Legal Center
Governance • Compliance • Protection
Legal Disclaimer
Last Updated: February 9, 2026
Welcome to CommunityPay, Inc. ("CommunityPay," "we," "our," or "us"). This Legal Disclaimer governs your use of our proprietary software platform and services ("Platform"), clarifying the scope of our responsibilities, the legal relationship between our company and you, and applicable limitations of liability.
Important Notice: By accessing or using our Platform, you acknowledge and agree to the terms
set forth in this Legal Disclaimer, our Terms of Service, and Privacy Policy. If you do not agree, please
discontinue use immediately.
-
Professional Services Disclaimer
CommunityPay provides an institutional accounting and governance platform for homeowners associations.
We are not, and do not purport to be:
- A law firm or provider of legal advice
- A financial advisor or investment consultant
- A real estate brokerage or licensed property management company
- A certified public accountant or tax advisor
-
Payment Processing Services
CommunityPay facilitates payment processing through regulated third-party payment processors.
We are not a bank, depository institution, or money transmitter. Key distinctions:
- We facilitate payment routing through licensed third-party providers
- Funds are never held in CommunityPay corporate accounts
- We do not offer investment products or interest-bearing accounts
- All payment processing is subject to our partner institutions' terms and regulations
-
Agent-of-Payee Model
CommunityPay operates under an agent-of-payee framework in compliance with applicable regulations:
- Payments through our Platform are legally considered direct payments to the designated HOA or property manager
- We act solely as the technological intermediary facilitating these transactions
- Settlement times vary by payment method and are controlled by our payment partners
- Users maintain direct contractual relationships with their HOAs or property managers
-
Compliance and User Responsibility
Users are solely responsible for ensuring their use of the Platform complies with all applicable laws, including:
- Federal, state, and local landlord-tenant regulations
- HOA governance requirements and state statutes
- Fair housing and anti-discrimination laws
- Data protection and privacy regulations
- Financial reporting and tax obligations
-
Limitation of Liability
To the maximum extent permitted by law, CommunityPay's liability is limited as follows:
- We exclude all indirect, incidental, special, or consequential damages
- Our total liability shall not exceed fees paid by you in the preceding twelve months
- We are not responsible for third-party service interruptions or failures
- Users indemnify CommunityPay against claims arising from their Platform use
- Intellectual Property Rights All Platform technology, content, and branding remain the exclusive property of CommunityPay or our licensors. Users receive only a limited, revocable license to use the Platform according to our terms.
Terms of Service
Effective Date: February 9, 2026
These Terms of Service ("Terms") constitute a legally binding agreement between you and CommunityPay, Inc. regarding your use of our Platform. By creating an account or using our services, you accept these Terms in full.
-
Account Registration and Security
To access our Platform, you must:
- Be at least 18 years old with legal capacity to enter contracts
- Provide accurate, current, and complete registration information
- Maintain the security of your account credentials
- Promptly notify us of any unauthorized access or security breaches
- Accept responsibility for all activities under your account
-
Platform Services
CommunityPay provides institutional-grade financial infrastructure for homeowners associations including:
- Double-entry fund accounting with operating and reserve segregation
- Automated dues collection and payment processing
- Vendor compliance verification and disbursement controls
- Governance attestation and board certification
- Financial reporting, budgeting, and audit trails
- Resident and owner communication systems
-
Payment Processing Terms
Our Platform integrates with Stripe for payment processing. By using payment features:
- You authorize us to initiate transactions on your behalf
- You agree to the terms of our integrated payment partners
- You acknowledge that payment timing depends on the method selected
- You accept responsibility for sufficient account funds and accurate information
-
Fee Structure
Platform usage may incur various fees:
- Monthly Subscription Fee: Flat monthly subscription based on HOA unit count (ranges from $50/month for up to 50 units to $500/month for up to 500 units)
- Sales Tax on Subscriptions: Applicable sales tax based on HOA's jurisdiction (automatically calculated using Stripe Tax)
- Payment Processing Pass-Through: Exact payment processor fees (Stripe/bank fees) passed through to HOAs without markup
- Additional service fees for premium features
- All fees are disclosed before service activation
- Subscription fees are non-refundable unless otherwise specified
-
Prohibited Uses
You agree not to:
- Use the Platform for illegal or fraudulent purposes
- Attempt to circumvent security measures or access restrictions
- Transmit malware, viruses, or harmful code
- Violate intellectual property rights
- Harass, defame, or harm other users
- Overload or interfere with Platform operations
-
Termination
Either party may terminate this agreement:
- Users may close accounts at any time through account settings
- CommunityPay may suspend or terminate accounts for Terms violations
- Upon termination, access ceases but certain provisions survive
- Data retention follows our Privacy Policy requirements
-
Dispute Resolution
Any disputes shall be resolved through:
- Initial good faith negotiations between parties
- Binding arbitration under AAA Commercial Rules if negotiations fail
- Individual proceedings only (no class actions)
- Venue in King County, Washington
- Governing Law These Terms and any disputes arising from or related to your use of the Platform shall be governed by and construed in accordance with the laws of the State of Washington, without regard to conflict of law principles. The exclusive jurisdiction and venue for any legal proceedings shall be the state and federal courts located in King County, Washington.
-
API and Data Services
CommunityPay offers programmatic access to certain Platform data through authenticated APIs, including the
Community Association Risk Index (CARI):
- API access requires a valid API key and an active subscriber agreement
- All CARI data access is consent-gated — HOAs must explicitly authorize third-party access to their risk scores and reports before any data is made available
- API usage is subject to tier-based rate limits and credit-based billing as defined in the subscriber agreement
- Subscribers may not resell, redistribute, or sublicense CARI data without prior written authorization
- API keys are confidential credentials and must not be shared, embedded in client-side code, or exposed publicly
- CommunityPay reserves the right to revoke API access for abuse, excessive load, or violations of these Terms
- CARI scores and reports are informational tools — they do not constitute lending decisions, insurance underwriting determinations, or legal advice
Privacy Policy
Effective Date: February 9, 2026
CommunityPay is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and safeguard your personal information in compliance with applicable data protection laws.
-
Information We Collect
We collect various types of information to provide and improve our services:
- Account Information: Name, email, phone number, address
- Property Details: Unit information, HOA affiliation, ownership records
- Financial Data: Bank account details (tokenized), transaction history
- Usage Data: Platform interactions, feature usage, communication logs
- Device Information: IP address, browser type, operating system
- Association Risk Data: HOA financial health indicators, governance metrics, and compliance signals used for CARI (Community Association Risk Index) scoring — collected and shared only with explicit HOA board consent
-
How We Use Your Information
Your information enables us to:
- Process payments and financial transactions
- Provide customer support and service communications
- Improve Platform functionality and user experience
- Ensure security and prevent fraud
- Comply with legal and regulatory requirements
- Send important updates and optional marketing (with consent)
-
Information Sharing
We share information only as necessary:
- Payment Partners: To process transactions securely
- Service Providers: For infrastructure, analytics, and support
- Legal Compliance: When required by law or court order
- Business Transfers: In connection with mergers or acquisitions
- With Consent: When you explicitly authorize sharing
- CARI Score Subscribers: With explicit HOA board consent, aggregated association-level financial and governance risk indicators may be shared with authorized third-party subscribers (lenders, insurers, title companies) via the CARI API. No individual resident personal data is shared through CARI — only association-level metrics. HOAs may revoke CARI consent at any time
-
Data Security
We implement comprehensive security measures:
- AES-256 encryption for data at rest, TLS 1.2+ for data in transit
- Regular security audits and vulnerability assessments
- Access controls and authentication requirements
- Employee training on data protection practices
- Incident response procedures for potential breaches
- PCI-DSS Level 1 compliance via Stripe payment infrastructure
- HSTS enforcement with 2-year max-age and preload
-
Your Privacy Rights
Depending on your location, you may have rights to:
- Access and receive copies of your personal data
- Correct inaccurate or incomplete information
- Request deletion of your data (subject to legal requirements)
- Opt-out of marketing communications
- Data portability in machine-readable format
- Lodge complaints with supervisory authorities
Financial Record Retention: Certain records — including journal entries, enforcement decisions, audit trails, and transaction histories — are maintained as immutable records required for regulatory compliance, audit integrity, and fiduciary accountability. These records cannot be deleted or modified, even upon account closure. Deletion requests will be honored for all personal data not subject to mandatory retention requirements. -
International Data Transfers
If we transfer data internationally, we ensure appropriate safeguards through:
- Standard contractual clauses approved by regulatory authorities
- Compliance with applicable data transfer mechanisms
- Ensuring recipients maintain adequate data protection
- Children's Privacy Our services are not intended for individuals under 18. We do not knowingly collect information from minors. If we discover such collection, we will promptly delete the information.
- Updates to Privacy Policy We may update this policy periodically. Material changes will be notified via email or Platform announcement. Continued use after changes constitutes acceptance.
-
Cookies and Tracking Technologies
We use the following technologies to operate and secure the Platform:
- Session Cookies: Required for authentication and security — cannot be disabled while using the Platform
- CSRF Tokens: Security tokens embedded in forms to prevent cross-site request forgery attacks
- Platform Analytics: We collect anonymized page views, session duration, and navigation patterns to improve Platform functionality. This data is processed internally and is not shared with third-party analytics providers
- No Third-Party Advertising: We do not use advertising cookies, tracking pixels, retargeting scripts, or share browsing data with advertising networks
Payment Terms
Effective Date: February 9, 2026
These Payment Terms govern all financial transactions processed through the CommunityPay Platform.
-
Payment Gateway Architecture
Our payment infrastructure is designed for security, reliability, and regulatory compliance:
- Primary processing through Stripe, a PCI-DSS Level 1 certified payment processor
- Bank account verification via Plaid for secure account linking
- Compliance with PCI-DSS, NACHA, and applicable banking regulations
- Real-time transaction monitoring and fraud prevention
-
Supported Payment Methods
We facilitate the following payment methods:
- ACH Bank Transfers: Direct bank-to-bank transfers via Stripe, typically 1-3 business days processing
- Credit/Debit Cards: Visa, Mastercard, and American Express with instant authorization via Stripe
-
Transaction Processing
All transactions follow this framework:
- Transactions are initiated upon user authorization and routed through Stripe for processing
- Funds flow directly between payer and payee accounts via Stripe Connect — CommunityPay does not hold, pool, or commingle customer funds
- Settlement timing is determined by Stripe and the payment method selected (typically 1-3 business days for ACH)
- Transaction receipts, audit trails, and journal entries are generated automatically
- Dispute resolution follows Stripe's established procedures
-
Fee Transparency
All applicable fees are disclosed before transaction completion:
- Monthly platform subscription fees based on HOA unit count
- Payment processing fees from Stripe and banking partners (passed through without markup)
- Sales tax on subscription fees calculated by jurisdiction
- Fee responsibility (payer or payee) clearly indicated for each transaction
-
Refunds and Reversals
Refund policies are determined by:
- The payee's configured refund settings
- Payment method capabilities and timelines
- Regulatory requirements for transaction reversals
- Documentation requirements for refund requests
- Payment Processing Fees: Payment processing fees charged by third-party processors (Stripe, ACH fees, bank fees) are non-refundable. When a payment is refunded, the original processing fees are deducted from the refund amount. This is because our payment processors do not refund their fees to us, and we pass these costs through dollar-for-dollar without markup. CommunityPay is not responsible for refunding processing fees incurred during the original transaction.
- Subscription Fee Policy: Monthly subscription fees are non-refundable once processed
- Tax on Subscription Fees: Sales tax collected on subscription fees follows state refund regulations
- Payment Disputes: Contact your HOA administrator directly for payment disputes; subscription fees remain due regardless of payment disputes
-
ACH Authorization and Electronic Payments
By providing bank account information for payment processing:
- You authorize CommunityPay and our payment partners (including Stripe) to initiate electronic debit and credit entries to your account
- This authorization applies to: HOA dues, subscription fees, and any authorized charges
- You certify that you are an authorized user of the bank account provided
- Authorization remains in effect until revoked in writing with 30 days notice
- You understand that electronic debits may take 1-3 business days to process
- You agree to maintain sufficient funds to cover authorized transactions
- For NSF (non-sufficient funds) situations, you may be charged applicable fees
-
Stripe Payment Processing Terms
By using CommunityPay's payment processing features, you acknowledge and agree to Stripe's terms and conditions
as our integrated payment processor.
Important: Your use of payment features constitutes acceptance of both CommunityPay's terms and Stripe's terms of service. The complete Stripe Connected Account Agreement and Stripe Services Agreement are available at stripe.com/legal.
- Stripe Connect Integration: HOAs and property managers create Stripe Connect accounts through our Platform. Funds flow directly from payers to payees via Stripe's infrastructure while CommunityPay acts as the platform facilitating these connections.
- Account Verification: Stripe may require business entity documentation (EIN, formation documents), beneficial owner information, bank account verification, and identity verification for authorized representatives.
- Prohibited Activities: In addition to CommunityPay's restrictions, Stripe prohibits high-risk businesses, illegal products or services, and activities that violate card network rules. See Stripe's Restricted Businesses list for details.
- Processing Terms: Transaction fees are set by Stripe and disclosed in your account. Payout schedules follow Stripe's standard or custom timing. Chargebacks and disputes are handled per Stripe's policies.
- Data Security: Stripe maintains PCI-DSS Level 1 certification, encryption of sensitive data, tokenization of payment methods, and compliance with global data protection regulations.
- Account Termination: Stripe may suspend or terminate accounts for violations of their terms, excessive chargebacks, suspected fraud, or failure to provide requested verification.
- Direct Relationship: By creating a Stripe Connect account through CommunityPay, you establish a direct legal relationship with Stripe. Review their complete terms at stripe.com/connect-account/legal.
Subscription Fee Disclosure: CommunityPay charges a flat monthly subscription fee
based on your HOA's unit count (ranging from $50/month for up to 50 units to $500/month for up to 500 units),
plus applicable sales tax based on your HOA's location calculated using Stripe Tax. Subscription fees
are billed automatically on the 1st of each month. Payment Processing: Exact payment
processor fees (from Stripe and banking partners) are passed through to your HOA without markup.
Data Processing Agreement
Effective Date: February 9, 2026
This Data Processing Agreement ("DPA") supplements our Privacy Policy and Terms of Service, outlining how CommunityPay processes personal data on behalf of our customers.
-
Definitions and Scope
- Controller: The customer (HOA or management company) determining data processing purposes
- Processor: CommunityPay when processing data on Controller's behalf
- Data Subjects: Unit owners, residents, board members, vendors, and other individuals whose data is processed
- Processing: Any operation performed on personal data
- Identity Data: Names, email addresses, phone numbers, mailing addresses
- Financial Data: Bank account details (tokenized via Stripe), payment transaction records, assessment balances, invoice history
- Governance Data: Board member roles and tenure, meeting records, attestation signatures
- Property Data: Unit ownership records, square footage, ownership percentages
- KYC Data: Employer identification numbers (EIN) and authorized representative identity verification — processed by Stripe, not stored directly by CommunityPay
- Vendor Data: Business licenses, insurance certificates, bond information, W-9 tax forms, payment history
-
Processing Instructions
CommunityPay processes personal data:
- Only on documented instructions from the Controller
- To provide Platform services as described in our Terms
- To comply with applicable legal requirements
- With appropriate technical and organizational measures
-
Security Measures
We maintain comprehensive security including:
- Encryption of data at rest and in transit
- Access controls and authentication systems
- Regular security assessments and audits
- Employee confidentiality agreements
- Incident response and breach notification procedures
-
Sub-processors
We may engage sub-processors for specific services:
- Stripe (payment processing)
- Amazon Web Services (infrastructure, storage, email)
- Heroku/Salesforce (application hosting)
- Sentry (error monitoring — anonymized)
- Redis Labs (caching — no PII stored)
- Notification of sub-processor changes provided
- Sub-processors bound by equivalent data protection terms
- Customer right to object to new sub-processors
-
Data Subject Rights
We assist Controllers in fulfilling data subject requests for:
- Access to personal data
- Rectification or erasure
- Processing restrictions
- Data portability
- Objection to processing
-
Audit Rights
Controllers may verify our compliance through:
- Annual security certification reviews
- Questionnaire-based assessments
- On-site audits (with reasonable notice and fees)
- Third-party audit reports
Acceptable Use Policy
Effective Date: February 9, 2026
This Acceptable Use Policy ("AUP") defines prohibited uses of the CommunityPay Platform. Violations may result in suspension or termination of services.
-
Prohibited Activities
Users must not engage in:
- Illegal activities or facilitation of unlawful conduct
- Fraud, money laundering, or financial crimes
- Harassment, threats, or abusive behavior
- Intellectual property infringement
- Distribution of malware or harmful code
- Unauthorized access attempts or security breaches
-
Content Standards
All user-generated content must:
- Be accurate and not misleading
- Comply with applicable laws and regulations
- Respect intellectual property rights
- Avoid discriminatory or offensive material
- Maintain professional standards appropriate for business use
-
System Integrity
Users must not:
- Attempt to probe, scan, or test system vulnerabilities
- Breach or circumvent authentication measures
- Access data not intended for the user
- Overload or disrupt system resources
- Use automated systems without authorization
-
Enforcement
Violations may result in:
- Warning notices for minor infractions
- Temporary suspension of services
- Permanent account termination
- Legal action for serious violations
- Reporting to law enforcement when required
-
Reporting Violations
Users should report AUP violations:
- Via our abuse reporting system
- By contacting our security team at support@communitypay.us
- With detailed information about the violation
- While maintaining confidentiality of the report
-
API and Automated Access
Users with programmatic access to the Platform must:
- Respect published rate limits and usage quotas for their subscription tier
- Not attempt to circumvent rate limiting, authentication, or consent-gating mechanisms
- Not scrape, crawl, or bulk-extract Platform data without written authorization
- Not use automated tools to create accounts, submit forms, or generate fraudulent transactions
- Implement reasonable caching to minimize redundant API calls
- Report any discovered security vulnerabilities through responsible disclosure to support@communitypay.us
CARI (Community Association Risk Index)
Effective Date: February 9, 2026
CARI is a proprietary risk index developed by CommunityPay, Inc. that scores community association health across five institutional dimensions. The following terms govern CARI scores, reports, and API access.
-
Nature of CARI Scores
CARI scores and reports are informational tools only. They do not constitute:
- Lending decisions or credit assessments
- Insurance underwriting determinations or premium quotations
- Legal advice or compliance certifications
- Appraisals, valuations, or investment recommendations
- Guarantees of association financial health or governance quality
- Consent Requirement No CARI score is computed, stored, or shared without explicit consent from the HOA board of directors. Consent may be revoked at any time, immediately halting all third-party access to that association's score and reports. CommunityPay does not share CARI data with any party absent active consent.
- Association-Level Data Only CARI evaluates associations, not individuals. No personal resident data — including names, account balances, payment history, or contact information — is exposed through CARI scores, reports, or the API. All signals are aggregated at the association level.
-
Methodology and Accuracy
CARI scores are derived from live platform data using a published methodology with five weighted
components. CommunityPay reserves the right to:
- Update scoring methodology, weights, and thresholds
- Add, modify, or remove signal sources
- Adjust grade scale boundaries
- Introduce new score components or report types
-
Subscriber Obligations
Authorized CARI API subscribers agree to:
- Use CARI data solely for their stated institutional purpose
- Not resell, redistribute, or sublicense CARI data without written authorization
- Safeguard API credentials and report access tokens
- Comply with all applicable laws regarding the use of association risk data
- Not use CARI scores as the sole basis for adverse decisions affecting individuals
- Intellectual Property CARI, the CARI scoring methodology, grade scale, report formats, and all associated marks are the exclusive property of CommunityPay, Inc. The CARI name, logo, and badge designs are trademarks of CommunityPay, Inc. Unauthorized use is prohibited.
- Limitation of Liability CommunityPay shall not be liable for any decisions made by third parties based on CARI scores or reports. CARI data is provided "as is" without warranties of any kind, express or implied, including warranties of merchantability, fitness for a particular purpose, or non-infringement.
Questions About Our Legal Policies?
Our legal team is here to help clarify any questions about these documents.
Contact us at legal@communitypay.us
CommunityPay, Inc. • Seattle, Washington • 2026 All Rights Reserved