Privacy Policy
- Introduction
- Websites Covered
- Websites Not Covered
- Important: Client Data
- Public Procurement Compliance
- GDPR
- CCPA / CPRA
- Other U.S. State Laws
- Children's Privacy (COPPA)
- Information We Collect
- Cookies & Tracking
- How We Use Information
- Legal Bases for Processing
- How We Share Information
- We Do Not Sell Personal Information
- Marketing Communications
- Data Retention
- Security
- Your Rights & How to Exercise Them
- Copyright Policy (DMCA)
- Accessibility
- Changes to This Policy
- Contact Us
Introduction
Resonance Network Company (“Resonance,” “we,” “us,” or “our”) is committed to protecting the privacy of individuals and to maintaining the trust of our clients, partners, and visitors. This Privacy Policy describes how we collect, use, disclose, and protect personal information in connection with our website at resonancehq.io and our software platform purpose-built for affordable housing relocation and redevelopment programs (collectively, the “Resonance Services” or “Services”).
Central to this commitment is a security and privacy program designed to meet the data protection expectations of public housing authorities, federal program administrators, and the residents they serve — including compliance with applicable U.S. federal and state privacy laws and the European General Data Protection Regulation (“GDPR”).
This Privacy Policy applies to “personal information” as defined under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (“CCPA/CPRA”), and “personal data” as defined under the GDPR, and equivalent terms under applicable state and international law (collectively, “personal information”).
Websites Covered
This Privacy Policy applies to individuals who:
- Visit resonancehq.io and any associated Resonance microsites or subdomains (collectively, the “Resonance Site”); and
- Attend Resonance-hosted conferences, webinars, or events, or interact with us offline, including by contacting our team directly (“Resonance Events”).
When we collect personal information in specific contexts — such as event registration pages or request forms — we may provide additional context-specific disclosures at the point of collection. Those additional disclosures are incorporated into this Privacy Policy by reference.
Websites Not Covered
This Privacy Policy does not apply to personal information collected by Resonance Clients using the Resonance platform. Some Resonance Services enable Clients to operate their own resident portals, case management workflows, and program-specific applications that run on the Resonance platform. The terms of service and privacy notice of the applicable Resonance Client govern those properties.
If you submitted personal information to a Client-controlled portal or application and wish to exercise rights to access, correct, amend, port, delete, or restrict the processing of that data, please contact the Resonance Client (typically your housing authority or relocation service provider) directly.
The Resonance Site may contain links to third-party websites. Resonance is not responsible for the privacy practices or content of those sites and encourages you to review their privacy statements independently.
Important: Client Data
This Privacy Policy does not apply to Client Data.
Resonance’s obligations with respect to data collected and controlled by its Clients — including housing authorities, relocation service providers, and preservation developers (“Resonance Clients”) — are governed solely by the agreements under which Services are provided to those Clients, including applicable data processing agreements and, where applicable, HIPAA Business Associate Agreements.
Resonance Clients are the data controllers of Client Data. Resonance acts as a data processor, processing Client Data only on behalf of and under the instruction of the applicable Client. Resonance generally has no direct relationship with the residents, applicants, or program participants whose information Clients submit to the platform.
If you are a resident, applicant, or program participant and have questions about how your information is handled in connection with a housing program: please contact your housing authority or relocation service provider directly. Resonance cannot act on individual rights requests with respect to Client Data.
If an authorized Resonance Client requests that we update or remove Client Data and the Client is unable to do so through the platform, we will acknowledge that request within 30 days.
Public Procurement Compliance
Resonance’s privacy and data governance practices are designed to support compliance with:
- U.S. Department of Housing and Urban Development (HUD) program requirements, including those applicable to RAD, PACT, Section 18, Choice Neighborhoods, HOPE VI, LIHTC Preservation, and HUD Disposition programs;
- Public housing authority procurement standards, including data handling, security, and vendor accountability requirements;
- Federal contractor data handling obligations under applicable OMB, HUD, and program-specific guidance; and
- The Uniform Relocation Assistance and Real Property Acquisition Policies Act of 1970 (URA), as amended.
Resonance maintains logs of data access and processing activities consistent with program and audit requirements. A list of Resonance’s subprocessors and third-party service providers is available upon written request to support@resonancehq.io.
General Data Protection Regulation (GDPR)
If you are located in the European Economic Area (“EEA”) or the United Kingdom, the GDPR (and, for UK residents, the UK Data Protection Act 2018) may apply to our processing of your personal data.
Data Controller vs. Data Processor: Resonance is a data processor — not a data controller — with respect to Client Data. With respect to personal data collected directly through the Resonance Site and Resonance Events, Resonance Network Company acts as the data controller.
Your GDPR Rights:
- Right of Access: Request confirmation of whether we process your personal data and, if so, a copy of that data.
- Right to Rectification: Request correction of inaccurate or incomplete personal data.
- Right to Erasure: Request deletion of your personal data where there is no compelling reason for continued processing.
- Right to Restriction: Request that we restrict processing in certain circumstances.
- Right to Data Portability: Request your data in a structured, machine-readable format where processing is consent- or contract-based.
- Right to Object: Object to processing based on legitimate interests or for direct marketing.
- Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of prior processing.
Resonance will respond to GDPR requests within 30 days, with a possible 60-day extension for complex cases. If you believe your rights have not been adequately addressed, you have the right to lodge a complaint with your local data protection supervisory authority.
California Consumer Privacy Act (CCPA/CPRA)
If you are a California resident, you have rights under CCPA/CPRA with respect to personal information Resonance collects and controls directly (i.e., not Client Data):
- Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, business purpose, and third-party sharing.
- Right to Delete: Request deletion of personal information, subject to legal exceptions.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale or Sharing: Resonance does not sell or share personal information as defined under CCPA/CPRA.
- Right to Limit Use of Sensitive Personal Information: Direct us to limit the use and disclosure of sensitive personal information to purposes permitted by law.
- Right to Non-Discrimination: Exercising any CCPA/CPRA rights will not result in denial or different pricing of goods or services.
Resonance will respond to CCPA/CPRA requests within 45 days, with a possible 45-day extension. You may designate an authorized agent to submit requests on your behalf. In accordance with California Civil Code section 1798.83, Resonance does not disclose personal information to third parties for their direct marketing purposes.
Other U.S. State Privacy Laws
Where applicable, Resonance complies with the following state privacy laws:
- Virginia: Consumer Data Protection Act (VCDPA)
- Colorado: Colorado Privacy Act (CPA)
- Connecticut: Connecticut Data Privacy Act (CTDPA)
- Texas: Texas Data Privacy and Security Act (TDPSA)
Residents of these states may have rights to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of certain processing activities. Contact us at support@resonancehq.io to submit a request.
Children’s Privacy (COPPA)
The Resonance Site and Services are not directed to children under the age of 13. Resonance does not knowingly collect personal information from children under 13 and does not sell the personal information of minors. If we learn that we have collected personal information from a child under 13 without verified parental consent, we will delete that information promptly. Contact us at support@resonancehq.io if you believe we may have collected information from a child under 13.
Information We Collect
Information you provide voluntarily:
- Contact information: name, email address, phone number, and mailing address;
- Professional information: organization name, job title, and organizational address;
- Marketing and communication preferences; and
- Any information you provide in free-text fields, including descriptions of your program or operational needs.
Information collected automatically:
- IP address and general geographic location;
- Browser type, operating system, and device type;
- Pages visited, time spent on pages, and referring URLs;
- Interaction data including clicks, scrolls, and form engagement; and
- Cookies and similar tracking technologies (see Section 11).
Information from other sources: We may supplement information you provide with data from public databases, third-party data providers, and professional networking platforms, including job titles and organizational affiliations, for the purpose of improving our outreach and keeping our records current.
Cookies & Tracking Technologies
- Strictly Necessary Cookies: Required for the site to function. These cannot be disabled.
- Analytics Cookies: Used to understand how visitors interact with the site. We use Google Analytics (GA4) to collect anonymized usage data.
- Marketing Cookies: Used to deliver relevant advertising and measure campaign effectiveness on third-party platforms.
Some features of the Resonance Site do not respond to browser Do Not Track signals. You may manage your cookie preferences through your browser settings or any cookie management tool presented on the site.
How We Use Information
- Respond to inquiries and fulfill requests, including delivering requested materials, demonstrations, or event information;
- Send administrative communications, including updates to our terms, policies, or Services;
- Send marketing communications consistent with your preferences and applicable law;
- Personalize your experience on the Resonance Site based on your interests and prior interactions;
- Conduct data analysis, fraud monitoring, and security operations;
- Develop, improve, and enhance the Resonance Site and Services;
- Comply with legal obligations, respond to legal process, and protect our legal rights; and
- Support public procurement, audit, and compliance review processes.
Legal Bases for Processing (GDPR)
- Responding to inquiries: Legitimate interests or Consent where required
- Marketing communications: Consent where required; Legitimate interests otherwise
- Operating and improving the Site: Legitimate interests
- Analytics and cookies: Consent where required; Legitimate interests for strictly necessary cookies
- Legal obligations: Legal obligation
- Protecting our legal rights: Legitimate interests
You may contact us at support@resonancehq.io to request information about the specific legitimate interests we have identified for any processing activity.
How We Share Information
- Service providers: Contracted third-party providers (cloud hosting, analytics, email delivery, event management) who access data only as necessary and are contractually obligated to protect it.
- Affiliates: Affiliated entities of Resonance Network Company for purposes consistent with this Privacy Policy.
- Business transfers: In the event of a merger, acquisition, or sale of assets, personal information may be transferred. We will provide notice before personal information becomes subject to a different privacy policy.
- Compelled disclosure: When required by law, court order, or lawful governmental request, or to protect our rights or prevent harm.
- No disclosure for third-party marketing: Resonance does not rent, sell, or disclose personal information to third parties for their own marketing purposes.
We Do Not Sell Personal Information
Resonance does not sell personal information to third parties and has not sold personal information within the preceding 12 months. Resonance does not share personal information for cross-context behavioral advertising purposes as defined under CCPA/CPRA.
Marketing Communications
Resonance may send marketing communications to individuals who have provided contact information and expressed interest in our Services, consistent with applicable law including CAN-SPAM and TCPA requirements. You may opt out at any time by clicking the “unsubscribe” link in any Resonance marketing email, or by contacting support@resonancehq.io. Opting out of marketing does not affect transactional or account-related communications. If you have consented to receive SMS communications from Resonance, you may opt out at any time by replying STOP.
Data Retention
Resonance retains personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, maintain our business relationship with you, and comply with applicable legal, tax, regulatory, and accounting obligations. Retention periods may be extended where required in connection with litigation, regulatory investigations, or other legal proceedings. When personal information is no longer needed, we will delete or anonymize it in a manner that prevents re-identification.
Security
Resonance maintains a comprehensive security program including administrative, technical, and physical safeguards appropriate to the sensitivity of the information we process. Our security practices include access controls, encryption of data in transit and at rest, regular security assessments, and employee training on data handling and privacy obligations.
No electronic transmission or data storage system can be guaranteed completely secure. If you believe your information may have been compromised, contact us immediately at support@resonancehq.io.
Your Rights & How to Exercise Them
Depending on your location and applicable law, you may have rights to access, correct, delete, or port your personal information, restrict or object to certain processing, withdraw consent, and lodge a complaint with a data protection supervisory authority.
To exercise any of these rights, contact us at support@resonancehq.io. Please include your full name, the nature of your request, and sufficient information for us to verify your identity. We will not discriminate against you for exercising any privacy rights.
Copyright Policy (DMCA)
Resonance respects the intellectual property rights of others. In accordance with the DMCA, 17 U.S.C. § 512, if you believe that content on the Resonance Site infringes your copyright, submit a written notice to support@resonancehq.io containing: (1) an authorized signature; (2) a description of the copyrighted work; (3) the location of the infringing material; (4) your contact information; (5) a good faith belief statement; and (6) a statement of accuracy under penalty of perjury. It is Resonance’s policy to terminate access for repeat infringers.
Accessibility
Resonance is committed to ensuring the Resonance Site is accessible to all users, including individuals with disabilities. We design our Site to meet WCAG 2.1 Level AA standards. If you encounter an accessibility barrier or require assistance accessing any portion of this Privacy Policy or the Resonance Site, please contact us at support@resonancehq.io.
Changes to This Policy
Resonance reserves the right to update this Privacy Policy at any time. The effective date of the current version is displayed at the top of this document. We will provide notice of material changes — including by posting a notice on the Resonance Site — prior to any change taking effect. Your continued use of the Resonance Site following the effective date of an updated policy constitutes acceptance of the changes. We encourage you to review this Privacy Policy periodically.
Contact Us
For all privacy-related inquiries, rights requests, accessibility requests, copyright claims, and subprocessor disclosures:
Resonance Network Company
support@resonancehq.io
resonancehq.io
We will respond to all privacy inquiries as promptly as practicable and within the timeframes required by applicable law.