trust

How doora handles your data.

One handle, one pin, your decision on what's visible. This page documents what's running underneath. Everything stated here is backed by something we actually do in code.

principles

Standards we align with

DPDP Act, 2023

India

Lawful processing, purpose limitation, data minimisation, right to access, correction and erasure - the spine of how we built /me/account.

GDPR principles

EU baseline

Privacy by design, consent, transparency, accountability. We don't operate in the EU but the principles travel well.

OWASP Top 10 hardening

application security

Defence-in-depth on auth, sessions, OTP, OAuth state, rate limiting, profanity gates, and server-side validation.

IT Act 2000 - SPDI Rules

India

Reasonable security practices for sensitive personal data. TLS in transit, encryption at rest, hashed OTP codes.

data we hold

What we collect, why

We collect the minimum we need to do the job: one identity (phone, email, or Google), a username, the location data you provide for each handle, your sign-up city/country (from your IP, for aggregate analytics only), and a session cookie. The privacy policy has the field-by-field breakdown including purpose, retention, and your rights.

technical controls

How we protect it

TLS in transit + encrypted at rest

HTTPS-only with HSTS preload; disk-level encryption on the database via our infra provider.

Field-level encryption

Private content fields (notes, building, floor, unit) are encrypted at the application layer before hitting the database. A stolen DB dump can't read them without a separate key the database doesn't hold.

OTP codes hashed, never stored plain

Verification codes live as a one-way hash bound to the phone number. The plaintext only ever leaves us to be sent to your phone.

Per-field visibility you control

Building / floor / unit / notes each have a public-or-hidden flag. Hidden fields are never rendered publicly or in shared previews.

Rate limits + reservation gates

Every public API route is throttled per-IP / per-user; reserved names protect celebrity, brand, and route-conflict squatting.

control you have

Your rights

See everything

Your full profile + handles live at /me and /me/account. Nothing is hidden from you.

go to /me →

Export

Download your account + handles as a JSON file shaped for you - stable user-facing keys (account / places / visibility / activity). Portable and self-describing.

go to account →

Deactivate

One click hides all your handles from public view. Reversible any time - your data stays put.

manage →

Delete

Removes your account so you can sign up again with the same identifier. Data is archived for audit, never visible on doora again.

manage →

hard limits

What we don't do

Sell your data - there's no buyer relationship, no marketplace, no broker pipeline.
Share it with third parties, except as required by law or to the infrastructure we run on (hosting + database).
Track you across the web - we don't ship any cross-site advertising pixels.
Store a password - we use phone OTP or Google sign-in. There is no password to leak.
Show your hidden fields in any preview, OG card, or social share.
Permanently delete user data without a record - deletes move to an archive so a future audit can prove what happened.

Something missing? Tell us.

If you spot a gap between what's here and what we actually do, or you want to file a data request, send us a note via /contact - or reach out on X at @meetdoora.

third-party software

doora builds on DIGIPIN, the open national geocode from the Department of Posts (Government of India), in collaboration with IIT Hyderabad and the National Remote Sensing Centre (ISRO). Our DIGIPIN encoding is a port of their reference, licensed under the Apache License 2.0.

last reviewed: 2026-05-26 · v0.6