-up commitments
- Potluck and volunteer commitments associated with events
- Content moderation and report submissions
- Your community membership records (which communities you have joined and your role within each)
2.3 Services Marketplace Data
When you use the Services Marketplace (as either a Provider or a Customer):
- Provider listings: service name, description, location or service area, contact information, photos, pricing, unit types, availability status, and items or packages
- Service requests: item selections, quantities, preferred date and time, special requirements, and contact details
- Request status and history: the lifecycle of each request (Pending, Accepted/In Progress, Declined, Completed)
- In-request chat messages: messages exchanged between a Provider and a Customer within a specific service request thread
- Ratings and reviews: star ratings and written review text you submit about a Provider or service
2.4 Chat and Messaging Data
When you use the in-app chat and community messaging features:
- Message content (text, and any media shared in chat)
- Message timestamps and read/delivery metadata
- Real-time presence signals (e.g., online status and typing indicators) powered by our real-time infrastructure (SignalR)
Chat messages are stored to enable conversation continuity. Presence signals (online/typing) are transient and are not permanently stored.
2.5 Event, Amenity, and Activity Data
- Event details you create (title, description, location, date/time, recurrence settings, fees, cover image, potluck categories and items, activity items, and volunteer roles)
- Amenity booking records (which amenity, booked by whom, date/time, and booking notes)
- Activity and volunteer sign-up records associated with events
2.6 Media and Uploaded Files
When you upload images or files, we store profile photos, event cover images, service listing images, and any other media attached to posts or community content. Media files are stored in cloud object storage (currently Microsoft Azure Blob Storage).
2.7 Ratings and Reviews
Reviews you submit for service providers are associated with your account and are visible to other members of the relevant Community. We store the rating score, review text, and submission timestamp.
2.8 Notification and Alert Data
- Push notification subscription tokens and device registration identifiers
- Notification preferences (opt-in/opt-out settings per notification type)
- Notification delivery metadata (timestamps, delivery status)
- Emergency alert records created and sent by Community Admins
2.9 Technical and Device Data
We automatically collect: device type, operating system, and version; app version and platform; browser type and user agent; IP address; approximate geolocation derived from your IP address (city/region/country level); app interaction events and feature usage metadata; and request identifiers, correlation IDs, and error logs.
2.10 Security and Authentication Logs
For every login, registration, and sensitive account action we log: event type (e.g., login success, login failure, password reset), outcome, timestamp, IP address, approximate location derived from IP, and request path, method, and correlation ID. These logs are used for security monitoring, incident investigation, and fraud prevention.
2.11 Support and Feedback Data
- In-app feedback content and any supporting details you provide
- Support request communications
3. How We Use Your Information
We use the information we collect to:
- Provide and operate the platform — run all platform features, process account creation and authentication, deliver community and marketplace functionality
- Enable community and social interactions — display your profile, posts, event RSVPs, service listings, and other community activity to relevant community members and admins
- Facilitate the Services Marketplace — connect Providers and Customers, display service listings, manage request workflows and status, enable in-request messaging, and display ratings and reviews
- Deliver notifications and alerts — send push notifications, emergency alerts (as configured by Community Admins), event reminders, and service request updates
- Maintain real-time features — power live chat, presence indicators, and SignalR-based messaging
- Maintain security and prevent abuse — detect suspicious activity, investigate incidents, enforce our Terms and Conditions, and prevent fraud
- Improve the platform — analyze usage patterns, diagnose errors, and improve reliability and performance
- Fulfill legal and contractual obligations — comply with applicable laws, respond to legal requests, enforce our policies, and protect our legal rights
- Respond to support requests — address your questions, feedback, and support submissions
5. Community Administrator Access
Community Admins play a significant role in how data within their Community is managed and visible. Within their Community, Admins can:
- View member profiles, roles, and membership status
- See posts, comments, event RSVPs, amenity bookings, and service listings created within their Community
- Receive reports about content or members
- Enable or disable platform features for their Community
- Remove members, content, or service listings from their Community
- Send emergency alerts to all community members
- Link their Community to another Community
Community Admins are bound by these Terms and Conditions and this Privacy Policy in their use of any member data they can access through the platform. However, Community Admins operate their communities independently of ClaretCode Technologies LLC, and CommunoApp is not responsible for a Community Admin's use of information outside the platform.
6. Data Visibility Summary
| Type of Data | Visible to Other Members | Visible to Admin | Visible to CommunoApp |
|---|---|---|---|
| Name, photo, bio | Yes | Yes | Yes (operational) |
| Email address | No | No | Yes |
| Phone number | No | No | Yes |
| Address fields | No | No | Yes |
| Birthday, gender | No | No | Yes |
| Posts, comments | Yes | Yes | Operational access |
| Event RSVPs | Event organizers and members | Yes | Operational access |
| Service listings | Yes | Yes | Operational access |
| Service request details | Provider and Customer only | Limited (moderation) | Operational access |
| In-request chat | Provider and Customer only | No | Operational access |
| Amenity bookings | No | Yes | Operational access |
| Ratings and reviews | Yes | Yes | Operational access |
| Private chat messages | Chat participants only | No | Operational access |
| Push notification token | No | No | Yes (delivery) |
7. Children's Privacy
CommunoApp requires users to be at least 13 years of age to create an account, consistent with the US Children's Online Privacy Protection Act (COPPA) and our Terms and Conditions.
- We do not knowingly collect personal information from children under the age of 13.
- If a user is between 13 and 18 years of age, we require parental or guardian consent per our Terms.
- If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will promptly delete that information and terminate the account.
- If you are a parent or guardian and believe your child under 13 has created an account, please contact us at info@claretcode.com.
8. US State Privacy Rights
Depending on the US state where you reside, you may have specific privacy rights under applicable state law:
- California (CCPA/CPRA): California residents have the right to know what personal information we collect, use, and disclose; the right to delete personal information; the right to correct inaccurate personal information; the right to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising); and the right to non-discrimination for exercising these rights. California residents may submit requests to info@claretcode.com.
- Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and similar state laws: Residents of these states may have rights to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of profiling and targeted advertising. We do not conduct targeted advertising. Contact us to exercise your rights.
- Pennsylvania: Pennsylvania does not currently have a comprehensive consumer data privacy law, but we apply the rights described above to all US users where feasible.
We will respond to verified privacy rights requests within the timeframes required by applicable law. To submit a request, contact info@claretcode.com with "Privacy Request" in the subject line. We may need to verify your identity before processing your request.
9. Legal Bases for Processing (GDPR/UK GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data on the following legal bases:
- Contract performance — to provide the Services you have signed up for and fulfill our obligations to you
- Legitimate interests — to operate and improve the platform, maintain security, detect and prevent fraud and abuse, and protect the rights of our users and ClaretCode Technologies LLC, where these interests are not overridden by your rights
- Consent — where required by law (e.g., for certain cookies or marketing communications)
- Legal obligation — to comply with applicable laws and regulations
You may have the right to object to or restrict processing based on legitimate interests. Contact us at info@claretcode.com to submit such requests.
10. International Data Transfers
CommunoApp is operated from the United States. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States and in any country where our service providers operate. The United States may not have the same level of data protection as your home country. Where required by applicable law (such as GDPR), we use appropriate safeguards for international transfers, including Standard Contractual Clauses or other lawful mechanisms.
11. Data Retention
We retain your information for as long as: you have an active account and use the Services; necessary to provide the Services and operate community features; necessary to satisfy legal, tax, accounting, and regulatory obligations; or necessary to resolve disputes, enforce agreements, and protect our legal rights.
| Data Type | Retention |
|---|---|
| Account and profile data | Retained while account is active; deleted on verified account deletion request, subject to legal holds |
| Community content (posts, events, RSVPs) | Retained while the Community is active; may be removed if the Community is deleted by the Admin |
| Chat messages | Retained while conversation participants have active accounts; subject to applicable law |
| Service request records | Retained for a reasonable period to support dispute resolution (typically 2 years) |
| Ratings and reviews | Retained while the associated community is active |
| Security and authentication logs | Typically 90 to 365 days, or longer where required for incident response or legal obligations |
| Media files (images/uploads) | Retained while associated content or account is active |
| Support and feedback records | Retained for a reasonable period to support our operations (typically 1 to 3 years) |
When you delete your account, we will delete or anonymize your personal information within a reasonable time period, except where retention is required by law or for legitimate legal defense purposes.
12. Your Rights and Choices
Depending on applicable law and your location, you may have the right to:
- Access — request a copy of the personal information we hold about you
- Correction — request that inaccurate information be corrected
- Deletion — request deletion of your personal information (subject to legal retention obligations)
- Portability — receive your data in a structured, machine-readable format
- Restriction — request that we restrict processing of your data in certain circumstances
- Objection — object to certain types of processing, including processing based on legitimate interests
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
- Opt out of notifications — manage your push notification preferences in your device settings or in the CommunoApp app settings at any time
- Lodge a complaint — if you believe we have handled your information unlawfully, you may contact us or lodge a complaint with a relevant supervisory authority
To exercise any of these rights, contact us at info@claretcode.com with "Privacy Request" in the subject line. We will respond within the timeframe required by applicable law.
13. Security, Fraud, and Abuse Prevention
We implement technical and organizational safeguards including:
- Password hashing using industry-standard algorithms (plaintext passwords are never stored)
- Transport security (HTTPS/TLS) for all data in transit
- Role-based access control and authorization enforcement
- Security and authentication event logging (see Section 2.10)
- Monitoring for unusual access patterns, brute-force attempts, and credential abuse
- Least-privilege access practices for internal operational systems
- Incident response processes
No system is completely secure. We cannot guarantee that unauthorized access, hacking, data loss, or security breaches will never occur. If we become aware of a breach that affects your personal information in a manner that requires notification under applicable law, we will notify you as required. You can help protect your account by using a strong password and notifying us immediately if you suspect unauthorized access at info@claretcode.com.
14. Cookies and Local Storage
Our web applications may use cookies and local storage for: authentication and session management; remembering user preferences and settings; security and fraud prevention; and analytics and performance monitoring.
You can manage or block cookies through your browser settings. Some features may not function correctly if cookies are disabled. Our mobile applications do not use browser cookies but may use similar device-based storage mechanisms for session and preference management.
15. Automated Decision-Making
CommunoApp does not currently make decisions that produce significant legal or similarly significant effects on individuals solely through automated means. Security and fraud risk assessments are performed to protect accounts and are subject to human review where material action is taken.
16. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. Where required by applicable law, or where changes are material, we will provide additional notice (for example, by in-app notification or email). Your continued use of the Services after the updated Policy becomes effective constitutes your acceptance of the changes.
17. Contact Us
For any privacy-related questions, requests, or concerns. We aim to respond to all privacy inquiries within 30 days (or the shorter period required by applicable law).
Address
ClaretCode Technologies LLC
Carlisle, Pennsylvania, USA
Appendix A: Categories of Personal Information We Collect
| Category | Examples |
|---|---|
| Identifiers | Name, username, email address, phone number, IP address, device identifiers |
| Profile data | Profile photo, bio, hometown, current city, address, birthday, gender, dietary preferences |
| Community content | Posts, comments, reactions, polls, event and amenity records, RSVPs, potluck and volunteer commitments |
| Marketplace data | Service listings, service requests, request status history, in-request messages, ratings, reviews |
| Chat and messaging data | In-app chat messages, presence signals, message timestamps |
| Media and uploads | Profile images, event cover photos, service listing photos |
| Technical and device data | Device type, OS, app version, browser, user agent, IP address, approximate location from IP |
| Security and authentication data | Login/logout events, failure logs, IP, timestamp, approximate geolocation, correlation IDs |
| Notification data | Push token, notification preferences, delivery metadata |
| Support and feedback | Feedback content, support request details |
Appendix B: Community Administrator Data Access
| Data | Admin Can Access? | Notes |
|---|---|---|
| Member profile (name, photo, bio, role) | Yes | Core membership display |
| Member email address | No | Not surfaced in admin UI |
| Member phone number | No | Not surfaced in admin UI |
| Member address or birthday | No | Not surfaced in admin UI |
| Posts and comments | Yes | Full access for moderation |
| Event RSVPs and guest counts | Yes | Via event management |
| Potluck and activity commitments | Yes | Via event management |
| Amenity booking records | Yes | Via amenity management |
| Service listings in the community | Yes | Can enable/disable/moderate |
| Service requests (Provider/Customer details) | Limited | For moderation of violations only |
| In-request chat between Provider/Customer | No | Private to the two parties |
| Ratings and reviews | Yes | Visible as community content |
| Community-wide emergency alerts | Yes | Can create and send |
| Private chat messages between members | No | Private between participants |
Community Admins are not employed by or acting as agents of ClaretCode Technologies LLC. They are independent operators of their community spaces.
Appendix C: Data Controller and Processor Roles
ClaretCode Technologies LLC acts as the data controller for personal information collected through CommunoApp account registration, platform operation, security functions, and support.
In cases where CommunoApp is deployed as a platform infrastructure for an organizational customer (such as a business or HOA that operates a Community), ClaretCode Technologies LLC may act as a data processor on that organization's documented instructions. Data Processing Agreements (DPAs) are available on request for enterprise or organizational use cases.
Community Admins who independently control how data is used within their Community (including decisions about community rules, content moderation, and member access) may themselves act as data controllers for those processing activities under applicable law (particularly GDPR). Users should contact their Community Admin for questions about data handling decisions specific to their Community.