door@
back

privacy policy

How doora handles your data.

Plain English. The legal terminology lives in our terms. For the visual summary go to trust. This document is the textual reference.

Who we are

doora is operated by Bytehash Labs Private Limited (India). When this document says "we", "us", or "doora", we mean Bytehash Labs.

What we collect

  • Identity. One of: phone number (E.164), email address, or Google account ID. At least one is required so we can recognise you next time. Linking more is your choice.
  • Username. A lowercase handle of 3–24 characters made of letters, digits, and hyphens. Public by nature - it's the part before the @.
  • Location data. The latitude and longitude you drop, the kind of place it is (apartment / villa / independent house / commercial / other), the 6-digit India Post PIN code (auto-detected from your coordinates, editable), and the optional building / floor / unit / notes fields appropriate to that type. Each freeform field has its own visibility flag; PIN code + place type are always public (they're implied by the coordinates the handle resolves to anyway).
  • Sign-up geo. The city and country your IP resolves to at signup, used for aggregate analytics. Coarse-grained - city + country only, never a street-level position derived from your IP.
  • Session metadata. An opaque random token stored in an HttpOnly cookie, plus IP and user-agent recorded at session creation for security review.
  • Authentication audit. Phone OTP attempts (hashed code only - never the plaintext), Google sign-in state, share-button clicks. Used to detect abuse and to reorder the share menu by popularity.

Why we collect it (purpose limitation)

Each field above maps to a single, specific purpose. We do not repurpose data for things you didn't sign up for.

  • Identity: sign-in and account recovery.
  • Username: your public handle.
  • Location: the public address page at /your-name@label.
  • Geo: aggregate analytics in the admin dashboard.
  • Session metadata: keeping you signed in; detecting unusual activity.
  • Auth audit: rate limiting and abuse defence.

How long we keep it

  • Active account data: kept while your account is active. You can deactivate or delete from /me/account.
  • Deactivated: kept indefinitely so you can reactivate; nothing public renders while in this state.
  • Deleted: moved to an internal archive for audit. The username, phone, email, and Google identifier become free to re-claim. The archive is not publicly accessible.
  • Phone OTP records: retained for 90 days for abuse review, then eligible for purge. The code itself is stored only as a one-way hash.
  • Session records: auto-expire after 30 days of inactivity; row removed by background cleanup.

Who we share data with

We share data only with the infrastructure we run on, and only as needed to operate the service:

  • Vercel - application hosting.
  • Supabase - database hosting.
  • MSG91 - SMS delivery of OTP codes (phone number + the code only; nothing else).
  • Google - sign-in (only if you choose Continue with Google).
  • Google Analytics - anonymised aggregate visit metrics on the marketing surfaces. No personally identifying user fields are sent.

We do not sell your data, do not run cross-site advertising pixels, and do not disclose to third parties beyond what's listed here, except as required by applicable law.

Your rights

Under the DPDP Act, 2023 (India) and the principles of GDPR, you have the following rights with respect to your personal data on doora:

  • Access: view your profile + handles on /me and /me/account.
  • Correction: edit any field on /me/account or per-handle on /me/handles.
  • Erasure: deactivate or delete from /me/account. Deletion moves your row to an audit archive and removes you from any public surface.
  • Portability: export your data as JSON from /me/account. The format uses stable, user-facing keys (account / places / visibility / activity) - not our database column names - so the file is portable and stable across our backend changes.
  • Withdraw consent: sign out and delete the account at any time.

Security

Practical measures we apply today (see trust for the user-facing summary):

  • TLS in transit; disk-level encryption at rest, applied by our infrastructure provider.
  • Application-level encryption of your private content fields (notes, building, floor, unit) before they're written to the database, so a leaked dump cannot read them.
  • OTP codes are stored as a one-way hash, never plaintext, and verified in constant time.
  • OAuth sign-in flows use a CSRF state cookie compared against the OAuth state parameter.
  • Sessions are HttpOnly + SameSite=Lax cookies holding only an opaque token.
  • Every public API route is rate-limited per IP; hitting a limit returns 429 with a Retry-After header.
  • Security headers on every response - HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy.

Children

doora is not directed at children under 18. We do not knowingly collect data from minors. If you believe a minor has signed up, contact us and we'll remove the account.

Changes to this policy

We'll post material changes here with a revised "last reviewed" date below. Significant changes that affect existing users will also be surfaced in /me the next time you sign in.

Contact

Reach us via X at @meetdoora. A dedicated privacy contact will be added soon.

last reviewed: 2026-05-26 · v0.6 · draft pending counsel review