Privacy Policy

Effective Date: May 29, 2026
Last Updated: May 29, 2026

So Shiny Software, LLC ("SoShiny," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, share, and protect information when you visit soshiny.com, sign up for an account, or use our association management software (collectively, the "Service").

By using the Service, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.

1. Who We Are

SoShiny is operated by:

2. Two Types of Users

SoShiny serves two distinct groups, and our privacy practices differ between them:

• Customers — boards, managers, and operators who sign up for SoShiny to run their association (condo, HOA, marina, campground, RV park, retirement community, or co-op). Customers are the "data controllers" for information they upload about their residents, owners, slip holders, or members.
• Residents and Members — individuals whose information is added to SoShiny by a Customer. We act as a "data processor" for this information on behalf of the Customer.

If you are a resident or member and have questions about your data, contact your association's board or manager first. They control what is collected and how it is used. We will assist them in responding to your request.

3. Information We Collect

3.1 Information You Provide Directly

• Account information: name, email address, phone number, association name, association address, role (board, manager, owner, resident, slip holder, member).
• Billing information: payment card details are collected and stored by our payment processor (Stripe). We do not store full card numbers on our servers.
• Association content: rules, bylaws, governing documents, meeting minutes, vote records, work orders, ARC requests, COI documents, vehicle/vessel registrations, directory entries, photos, and any other content uploaded to your association.
• Communications: support tickets, email replies, voicemail recordings, and survey responses.

3.2 Information Collected Automatically

• Log data: IP address, browser type, device type, operating system, referring URL, pages viewed, timestamps, and actions taken inside the Service.
• Cookies and similar technologies: we use first-party cookies to keep you signed in, remember preferences, and measure traffic. See Section 8 for details.
• Analytics: aggregated usage data via Google Analytics and Google Search Console.

3.3 Information From Third Parties

If you sign in through a third-party identity provider, we receive your name and email address from that provider. We do not receive your password.

4. How We Use Information

We use information to:

• Provide, operate, and maintain the Service.
• Process payments and send billing notices.
• Send transactional emails (account notices, password resets, vote ballots, work-order updates, ARC decisions, COI expiration reminders).
• Send SMS messages via Twilio when a Customer enables SMS notifications.
• Send postal mail via Lob when a Customer chooses to mail a notice, ballot, violation, or statement.
• Place automated voice calls and accept voicemail via Twilio Programmable Voice when a Customer enables voice features.
• Respond to support requests.
• Detect, prevent, and address fraud, abuse, security incidents, and technical issues.
• Comply with legal obligations.
• Improve the Service through aggregated, de-identified analytics.

We do not sell personal information. We do not use Customer or Resident data to train artificial intelligence models. We do not share Customer or Resident data with advertisers.

5. Voting, E-Signature, and Governance Data

Because SoShiny runs association votes and collects electronic signatures, the following additional protections apply:

• Vote integrity: ballots are linked to voter identity for audit purposes but are not used for any purpose other than tallying the vote and producing an audit record.
• E-signature records: signed documents are retained with timestamps, IP addresses, and signer identity to satisfy the U.S. ESIGN Act and UETA requirements.
• COI and document storage: insurance certificates, governing documents, and uploaded files are stored encrypted at rest.
• Access: only the association's board and authorized administrators can view governance records, except where required by law or by court order.

6. Subprocessors

We rely on the following third-party service providers to operate the Service. Each is bound by contract to protect personal information and use it only to provide services to SoShiny:

We will update this list when we add or remove a subprocessor. Customers may request advance notice of material changes by emailing privacy@soshiny.com.

7. How We Share Information

We share information only in these circumstances:

• With your association. Information you submit to your association is visible to that association's board, manager, and authorized administrators.
• With subprocessors. As listed in Section 6, solely to provide the Service.
• For legal reasons. When required by law, subpoena, court order, or government request, or when necessary to protect rights, property, or safety.
• In a business transfer. If SoShiny is acquired, merged, or sells assets, information may transfer with the business. We will notify Customers before personal information becomes subject to a different privacy policy.
• With your consent. For any other purpose disclosed to you at the time you provide the information.

8. Cookies and Tracking

We use:

• Strictly necessary cookies to keep you signed in and to remember your association context.
• Analytics cookies (Google Analytics) to measure traffic and improve the Service.

We do not use third-party advertising cookies. You can disable cookies in your browser, but parts of the Service will not work without strictly necessary cookies.

9. Data Retention

• Active accounts: we retain Customer and Resident data for as long as the Customer's account is active.
• Closed accounts: after a Customer closes an account, we retain data for up to 90 days to allow recovery and to satisfy legal obligations, then delete or de-identify it.
• E-signature and vote audit records: retained for seven (7) years after creation to satisfy state association recordkeeping laws.
• Billing records: retained for seven (7) years for tax and audit purposes.
• Backups: rolling encrypted backups are retained for up to 35 days.

10. Security

We protect information with:

• HTTPS/TLS encryption in transit.
• Encryption at rest for uploaded files and database backups.
• Role-based access controls inside each association.
• Logged administrative actions (Activity Log feature).
• Industry-standard password hashing.

No system is perfectly secure. If we learn of a security breach affecting your personal information, we will notify affected Customers and, where required by law, affected Residents.

11. Your Rights

11.1 All Users

You may:

• Access the personal information SoShiny holds about you.
• Correct inaccurate information.
• Request deletion (subject to legal retention requirements).
• Export your data in a portable format.
• Object to or restrict processing.
• Lodge a complaint with a data protection authority.

Residents and members should contact their association's board first. For Customer-level requests or unresolved Resident requests, email privacy@soshiny.com.

11.2 California Residents (CCPA / CPRA)

California residents have the right to know what personal information is collected, to delete personal information, to correct inaccurate information, and to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising. To exercise rights, email privacy@soshiny.com.

11.3 EU/UK Residents (GDPR / UK GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, our legal bases for processing are:

• Contract — to deliver the Service you or your association signed up for.
• Legitimate interests — to operate, secure, and improve the Service.
• Legal obligation — to comply with applicable law.
• Consent — where required, for example for non-essential cookies.

Data transfers from the EU/UK to the United States are made under Standard Contractual Clauses or another approved mechanism.

12. Children

SoShiny is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information, contact privacy@soshiny.com and we will delete it.

13. Communications and Opt-Out

• Transactional messages (ballots, work-order updates, billing) are required for the Service and cannot be opted out of while your account is active.
• Marketing emails from SoShiny can be unsubscribed at any time via the unsubscribe link.
• SMS messages sent by your association via Twilio can be stopped by replying STOP. Standard message and data rates may apply.
• Voice calls and voicemail placed by your association via Twilio Programmable Voice are governed by federal and state telemarketing laws and the Customer's own consent records.
• Postal mail sent by your association via Lob can be stopped by contacting your association directly.

14. Changes to This Policy

We will post any changes to this Policy on this page and update the "Last Updated" date. Material changes will be announced by email to account administrators at least 14 days before they take effect.

15. Contact

For any privacy question, request, or complaint: