Privacy

How Common Area collects, uses, retains, and discloses data — for everyone who visits a Common Area product site or becomes a customer.

Last updated: June 8, 2026

Who this covers

This policy applies to the marketing sites for Common Area products (currently gatekeeperhoa.com and askhans.ai) and to commonarea.io itself. Each product also maintains its own product-specific privacy policy covering the authenticated parts of its application — those policies live on the product's own site.

Compass — our behavioral analytics layer

Common Area operates a first-party behavioral analytics layer called Compass that runs on our product marketing sites. It's a single small JavaScript script that does the following on every page load.

What it collects, per visit

• Two first-party cookies on the product's apex domain: a visitor ID (cmp_vid, 365 days) and a session ID (cmp_sid, 30 minutes idle)
• Pageviews, scroll depth, time-on-page, and any UTM parameters in your URL
• A SHA-256 hash of your IP address, combined with a server-side salt that rotates daily. The raw IP is never written to disk and becomes computationally one-way after approximately 24 hours.
• Your browser's user agent string and the country code derived from your IP, used for compatibility and aggregate audience analysis

How it identifies you

Compass associates your anonymous browsing history with a known contact record when one of these things happens:

• You arrive at a Common Area site via a link from one of our emails. The link contains a code that tells us which contact in our records you are.
• You submit a form on a Common Area site with your email address. We look it up against our existing contact records and, if it matches, associate your prior anonymous visits with that contact.
• Your cmp_vid cookie has been identified on a previous visit. We carry the identification forward.

What it does NOT collect

• Raw IP addresses (only the daily-salted hash)
• Mouse coordinates, keystrokes, or the contents of form fields other than email addresses
• Session recordings or screen replays
• Activity across third-party sites (Compass cookies are strictly first-party per product domain)

How we use the data

Our sales and marketing operators use Compass data to:

• Receive operator alerts when a known prospect engages significantly with our marketing content
• Surface a behavioral timeline alongside our email conversations with prospects
• Rank prospects by their interest signals (lead scoring)
• Personalize outbound follow-up based on what content the prospect already engaged with
• Prevent the same prospect from being approached by multiple Common Area products in overlapping outreach campaigns

How we do NOT use the data

• We do not sell or rent the data to third parties
• We do not share it with advertising networks or use it for behavioral retargeting
• We do not run ad campaigns at all
• We do not transmit data to any third party other than the processors that run our infrastructure (Cloudflare for the tracking Worker and Supabase for the database) — both acting strictly as data processors under Common Area's instructions

Retention

• Identified sessions + events: retained while the contact remains in Common Area's CRM. Deleted on contact-deletion request.
• Unidentified anonymous sessions: 24 months from last activity, then automatically deleted.
• IP hash: 24 months. Because the salt rotates daily, a hash older than approximately 24 hours cannot be re-derived from a known IP address — it becomes permanently one-way after that window.

Your controls

Opt out

Compass respects two opt-out signals checked on every page load before the script does anything:

• Browser-wide: Enable "Do Not Track" in your browser settings. Compass honors the DNT signal and no-ops entirely — no cookies set, no requests sent.
• Per-product: Visit the privacy preferences page on each Common Area product site:
  • gatekeeperhoa.com/privacy-preferences
  • askhans.ai/privacy-preferences
  • commonarea.io/privacy-preferences
  Each page lets you toggle a cmp_optout cookie that disables Compass on that product domain.

Request deletion

Email dougcalahan@commonarea.io with the subject "Privacy data deletion request" and we will delete all Compass data associated with your identity within 30 days. Confirmation will follow by reply.

Legal

• Operator: Common Area LLC, a Delaware-formed limited liability company.
• CCPA: California residents have the right to know, delete, and opt out of sale. We do not sell data. Deletion handled as above.
• GDPR / UK GDPR: We do not target the EU or UK, but visitors from those regions have the same opt-out and deletion rights described above.
• CAN-SPAM: All outbound email is governed by separate per-product unsubscribe and physical-address compliance, surfaced in each email's footer.

Changes

We'll update this page when material changes happen. The "last updated" date at the top reflects the most recent revision.