Data Processing & Security Policy

For data your Organization uploads or enters (including resident and member data), your Organization is generally the data controller and Wealth Building Academy LLC acts as a data processor / service provider, processing such data only to provide the Service and on your documented instructions, except as required by law.

We maintain commercially reasonable administrative, technical, and organizational measures designed to protect data, which may include:

The Service is designed to keep each Organization’s data logically separated so that one community’s records are not exposed to another. Access within an Organization is governed by role-based permissions and document visibility settings (board-only, resident-visible, and private/admin-only) that your administrators configure and control. Board-only and private documents are designed not to appear in resident-facing answers when configured correctly.

To provide AI features, relevant document text and queries may be transmitted to third-party AI providers for OCR, extraction, categorization, summarization, embedding, and search, and returned to your Organization. We use reputable providers under terms intended to restrict use of your content to delivering the Service, and we instruct providers not to use your content to train general-purpose models except as permitted by applicable terms.

We engage sub-processors to deliver the Service, which may include cloud hosting and storage providers, database providers, AI and embedding providers, payment processors, and email and analytics services. Sub-processors are bound by contractual obligations consistent with this Policy. We are responsible for our sub-processors’ performance of obligations we delegate to them, but are not responsible for their independent acts or omissions beyond those arrangements.

We retain data while your account is active and as needed to provide the Service and meet legal obligations. Upon account termination or a valid deletion request to support@communityvault.ai, we delete or de-identify data within a commercially reasonable period, subject to legal retention requirements; residual copies may remain in backups for a limited time before being overwritten. Trial-account data may be deleted upon expiration or on request. See our Privacy Policy for details.

We maintain processes designed to detect, investigate, and respond to security incidents. In the event of a confirmed personal-data breach affecting your data, we will notify the affected Organization without undue delay, consistent with applicable law, and provide information reasonably available to help you meet your own notification obligations. You are responsible for notifying your residents, members, and regulators where you are the controller.

While we strive for high availability, we do not guarantee that the Service will be uninterrupted, timely, error-free, or available at any particular time. The Service may be unavailable due to maintenance, updates, or factors outside our control.

We implement reasonable security measures; however, no system, transmission, or storage method is completely secure, and we cannot and do not guarantee absolute security. You acknowledge that you provide and process data through the Service at your own risk and that we are not liable for unauthorized access, disclosure, or loss occurring despite our reasonable measures, or resulting from your configuration, credentials, users, or third-party providers.

We are not responsible for failures or delays, including security incidents, caused by events beyond our reasonable control, including natural disasters, war, terrorism, civil unrest, labor disputes, governmental action, utility or internet failures, cyberattacks, or failures of third-party providers.

You are responsible for: (a) configuring roles, permissions, and document visibility correctly; (b) safeguarding credentials and promptly removing access for departed users; (c) ensuring you have the right to upload and process the data you provide; (d) avoiding upload of unnecessary sensitive personal data; and (e) maintaining your own backups of critical records. The Service complements, and does not replace, your official system of record.

Security questions or reports may be sent to support@communityvault.ai.