Privacy Policy

1. Introduction

DoorOS, Inc. ("DoorOS," "we," "us," or "our") operates the DoorOS property management platform, including the website at dooros.io, the dashboard application, investor portal, tenant portal, and all associated APIs and services (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, retain, and protect your personal information when you use our Service.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must immediately discontinue use of the Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, phone number, company name, role, and password when you create an account.
• Property & Financial Data: Property addresses, unit details, tenant information, lease terms, rent amounts, transaction records, bank account details, vendor information, and accounting data you enter into the platform.
• Investor Data: Investor names, contact information, equity positions, distribution records, and K-1 documentation uploaded or generated through the Service.
• Tenant Data: Tenant names, contact information, lease agreements, payment history, maintenance requests, and communication records managed through the Service.
• Documents & Files: Leases, invoices, inspection reports, photos, PDFs, and any other files you upload.
• Communications: Messages, emails, SMS, and call recordings sent or received through the platform's communication tools.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, actions taken, timestamps, session duration, and navigation patterns.
• Device Information: Browser type, operating system, device type, screen resolution, IP address, and general geolocation (city/region level).
• Cookies & Similar Technologies: Session cookies for authentication, preference cookies for settings, and analytics cookies to understand Service usage. We do not use third-party advertising cookies.

2.3 Information from Third Parties

• Payment Processors: Transaction confirmations and partial payment information from Stripe or other payment providers.
• Communication Providers: Call metadata, SMS delivery status, and voicemail transcriptions from Twilio.
• AI Services: We process your data through AI providers (OpenAI, Google) for features like lease extraction, invoice scanning, and the AI assistant. See Section 5 for details.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process transactions and send related notices (billing, lease renewals, rent reminders)
• Generate financial reports, analytics, and forecasts
• Facilitate communications between property managers, tenants, investors, and vendors
• Power AI-driven features including lease extraction, predictive analytics, maintenance routing, and the AI assistant
• Send administrative communications about your account, security alerts, and Service updates
• Detect, investigate, and prevent fraud, abuse, and security incidents
• Comply with legal obligations, resolve disputes, and enforce our agreements
• Conduct internal analytics and research to improve the platform

We do not sell your personal information. We do not use your property, tenant, or financial data for advertising purposes.

4. Data Sharing & Disclosure

We may share your information in the following limited circumstances:

• Service Providers: We share data with third-party vendors who perform services on our behalf (hosting, payment processing, email delivery, SMS, AI processing). These providers are contractually obligated to protect your data and use it only for the services they provide to us.
• Within Your Organization: Account data is accessible to other authorized users within your organization based on their role permissions (e.g., property managers, team members).
• Tenant & Investor Portals: Tenants can see their own lease details, payment history, and maintenance requests. Investors can see property performance data and distribution records for investments they are associated with.
• Legal Requirements: We may disclose information if required by law, subpoena, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.

5. AI Data Processing

DoorOS uses artificial intelligence to power certain features. When you use AI features (AI assistant, lease extraction, invoice scanning, predictive analytics, AI QuickBill), relevant portions of your data may be sent to third-party AI providers including OpenAI and Google for processing.

• We send only the minimum data necessary for the specific AI operation.
• AI providers are contractually prohibited from using your data to train their models or for any purpose other than providing the requested service.
• AI-generated outputs (summaries, extractions, predictions) are stored within the DoorOS platform and subject to this Privacy Policy.
• You may disable AI features at any time through your account settings.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Financial records and transaction data are retained for a minimum of seven (7) years to comply with tax and accounting regulations. After account deletion, we may retain anonymized, aggregated data for analytical purposes.

Upon account termination, you may request a complete export of your data in machine-readable format. We will process such requests within thirty (30) days. After export, data will be permanently deleted within ninety (90) days, except where retention is required by law.

7. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Secure authentication with password hashing (bcrypt) and session management
• Role-based access controls with principle of least privilege
• Regular security assessments and monitoring
• Infrastructure hosted on secure cloud platforms with SOC 2 compliance

While we take reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request your data in a structured, machine-readable format.
• Restriction: Request limitation of processing in certain circumstances.
• Objection: Object to processing based on legitimate interests.

To exercise any of these rights, contact us at [email protected]. We will respond within thirty (30) days.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the "sale" of personal information. We do not sell personal information as defined by the CCPA.

10. International Data Transfers

Your data may be processed and stored in the United States. By using the Service, you consent to the transfer of your information to the United States and acknowledge that data protection laws may differ from those in your jurisdiction.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of the Service after changes constitutes acceptance of the revised Privacy Policy.

13. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at:

DoorOS, Inc.
Email: [email protected]