Privacy Policy
How Carnegie Creations LLC (Governyxia™) gathers, uses, discloses, keeps, and protects personal information when you use our websites, applications, portals, communications tools, and related offerings.
Carnegie Creations LLC, a Florida limited liability company, doing business as Governyxia™ ("Company," "we," "us," or "our"), operates the Governyxia™ software platform and related services (the "Services"). This Privacy Policy explains how we gather, use, disclose, keep, and protect personal information when you use our websites, applications, portals, communications tools, and related offerings.
This Privacy Policy applies to personal information collected through the Services and through related dealings with us, including support inquiries, account administration, product questions, and service communications. Your use of the Services is subject to the practices described in this Privacy Policy. Governyxia™ is a trademark of Carnegie Creations LLC.
This Privacy Policy does not extend to third party websites, applications, or services that we do not own or control, even when they are linked to or connected with the Services. When you interact with those third party services, you should review their own privacy policies and terms, as their data practices are governed by their own documents, not this Privacy Policy. This Privacy Policy also does not apply to data that has been combined, anonymized, or otherwise processed so it can no longer reasonably identify a specific person.
Who We Are and Our Role
Governyxia™ provides software for homeowners associations, condominium associations, property management companies, board members, residents, vendors, and related users.
Our role with respect to personal information depends on the setting in which the Services are used.
Service Provider or Data Processor
In many cases, the community organization or management entity using the Services determines what personal information is entered into the platform, the reasons it is used, the persons who may access it, and the way it is handled within the account. In those cases, Governyxia may function as a service provider, contractor, or data processor for that customer. When your information sits inside a community account, that community, association, or management company, rather than Governyxia, is generally responsible for decisions about that account data, including many requests relating to access, correction, deletion, disclosure, retention, and user permissions.
Independent Controller
In some situations, Governyxia may act on its own behalf for matters such as platform administration, account oversight, security, fraud prevention, analytics, legal compliance, contract enforcement, direct business communications, and other lawful operational purposes connected with running the Services. In those situations, Governyxia is generally responsible for its own processing decisions and for responding to privacy requests that relate to information it controls in that capacity.
If you are a resident, owner, tenant, board member, manager, vendor, or other individual whose information was supplied by an association or management company, you should also review that organization's privacy practices, since they may separately apply to your information. Requests relating to records, communications, permissions, or other information maintained within a community controlled account may need to be directed to that organization first.
Information We Collect
The types of personal information involved will vary based on your relationship to the platform and the features enabled for the applicable account.
Account and Profile Information
This may include your name, email address, telephone number, mailing address, unit number, lot number, association or community name, role, profile details, language setting, communication preferences, and similar account related information.
Authentication and Security Information
This may include encrypted credentials, password reset details, authentication tokens, sign in history, access records, Internet Protocol address, device identifiers, security logs, session details, and other information used to confirm identity or protect the Services.
Community, Operational, and Transaction Information
This may include payments, invoices, assessment records, account balances, applications, ballots, votes, proxies, notices, documents, amenity reservations, maintenance requests, architectural review submissions, violations, work orders, communications, board materials, and other records entered, uploaded, or generated through the Services.
Communications Information
This may include email delivery results, SMS delivery results, message preferences, support requests, chat content, call records where allowed, contact form submissions, survey responses, and related communication history.
Technical and Usage Information
This may include browser type, operating system, device type, Internet service provider, referring pages, exit pages, pages viewed, feature activity, crash details, access times, cookies, logs, and similar technical or usage information.
Payment Related Information
This may include billing contact details, transaction status, payment method type, masked account details, processor reference numbers, and similar payment related records. Full payment card or bank information may be collected and handled by outside payment processors rather than stored directly by Governyxia.
Verification and Compliance Information
When reasonably needed for onboarding, fraud prevention, payment support, dispute handling, account verification, or legal compliance, we may collect limited verification information or supporting records as allowed by law.
User Submitted Content
This may include documents, uploads, comments, directory entries, portal submissions, attachments, photos, requests, responses, and other material users provide through the Services, along with associated file characteristics, timestamps, processing status information, and other metadata generated in connection with intake, storage, review, automation, or search functions.
Automated Processing, Review, and Metadata Information
This may include text extracted from documents or images through optical character recognition, information identified or structured through natural language processing, classifications, tags, summaries, suggested fields, confidence indicators, risk scores, fraud or anomaly flags, queue status, review history, automated or human reviewer actions, model or workflow output data, and related audit log or metadata information generated through automated or assisted processing features, including information showing whether outputs were reviewed, corrected, approved, rejected, or otherwise acted on by a person.
Location Information
We may infer general location from an Internet Protocol address or device settings. If a specific feature needs more exact location data, we will collect it only when appropriate for that feature and when permitted by law.
Information From Other Sources
We may receive information from associations, management companies, board members, residents, vendors, payment processors, hosting providers, communication vendors, analytics providers, integration partners, publicly available sources, and other third parties that help support the Services or our business operations.
How We Use Information
We use personal information to deliver the platform, maintain its performance, protect the environment in which it operates, and refine how it functions over time. Depending on the circumstances, we may use personal information for the following purposes.
To Provide and Improve the Services
We use information to open and manage accounts, confirm user identity, deliver platform functionality, maintain service stability, troubleshoot problems, refine the user experience, develop new features, and support product improvement. We may also use documents, messages, images, forms, and related data to perform optical character recognition, natural language processing, extraction, classification, summarization, deduplication, routing, and related workflow support functions where those features are enabled.
To Support Governance and Community Operations
We use information to help with voting, notices, recordkeeping, communications, applications, documents, compliance processes, maintenance functions, resident and board interactions, amenity administration, vendor coordination, and other governance or operational tasks requested by a community or customer.
To Handle Payments and Financial Activity
We use information to support payments, assessments, invoices, credits, transaction records, account reconciliation, refunds, and related financial administration, including coordination with third-party payment processors. Governyxia does not take custody of customer payment funds through the Services and generally receives only the payment-related information needed to support the Services and associated records.
To Communicate With Users
We use information to send community notices, platform messages, service updates, account alerts, security notices, billing notices, support replies, and other operational or administrative communications. Where the law allows, we may also use information to send product news, newsletters, or promotional messages.
To Protect the Services and Prevent Misuse
We use information to detect fraud, review suspicious activity, guard against unauthorized access, monitor misuse, maintain audit and activity records, enforce permissions, and protect the rights, property, and safety of the Company, our customers, users, and others. This may include automated screening, pattern detection, scoring, prioritization, and flagging of transactions, submissions, communications, or account activity for fraud prevention, security, compliance support, or operational review, followed by human review, correction, escalation, or override where appropriate.
To Operate Automated Assistance and Decision-Support Features
We may also use personal information to provide automated assistance features such as search, extraction, summarization, categorization, drafting support, data matching, anomaly detection, and workflow recommendations. Unless expressly stated for a specific feature and permitted by applicable law, these tools are intended to support human decision-making rather than replace it, and important legal, financial, governance, compliance, fraud, or access decisions should be reviewed and confirmed by an appropriate person before action is taken. We do not use Customer data from community accounts to train generalized artificial intelligence or machine learning models for the benefit of other customers or unrelated third parties except as expressly permitted by contract or law or used in aggregated or de-identified form consistent with applicable law.
We use information to comply with applicable law, legal process, lawful requests, tax and accounting obligations, contract requirements, dispute resolution needs, and internal compliance practices.
To Create Aggregated or Anonymized Information
We may examine information in aggregated or anonymized form for service improvement, performance review, usage analysis, benchmarking, reporting, and other lawful business purposes. We do not treat aggregated or anonymized information as personal information unless the law requires otherwise.
To Support Artificial Intelligence or Automation Features
If the Services include search, summarization, drafting, categorization, workflow assistance, document extraction, optical character recognition, natural language processing, scoring, ranking, anomaly detection, or similar assisted features, we may use relevant inputs, outputs, logs, and metadata to operate, secure, monitor, and improve those features, subject to contract and law. Such features may generate suggested content, extracted fields, labels, confidence measures, alerts, queues, or risk indicators and may involve automated processing together with human review, correction, escalation, or override where appropriate. Outputs from those features should be reviewed by a person before being relied upon for legal, financial, governance, compliance, or payment-related decisions. Except as expressly permitted by contract or law, we do not use identifiable Customer data from one customer's community account to train generalized models for other customers.
Payment Processing
Payments are handled by outside payment processors such as Stripe, or other payment service providers selected by Governyxia or the applicable community. Governyxia does not keep full credit card numbers in its own systems and does not take custody of payment funds through the Services. Those payment providers operate under their own privacy policies, security practices, and contractual terms, and we encourage you to review their applicable notices.
We may receive limited payment related information, such as transaction status, masked payment details, billing contact information, processor reference information, and similar settlement, payout, reconciliation, or exception information, where needed to support the Services, keep records, respond to customer questions, prevent fraud, and satisfy legal or accounting obligations.
Communications and SMS
If you choose to receive messages from us, or if communications are sent through your community account as part of the Services, you may receive SMS messages, email messages, push notifications, or other communications about your community, account activity, support, payments, notices, or service administration.
The number of messages you receive will depend on your account activity and community operations.
Standard carrier charges may apply. You can stop SMS messages from a specific program by replying STOP to that program's message, subject to any instructions included in the message. You can stop promotional emails by using the unsubscribe link included in those emails.
Even if you stop promotional communications, you may still receive operational messages tied to your account, security, billing, legal notices, support, or required community communications.
For more information regarding SMS consent procedures and messaging compliance, please visit our SMS Consent & Notification Policy.
Sharing of Information
We may provide personal information to the categories of recipients described below when needed for platform operations, account administration, legal compliance, or other permitted business purposes.
Service providers and subprocessors we use in connection with the Services may include hosting providers, cloud infrastructure providers, payment processors, communication vendors, analytics providers, support providers, security vendors, backup providers, integration partners, artificial intelligence or machine learning service providers, and document processing providers. The service providers and subprocessors we use may change over time, and we may add, replace, or remove providers as our Services evolve, subject to applicable contractual, privacy, and security commitments.
Community Administrators and Authorized Users
We may disclose information to your association, property management company, board members, committee members, managers, staff, or other users authorized within the community account, consistent with permissions, customer instructions, and the intended operation of the Services.
Authorized Service Providers
We may disclose information to hosting providers, cloud infrastructure providers, payment processors, communication vendors, analytics providers, support providers, security vendors, backup providers, integration partners, artificial intelligence or machine learning service providers, document processing providers, and other providers performing work for us. Those providers may use personal information only to the extent needed to perform services for us and subject to confidentiality and data protection commitments.
For example, where artificial intelligence features are enabled, subprocessors may include OpenAI API and other service providers that support language processing, document analysis, hosting, communications, security, analytics, or related operational functions. The subprocessors we use may change over time, and we may maintain or update related disclosures separately from this Privacy Policy, subject to applicable contractual, privacy, and security commitments.
Legal and Regulatory Recipients
We may disclose information when the law requires it, when responding to subpoenas, court orders, government requests, or legal process, or when we reasonably believe disclosure is needed to protect rights, enforce agreements, investigate fraud or misconduct, respond to security events, or protect the safety of people or property.
Business Transfer Recipients
We may disclose or transfer information as part of a merger, acquisition, financing, sale of assets, reorganization, dissolution, bankruptcy, or similar business event, subject to customary confidentiality protections.
Others With Your Consent or Direction
We may disclose information to other parties when you ask us to do so, direct us to do so, or otherwise agree to that disclosure.
We do not monetize personal information by selling it as a commercial data asset, and we do not treat community account information as inventory for resale. We also do not knowingly disclose personal information in a way intended to qualify as a sale under privacy laws that may apply, including CCPA or CPRA.
Data Retention
We keep information for as long as reasonably needed to provide the Services, comply with legal obligations, maintain financial and accounting records, enforce agreements, resolve disputes, preserve security records, and support legitimate business operations. Retention periods may differ based on community settings, contractual commitments, record type, backup cycles, applicable law, and the nature of the Services in use. This may include retention of extracted text, processing outputs, risk or fraud indicators, review notes, audit logs, and technical metadata associated with automated or assisted features for security, troubleshooting, quality control, compliance, or evidentiary purposes. Retention may vary between active systems and backup media, and some information may remain in backups or disaster recovery systems until those backups are overwritten, deleted, or rotated in the ordinary course. Except as expressly stated for a particular feature or record, the Services and related logs or derived data are not intended to serve as the sole or authoritative system of record for every customer process, recordkeeping need, or legal obligation.
In deciding how long to keep information, we may consider the sensitivity and amount of the information, the reason it was collected or processed, legal and contractual duties, the need to preserve records for security, fraud prevention, disputes, or enforcement, whether the information may exist in backup systems, and whether the information can be deleted, anonymized, isolated, or suppressed from active use consistent with technical limitations, ordinary backup practices, and legal requirements.
When personal information no longer serves a legitimate operational, legal, or contractual purpose, we may remove it from active systems, convert it into non-identifying form, restrict or suppress it from ordinary use, or dispose of it through methods suited to the sensitivity of the data and the environment in which it was stored, recognizing that residual copies may remain in backups or archival systems for a limited period.
Security
We use reasonable administrative, technical, and physical measures designed to guard personal information against unauthorized access, disclosure, alteration, misuse, acquisition, or destruction. These measures may include permission based access controls, encryption while data is being transmitted, authentication protections, account level permissions, activity logging, monitoring, backups, vendor review, internal procedures, and controls over automated processing, model-assisted workflows, review queues, and related audit trail information. Where appropriate, audit and activity records may be maintained in access-controlled systems and designed to be tamper-resistant and to support integrity, traceability, and review, but no logging or security control can guarantee immutability or that alteration, misuse, or unauthorized access will never occur.
We encourage customers and authorized users to use individual accounts, keep strong passwords, turn on added authentication protections where available, and limit access to those who need it.
No technical or organizational safeguard can eliminate all risk, and for that reason we cannot represent that unauthorized access or loss will never occur. When the law requires notice of a security event, including under Florida law where applicable, we will provide notice in accordance with the legal requirements and our contractual duties.
Your Privacy Rights
Depending on your location and the context in which your information is processed, you may have rights to request access, correction, deletion, or a portable copy of your personal information, or to object to or limit certain processing.
If your information is held by Governyxia for an association, condominium association, homeowners association, board, or management company, that organization may be the main decision maker regarding your data. In those situations, your privacy rights may depend in part on that organization's role, settings, instructions, and applicable law, and you may need to contact your community administrator or management company first to exercise rights relating to information maintained within the community account.
Where Governyxia acts on its own behalf as an independent controller, you may contact us about applicable privacy requests. We may need to confirm your identity before acting on a request. Where we process information on behalf of a customer, we may refer your request to that customer, advise you to submit the request through the applicable community account or administrator, or assist the customer in responding, as appropriate. We will handle requests in line with applicable law, our contractual obligations, and our role in the relevant processing activity.
For individuals entitled to rights under applicable California privacy laws, including the California Consumer Privacy Act, as amended by the California Privacy Rights Act, where applicable, Governyxia shall process personal information and respond to requests in accordance with such laws to the extent those laws apply to the relevant processing activities. Governyxia is a Florida based company that may advertise, market, offer, sell, license, provide, and support its services in Florida, California, and other jurisdictions, subject to applicable law.
We will not unlawfully treat someone differently for exercising applicable privacy rights.
Children
The Services are intended for adults and are not offered for use by individuals under 18. We do not knowingly collect personal information directly from individuals under 18 as registered users of the Services. In limited circumstances, information relating to a minor may be provided to us by a parent, guardian, association, or management company in the ordinary course of community administration.
If you believe information from a child has been provided to us in a way that does not comply with applicable law, please contact us so we can review the situation and address it appropriately.
International Users
If you access the Services from outside the United States, your information may be processed in the United States or in other places where we or our service providers operate. By using the Services, you understand that your information may be moved to and processed in places where privacy laws may differ from those in your country.
Where applicable, we take reasonable steps to handle transfers and processing in a manner consistent with law, contract, and sound data protection practices.
No Legal or Financial Advice
Governyxia™ is a software platform and does not provide legal, tax, financial, accounting, compliance, or other professional advice. Any information, workflow, draft, reminder, calculation, report, summary, automation, assisted output, extracted field, classification, score, recommendation, or other model-assisted result available through the Services is offered for informational and administrative purposes only and should be reviewed by appropriate professionals when needed.
Changes to This Policy
We may revise this Privacy Policy from time to time to reflect changes in the Services, business practices, legal requirements, or operational needs. When we do, we will update the "Last Updated" date at the top of this Privacy Policy. If a revision is material, we will also provide additional notice through the Services, on the Governyxia website, by email, or by other appropriate means.
After a revised Privacy Policy becomes effective, users may be required to review and accept the revised version through the Services, including upon signing into the applicable account or portal. Once accepted, continued access to or use of the Services will be governed by the revised Privacy Policy, except to the extent applicable law requires otherwise.
Contact
For privacy questions about your community account, contact your association or management company administrator first, especially if your information is held inside a community controlled account. That organization is often best positioned to address requests about records, permissions, communications, or other data maintained within that account.
For general privacy inquiries, support questions, or requests directed to Carnegie Creations LLC, contact us through the official channels listed on the Governyxia website, through applicable in-platform support features, or by mail at:
Carnegie Creations LLC
15050 Elderberry Lane, Ste 6v-15, Fort Myer, FL 33907