Privacy & Data Handling Policy

CorefolioHQ | AI Business Innovations

Effective Date: May 2026 | Version 1.2

This policy is versioned. See Change Log (Section 9) for revision history.

1. Overview

CorefolioHQ is a read-only operational visibility platform that allows authorized property owners to view data about their own properties. Properties may be managed through AppFolio Property Manager or, for property managers without dedicated property management software, through shared Excel files in OneDrive. This policy describes how CorefolioHQ accesses, handles, stores, and protects data obtained through the AppFolio Stack API and through Microsoft Graph (OneDrive/Excel).

Our core principle is simple: we only access data that belongs to the authorized property owner, we display it only to that owner and to users they have explicitly granted access to, and we do not sell, share, or transmit operational data to any third party.

This policy uses intentionally general language where vendor-specific details may change over time. When a specific provider is currently in use, it is noted. Changes to providers that do not affect data access scope, retention, or security posture will be reflected in the Change Log without requiring a full policy reissue.

2. Who Can Access CorefolioHQ

CorefolioHQ uses a multi-tenant access model with three layers:

Owner Accounts — Each property owner (or co-ownership entity) has a distinct owner account. Properties and data sources are scoped to the owner account.
Users — Each individual person (e.g., owner, co-owner, or designated stakeholder) authenticates as a user.
Access Grants — Users are explicitly granted access to one or more owner accounts. A user can only see data for owner accounts they have been granted.

To gain access, a user must:

Be associated with one or more properties currently managed either through (a) a property manager who uses AppFolio Property Manager, or (b) a property manager using Excel-based reporting via OneDrive.
For AppFolio data: their property manager must explicitly authorize the connection between AppFolio and CorefolioHQ via the standard OAuth authorization flow.
For OneDrive/Excel data: each user authenticates separately to Microsoft Graph using their own credentials. CorefolioHQ does not share or pool OAuth tokens between users.
Verify their identity through an industry-standard identity platform (currently Auth0) supporting multiple login options including Google, Microsoft, Apple, and email-based verification.
Be granted explicit access to a specific owner account by an authorized administrator. No anonymous access is permitted, and no user can self-provision access to another owner’s account.
For users signing up via the public CorefolioHQ website (rather than through a property manager’s referral), an ownership verification step is required before access is granted. See Section 5.3.

CorefolioHQ cannot and does not access any AppFolio account or OneDrive file without a completed, explicit authorization from the responsible party (the property manager for AppFolio, or the user themselves for OneDrive).

3. Data We Access

3.1 Tenant Information (via AppFolio API)

We access tenant data solely to provide the property owner with lease and occupancy transparency. This includes:

Full name, unit assignment, property address
Phone number and email address (for owner awareness only — not used for outreach by CorefolioHQ)
Lease start and end dates, lease type (e.g., 12-month)
ADA or accessibility accommodation notes relevant to the lease agreement
Move-in and move-out dates, occupancy status

We do not access tenant payment card information, social security numbers, screening reports, or any data not directly relevant to the lease relationship.

3.2 Work Orders & Maintenance Requests (via AppFolio API)

We access work order and maintenance data for transparency purposes only. This includes:

Work order description, current status, assigned vendor, and scheduled or completion dates
Request for proposal (RFP) details: scope of work, vendor name, status

CorefolioHQ does NOT have the ability to approve, reject, create, or modify work orders or RFPs. Access is strictly read-only and for the property owner’s awareness.

3.3 Tenant ↔ Property Manager Communications (via AppFolio API)

We access communication threads between property managers and tenants that have been conducted through the AppFolio platform, scoped exclusively to the authorized owner’s properties. This is for transparency only — owners can see what is being discussed about their properties without having to ask the PM directly.

CorefolioHQ does NOT participate in, send, edit, or delete any communication. Access is strictly read-only.

3.4 Financial Data (via AppFolio API)

We access financial data to provide the property owner with income and expense transparency. This includes:

Rent charges, payments received, and tenant ledger balances
Owner statements and distribution summaries
Income and expense reports specific to the owner’s properties
Recurring charges and scheduled rent adjustments

We do not access bank account numbers, routing numbers, payment card data, or any financial credentials.

3.5 Documents & Compliance (via AppFolio API)

We access documents that are legally relevant to the property owner’s properties, including state and county-required disclosures, lease agreements, and inspection reports that the property manager has attached within AppFolio.

3.6 OneDrive/Excel Property Data (via Microsoft Graph)

For property managers who do not use dedicated property management software, CorefolioHQ accesses property data stored in shared Excel files within OneDrive, via the Microsoft Graph API. This includes:

Property and unit information
Tenant and lease summary information as recorded in the spreadsheet
Open task lists and maintenance notes
Rent rolls and adjustment schedules

Microsoft Graph access is per-user OAuth: each authorized user authenticates with their own Microsoft credentials. CorefolioHQ does not share, pool, or fall back to another user’s tokens for data retrieval.

4. Data We Do NOT Access

CorefolioHQ explicitly does not request or access the following data, regardless of its availability through the API:

Data belonging to any property owner other than the authenticated, authorized user (or users who have been explicitly granted access to that owner’s account)
Data for properties not explicitly associated with the authorized owner’s designated property IDs
Tenant credit reports, background check results, or screening data
Tenant payment card or bank account information
Property manager internal communications not related to the authorized properties
Rent payment processing capabilities
Tenant screening or renters insurance functions
Any data from other property managers’ accounts

5. Data Storage & Retention

CorefolioHQ separates operational property data from minimal user account metadata, with different handling for each.

5.1 Operational Property Data (AppFolio + OneDrive)

Data retrieved via the AppFolio API and Microsoft Graph is fetched in real time upon user request and rendered directly in the user’s browser session.
We do not maintain a persistent database of AppFolio-sourced or OneDrive-sourced operational data. No tenant, financial, communication, or work order content is written to our servers.
OAuth tokens used to access these external systems are stored encrypted at rest, scoped to the minimum permissions required, and isolated per user (no token sharing or fallback).
If a property manager revokes AppFolio authorization, or if a user’s Microsoft authorization expires or is revoked, access is immediately terminated and no operational data is retained.

5.2 User Account Metadata (Stored)

To support login and access control, CorefolioHQ maintains a minimal database that stores:

User email address and Auth0 identifier
User display name (where provided)
Owner account names that the user has been granted access to
Property names and addresses associated with owner accounts
Data source connection records — type (AppFolio / OneDrive), associated owner account, and last-sync metadata. The data itself is not stored.

We do NOT store: Social Security Numbers, tax identification numbers, dates of birth, government-issued ID numbers, payment card numbers, bank account numbers, routing numbers, or any other financial credentials.

User account metadata is retained while the account is active. Upon user request or account closure, account metadata is deleted within 30 days.

5.3 Ownership Verification Documents (Public Route Only)

For owners signing up via the public CorefolioHQ website, we require verification that the applicant is the legitimate owner of the properties they wish to add to their account. This verification step does not apply to owners onboarded through a property manager who has already verified the relationship.

What we collect: One ownership-proof document per applicant — typically the most recent county property tax statement, a 1099 from the property manager showing the applicant as record owner, or a similar document evidencing ownership.
How it is used: Documents are reviewed by an authorized administrator solely to confirm the applicant is the rightful owner of the properties being added to their CorefolioHQ account.
How it is stored: Source documents are not retained. After verification, they are deleted from any inbox or storage location. Only the verification result is recorded — specifically: the date of verification, the property addresses verified, and the type of document used (e.g., “county tax statement”). This verification record is retained as part of the access-control audit log.
What is never extracted: Social Security Numbers, taxpayer identification numbers, financial account numbers, dates of birth, or any other personally identifying information beyond the property address and owner name needed to confirm the ownership match.

6. Security Measures

CorefolioHQ implements the following security controls:

Authentication via an industry-standard identity platform (currently Auth0) supporting multiple verified login methods.
All data in transit is encrypted using TLS 1.2 or higher.
OAuth 2.0 authorization flow for both AppFolio API and Microsoft Graph access — no third-party passwords are stored by CorefolioHQ.
Per-user OAuth model — each user authenticates separately for any external data source. CorefolioHQ does not share, pool, or fall back to another user’s tokens, eliminating the risk of one user inadvertently accessing data with another user’s credentials.
Multi-tenant access control: every data-fetching endpoint enforces server-side filtering by the authenticated user’s authorized owner account(s). The frontend never determines what data the backend returns.
OAuth tokens and other sensitive credentials are stored encrypted at rest.
No sensitive data is exposed in URL parameters or unprotected browser storage.
Access logs are maintained for audit and compliance purposes.

We are prepared to complete AppFolio’s security compliance questionnaire in full and welcome a security review as part of the partner certification process.

7. Third-Party Sharing

CorefolioHQ does not sell, rent, license, or otherwise share AppFolio-sourced or OneDrive-sourced data with any third party. Data accessed via the AppFolio Stack API and Microsoft Graph is used exclusively to render the authorized property owner’s dashboard within the CorefolioHQ application.

We use the following categories of third-party infrastructure, each bound by appropriate data processing agreements:

Identity & authentication services (currently Auth0)
Cloud application hosting and database services (currently Railway)

If a material change is made to any third-party provider that affects data handling, users and AppFolio will be notified in accordance with Section 8.

8. Policy Updates & Change Notifications

This policy is versioned. The Change Log in Section 9 records all updates with dates and descriptions of what changed.

We distinguish between two types of changes:

Non-material changes — Minor changes (e.g., updating a vendor name, clarifying existing language, changing authentication provider): reflected in the Change Log with a version increment. Users will receive a 14-day advance notice via email and an in-app banner before the change takes effect. AppFolio will be notified via written communication to our partner contact.
Material changes — Changes to what data is accessed, how it is stored, who it is shared with, or any expansion of data scope: require a full policy update, a minimum 30-day user notice period, and proactive written notification to AppFolio prior to implementation.

Continued use of CorefolioHQ after a notified change takes effect constitutes acceptance of the updated policy.

9. Change Log

Version	Date	What Changed
1.0	March 2026	Initial policy. Auth0 established as primary identity provider. Neutral vendor language adopted throughout.
1.1	May 2026	Renamed product from “Property Hub” to “CorefolioHQ.” Updated Section 2 to reflect the multi-tenant access model (users / owner accounts / access grants). Added Section 3.3 covering tenant ↔ PM communications scope. Added Section 3.6 disclosing OneDrive/Excel data scope via Microsoft Graph. Restructured Section 5 into operational data (not persisted) and minimal user account metadata (stored). Added per-user OAuth security language to Section 6.
1.2	May 2026	Added Section 5.3 covering ownership verification documents for public-route signups. Added corresponding access requirement to Section 2. Source documents not retained; only the verification result is recorded.

10. Contact

For questions about this policy or our data handling practices:

Monica | AI Business Innovations
monica@aibusinessinnovations.com