How DoorScore collects, uses, and protects your information.
Last updated: March 12, 2026 · Effective: March 12, 2026
1. Who We Are
DoorScore ("we," "us," or "our") operates the DoorScore mobile application and this website (collectively, the "Service"). DoorScore is a platform that allows verified residents to submit and read reviews of residential buildings and rental units.
If you have questions about this policy or wish to exercise your privacy rights, contact us at privacy@doorscoreapp.com.
Password (hashed with bcrypt) — Account authentication; we never store your plaintext password
Display name — Public profile and review attribution
Current address and unit number — Linking your account to a verified residence
Residency verification documents (lease agreement, utility bill, bank statement, or government mail) — Confirming you lived at the unit you are reviewing
Review content (text, ratings, tags, photos) — Publishing your review on the Service
Profile avatar — Personalizing your public profile
Information collected automatically:
IP address — Security, fraud prevention, and rate limiting
Device push notification token — Delivering in-app notifications (only if you grant permission)
App crash reports and error logs — Diagnosing crashes and improving stability via Sentry (anonymized device and session data)
App usage events (anonymized) — Understanding how features are used and improving the app experience via Amplitude analytics. On iOS, this data is only collected after you grant App Tracking Transparency (ATT) permission.
In-app purchase history — Managing your subscription entitlement via RevenueCat
Location information: When you search for nearby buildings, we use your device's approximate location (with your permission) to return geographically relevant results. We do not store your precise location history.
Building addresses displayed in the app are shared with Walk Score (a Redfin company) to retrieve walkability, transit, and bike scores. No personal location data is transmitted — only the building's street address.
What we do not collect: We do not collect Social Security numbers, government-issued ID numbers, or financial account numbers. We do not track you across third-party apps or websites. We do not sell your personal information.
3. How We Use Your Information
We use the information we collect to:
Create and manage your account
Verify your residency and identity before allowing review publication
Display your reviews (anonymously or attributed, per your choice)
Process in-app purchases and manage subscription access
Send transactional emails (email verification, password reset, review status updates)
Send push notifications (if you opt in)
Detect and prevent fraud, abuse, and spam
Monitor app performance and fix errors
Comply with legal obligations
Legal bases for processing (GDPR Article 6):
Account creation and management — Performance of a contract (Art. 6(1)(b))
We do not sell, rent, or trade your personal information. We share data only in the following circumstances.
Public reviews: When you publish a review, your display name (or "Anonymous"), review text, ratings, tags, photos, and the associated building and unit are visible to all users. Your email address, verification documents, and account details are never made public.
Third-party service providers who process data on our behalf:
Amazon Web Services (S3) — Secure storage of verification documents and review photos
Google Maps Platform — Address autocomplete, geocoding, and place photos
RevenueCat — In-app purchase management and subscription entitlements
Sentry — Crash reporting and error monitoring (anonymized device/session data)
Amplitude — Analytics platform that receives anonymized app event data to help us understand feature usage and improve the app. On iOS, event collection is gated behind ATT permission. Privacy policy
Walk Score (Redfin) — Provides real-time walkability, transit, and bike score data for building detail pages. Receives building addresses to compute scores. No personal data is shared. Privacy policy
Railway — Cloud hosting and database infrastructure
Resend — Transactional email delivery
Legal requirements: We may disclose your information if required by law, court order, or governmental authority, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business transfers: If DoorScore is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you via email or a prominent in-app notice before your information becomes subject to a different privacy policy.
5. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:
Account information (email, display name) — Until you delete your account, then purged within 30 days
Published reviews — Until you delete the review or close your account
Verification documents — 90 days after a verification decision is made, then permanently deleted from storage
Authentication tokens (refresh tokens) — 30 days from issuance, or until logout
Error logs (Sentry) — 90 days
Server access logs — 30 days
Deleted account data — Purged within 30 days of account deletion
We do not retain verification documents longer than necessary. Once your residency is confirmed, the underlying document is deleted on a rolling 90-day schedule.
6. Data Security
We implement industry-standard safeguards to protect your information:
Passwords are hashed using bcrypt and never stored in plaintext
All data is transmitted over TLS/HTTPS
Verification documents are stored in private, access-controlled S3 buckets with signed URLs for time-limited access
Role-based access controls limit internal access to sensitive data
Rate limiting is applied to authentication and upload endpoints
No system is 100% secure. If you believe your account has been compromised, contact us immediately at privacy@doorscoreapp.com.
7. Your Rights
All users — Regardless of your location, you may:
Access your data — View your profile, reviews, and verification status in the app at any time
Correct your data — Update your display name in the app; contact us to correct other inaccuracies
Delete your account — Delete directly in the app (Profile → Settings → Delete Account); your data is purged within 30 days
Withdraw consent — Disable push notifications at any time in your device settings
Export your reviews — Contact us to request a copy of your review data
EEA, UK, and Swiss users (GDPR / UK GDPR) — You have additional rights under the General Data Protection Regulation:
Right of access (Art. 15) — Request a copy of all personal data we hold about you
Right to rectification (Art. 16) — Request correction of inaccurate or incomplete data
Right to erasure (Art. 17) — Request deletion of your personal data, subject to our retention obligations
Right to restriction of processing (Art. 18) — Request that we limit how we use your data while a dispute is resolved
Right to data portability (Art. 20) — Request your data in a structured, machine-readable format
Right to object (Art. 21) — Object to processing based on legitimate interests
We do not use fully automated decision-making that produces legal or similarly significant effects on users. To exercise these rights, contact us at privacy@doorscoreapp.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
California users (CCPA / CPRA) — California residents have the following rights:
Right to know — Request disclosure of the categories and specific pieces of personal information we have collected
Right to delete — Request deletion of your personal information (subject to certain exceptions)
Right to correct — Request correction of inaccurate personal information
Right to opt out of sale or sharing — We do not sell or share your personal information for cross-context behavioral advertising
Right to non-discrimination — We will not discriminate against you for exercising your privacy rights
To submit a CCPA request, contact us at privacy@doorscoreapp.com. We will respond within 45 days.
8. Children's Privacy
DoorScore is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we learn we have collected information from a child under the applicable age, we will delete it promptly. Contact us at privacy@doorscoreapp.com if you believe we have inadvertently collected such information.
9. International Data Transfers
DoorScore is based in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your country.
For transfers from the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses to ensure your data receives adequate protection. Contact us for more information.
10. Push Notifications
With your permission, we may send push notifications to your device regarding your verification status, review moderation updates, and other account activity. You can disable notifications at any time in your device's notification settings or within the app.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top and, for material changes, notify you via email or a prominent in-app notice. Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy.
12. Contact Us
For any questions, concerns, or data requests regarding this Privacy Policy, contact us:
DoorScore