Privacy Policy

Effective date: [EFFECTIVE DATE]

App: Havara (havara.app)

Provider: [LEGAL ENTITY NAME] ("we", "us", "our")

Havara is a private community platform for homeowner / residential communities

("Communities"). This policy explains what we collect, why, who we share it

with, and the choices you have. Questions: [email protected].

1. Who controls your data

Each Community (typically its HOA, board, or management company) decides who may

join and what is posted. For most member data, the Community is the controller

and [LEGAL ENTITY NAME] is the processor acting on its behalf; we are the

controller for account-level and device data we need to run the service. If you

have a request about Community content, contact your Community's administrators;

for everything else contact us at [email protected].

2. Information we collect

You provide:

• Account & profile — name, email address, phone number (optional), profile

initials/avatar, and an optional short "About" line you choose to share with

your neighbours.

• Community membership — the Community you join, your unit/address within it

as recorded by the Community, and your role (resident, board, admin).

• Content you post — chat messages, direct messages, board notices, event

RSVPs, amenity bookings, reactions, and any photos or documents you upload.

Collected automatically:

• Device push token — an anonymous Expo/Apple identifier for your most

recent device, used solely to deliver notifications. It is not your phone

number and cannot be used to message you outside the app.

• Usage & diagnostics — basic, content-free product events (e.g., that a

message was sent) and crash/error reports to keep the app working. These do

not include the content of your messages.

We do not collect precise location, contacts, or biometric data, and we do

not use third-party advertising trackers.

3. How we use information

• Operate core features: communities, chat and direct messages, board notices,

events, amenities, and document sharing.

• Answer questions you ask the AI "Ask" feature using your Community's own

documents. Retrieval is permission-filtered first: the AI can only read

document content your membership already lets you see, and your questions

and the generated answers are stored with your Community's records. See

§4 for the AI providers involved.

• Deliver push notifications you've enabled (new messages, DMs, notices).
• Authenticate you and keep your account secure.
• Diagnose crashes and improve reliability and usability.
• Comply with law and enforce our Terms of Service.

We rely on these legal bases where applicable: performance of our agreement with

you, your consent (e.g., notifications), and our legitimate interests in

operating and securing the service.

4. How information is shared

• Within your Community — content you post is visible to the audience you

post it to (a community channel, a group, a direct message, or the board).

Access is enforced by per-row database security so members only see what their

Community membership permits.

• Service providers (processors) we use to run Havara:

- Supabase — database, authentication, file storage, and serverless

functions (data hosting). [Supabase hosting region / sub-processor: [REGION]]

- Expo (Expo Application Services) — delivery of push notifications via

Apple Push Notification service and, on Android, Firebase Cloud Messaging.

- Apple — App Store distribution and push delivery.

- OpenAI — when your Community's documents are indexed for the "Ask"

feature, document text is sent to OpenAI to generate search embeddings.

OpenAI processes this content as our processor and does not use it to

train its models under our API terms.

- Anthropic — when you ask a question in the "Ask" tab, your question

and short excerpts of your Community's documents that you are already

permitted to see are sent to Anthropic to generate the answer. Anthropic

processes this content as our processor and does not use it to train its

models under our API terms.

- [Sentry / analytics provider, if enabled] — crash and diagnostics

reporting. Remove this line if not used at launch.

• Legal — when required by law, or to protect rights, safety, or the

integrity of the service.

• We do not sell your personal information.

5. Data retention

We keep your information for as long as your account is active or as needed to

provide the service. Community content may persist for the Community's records

even after you leave, subject to the Community's own practices. Specifically:

messages you delete are hidden from all members but retained in the Community's

records (this supports moderation review and the integrity of past

conversations); messages hidden by a moderator are likewise retained. When you

delete your account, your profile and personal records are removed and content

you authored is de-identified (it remains in its threads with no link to you)

— this happens immediately; residual copies in backups expire within [N] days.

Except where we must retain information to comply with law.

6. Your choices and rights

• Notifications — turn push on/off anytime in your device settings.
• Profile — edit your name, phone, and avatar in the app.
• Access / correction / deletion — email [email protected] to request a copy

of your data, a correction, or deletion of your account. Depending on where

you live (e.g., California/CCPA, EEA/UK GDPR), you may have additional rights,

including to object to or restrict certain processing and to lodge a complaint

with a supervisory authority.

7. Security

Access to data is restricted by row-level security and least-privilege service

credentials; transport is encrypted (HTTPS/TLS). No system is perfectly secure,

but we work to protect your information and to limit who can see it.

8. Children

Havara is intended for residents [18+ / 13+ — confirm]. It is not directed to

children under [13], and we do not knowingly collect their personal information.

9. International users

Your information may be processed in [COUNTRY/REGION] where we and our providers

operate. Where required, we use appropriate safeguards for cross-border

transfers.

10. Changes

We may update this policy; we'll revise the "Effective date" above and, for

material changes, notify you in the app or by email.

11. Contact

[LEGAL ENTITY NAME], [MAILING ADDRESS]

Email: [email protected]