Privacy Policy

Last Updated: June 19, 2026 · Eric VanderWegen Agency LLC

We take your privacy seriously. This policy explains what data Doorstep collects, how we use it, who we share it with, and what rights you have. If you have questions, email privacy@doorstepplatform.com.

1. Who We Are

Doorstep is operated by Eric VanderWegen Agency LLC, based in the State of Idaho. We provide an AI-powered marketing and referral platform for licensed real estate agents and mortgage loan officers. In this policy, “Doorstep,” “we,” “us,” and “our” refer to Eric VanderWegen Agency LLC.

Our platform is available at doorstepplatform.com. Questions about this policy may be directed to privacy@doorstepplatform.com.

2. Data We Collect

We collect the following categories of personal data:

Account Information

When you create an account, we collect your name, email address, and password (stored as a one-way hash). If you complete billing setup, we collect billing name and address through Stripe. We do not store full card numbers.

Professional Information

Information you provide to personalize your experience: license type (real estate agent or mortgage loan officer), brokerage name, phone number, website URL, bio, brand name, brand colors, uploaded logo, writing samples, voice style preferences, NMLS or license number, and AI voice profile responses.

Content You Create

AI-generated posts, campaigns, email sequences, market reports, and other content you create through Doorstep, along with associated metadata (platform, scheduled date, publish status). Media files you upload to the media library.

Social Media Account Access

When you connect a social media account (Instagram, Facebook, LinkedIn, Google Business), we store OAuth access tokens, basic profile information (username, user ID, page names), and the permissions you have granted. We do not store your social media passwords. See Section 4 for full details on social media data.

Client and Contact Data You Import

Contact information and transaction records for your clients that you enter or import into Doorstep via CSV upload or CRM sync: names, email addresses, phone numbers, property addresses, close dates, sale prices, and notes. See Section 5 for full details.

Usage Data

Technical information about how you use the platform: pages visited, features used, content generated, errors encountered, browser type, operating system, IP address, and timestamps. This data is used to improve the Service and troubleshoot issues.

Payment Information

Payment processing is handled entirely by Stripe. We receive confirmation of successful payments, your billing name and address, and the last four digits and card type for your records. We never store your full card number, CVV, or banking credentials.

Communications

Records of emails and SMS messages sent to your clients through Doorstep sequences, including delivery status and engagement data (opens, clicks) where available from our delivery partners.

3. How We Use Your Data

We use the data we collect to:

  • Provide the Doorstep platform — process your subscription, generate AI content in your voice, run post-close referral sequences, and publish to connected social accounts
  • Generate AI content on your behalf — use your voice profile, writing samples, and brand information to produce content that sounds and feels like you
  • Publish to your social media accounts — when you approve and schedule a post, we use your stored OAuth tokens to publish that content to the designated platform
  • Send post-close sequences to your clients — deliver the emails and SMS messages you have configured via Twilio and SendGrid on your behalf
  • Improve AI content generation — analyze aggregate, anonymized usage patterns (never individual data) to make AI-generated content more accurate and relevant
  • Process payments — manage subscription billing through Stripe
  • Send platform notifications and support communications — account confirmations, billing receipts, service updates, and responses to your support requests
  • Comply with legal obligations — respond to lawful requests, enforce our Terms of Service, and protect against fraud

We do notsell your personal data or your clients' personal data to third parties. We do not use your data for advertising purposes unrelated to Doorstep.

4. Social Media Data

This section specifically addresses how Doorstep accesses, uses, and protects data from your connected social media accounts. Doorstep integrates with Facebook, Instagram, LinkedIn, and Google Business Profile to publish content on your behalf.

Authorization and Access

We access your social media accounts only with your explicit authorization. When you connect an account, you are redirected to that platform's official authorization flow (OAuth 2.0), where you can review and approve the specific permissions Doorstep is requesting before granting access. We never receive or store your social media passwords.

We request only the minimum permissions necessary to publish content on your behalf:

  • Facebook / Instagram — read your connected Pages and Instagram accounts; publish posts, images, and reels to those accounts
  • LinkedIn — read your profile and company pages; publish posts and images to your profile or company pages
  • Google Business Profile — read your Business Profile locations; publish updates and posts to your Business Profile

How We Publish Content

We publish content to your social media accounts only when you explicitly approve and schedule it through the Doorstep platform. No content is published automatically without your review and action. You remain in full control of what is posted and when.

What We Do Not Do With Your Social Media Data

  • We never sell or share your social media data with any third party, advertiser, or data broker
  • We do not use your social media data for advertising targeting — neither on Doorstep nor on any other platform
  • We do not read your followers' data, direct messages, or private content beyond what is strictly necessary to confirm that a post was published successfully
  • We do not access historical posts or analytics beyond what you initiate within the platform

Token Storage and Security

Your OAuth access tokens are stored securely and encrypted in our database. Access to these tokens is restricted to the publishing functions that act on your explicit instructions. Tokens are never exposed to other users, third parties, or used for any purpose beyond the actions you initiate.

Revoking Access

You can revoke Doorstep's access to any connected social media account at any time from Settings → Integrationswithin the platform. You can also revoke access directly from each social platform's own security or app settings. Upon revocation, we will delete your stored OAuth tokens for that account.

Compliance with Platform Policies

Doorstep's use of social media APIs complies with the terms and developer policies of each respective platform, including Meta's Platform Terms, LinkedIn's API Terms, and Google's API Services User Data Policy. User data obtained from these APIs is used only for the purposes disclosed in this policy and is not transferred to third parties except as necessary to provide the Service (e.g., storing tokens in our Supabase database).

5. Client and Contact Data

You own your client data. All client information, contact records, transaction data, and notes that you enter or import into Doorstep — whether via manual entry, CSV upload, or CRM sync — belongs to you.

We process your client data only to deliver the features you've configured on the platform:

  • Sending post-close referral sequences (emails, SMS, postcards) at the schedule you set
  • Personalizing AI-generated content with client-specific details (name, property address, close date)
  • Displaying client records in your CRM view within Doorstep

We do not access, analyze, sell, or use your client data for any purpose beyond executing your direct instructions through the platform. We do not share your client data with third parties except the delivery partners (Twilio for SMS, SendGrid for email, Lob for direct mail) necessary to send the communications you have configured.

You can export your client data at any time from your account settings. You can delete individual client records or your entire account and all associated client data.

6. AI Content Generation

Doorstep uses Anthropic's Claude API to generate marketing content on your behalf. When you request content generation, the relevant inputs — your voice profile, brand information, writing samples, content type, and any specific instructions you provide — are sent to Anthropic's API for processing.

  • We do not use your individual data to train AI models
  • We do not share your voice profile or content inputs with any party other than Anthropic's API for the purpose of generating the content you requested
  • Anthropic's handling of API request data is governed by Anthropic's Privacy Policy

AI-generated content may contain errors or suggestions that require your review. You are responsible for reviewing and approving all content before publishing. See our Terms of Service for the AI content disclaimer.

To improve AI content quality over time, we may analyze aggregate, anonymizedusage patterns — such as which content types are most frequently generated or most commonly edited before publishing. This analysis never involves identifying you individually or using your clients' data.

7. Third-Party Services

Doorstep uses the following third-party services to operate the platform. Each service has its own privacy policy governing their handling of any data we share with them:

SupabaseDatabase, authentication, and file storage. Your account data, client records, and media files are stored in Supabase's managed PostgreSQL database and object storage.
AnthropicAI model provider (Claude API). Content generation requests and your voice profile data are processed by Anthropic's API. We do not use your data to train Anthropic's models.
StripePayment processing and subscription billing. All payment card data is handled by Stripe. We store only billing confirmation details and the last four digits of your card.
TwilioSMS delivery for post-close sequences and client communications. Your clients' phone numbers are shared with Twilio solely to deliver the SMS messages you configure.
SendGridEmail delivery for post-close sequences and transactional platform emails. Email addresses are shared with SendGrid solely for message delivery.
LobDirect mail printing and mailing for automated postcard campaigns. Recipient names and mailing addresses are shared with Lob solely for print and mail fulfillment.
UnsplashStock photo search for content creation. Search queries may be logged by Unsplash per their terms.

We do not sell data to any of these partners or allow them to use your data for purposes beyond providing the specific services listed above.

8. Data Retention

We retain your account data, client data, and content for as long as your account is active.

When you cancel your subscription, your data is retained for up to 90 days so you can export it, after which it is permanently deleted from our systems, subject to the anonymization clause below.

If you request account deletion, we will delete your personally identifiable data within 30 days, except where retention is required by law. Billing records are retained for 7 years per standard accounting and tax requirements.

Anonymized Aggregate Data

After 18 months, Doorstep may retain and use anonymized, aggregated, de-identified data derived from platform usage for service improvement, AI model improvement, and industry benchmarking. This data cannot be linked back to you, your business, or your individual clients. It includes information like average content performance metrics and aggregate sequence completion rates — never names, contact details, or identifiable transaction data.

9. Data Security

We use industry-standard security practices to protect your data, including:

  • Encrypted connections (TLS/HTTPS) for all data in transit
  • Password hashing using bcrypt (we never store plaintext passwords)
  • Row-level security in our database to prevent cross-account data access
  • Encrypted storage of OAuth tokens for social media connections
  • Access controls limiting which team members can access user data

No security system is perfect. If you believe your account has been compromised, contact us immediately at privacy@doorstepplatform.com.

10. Your Rights

You have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request that we correct inaccurate or incomplete data
  • Deletion — request deletion of your account and personal data
  • Portability — export your client data and content in a standard format (available from your account settings)
  • Withdraw consent — disconnect social media accounts or revoke specific permissions at any time from Settings → Integrations

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know — request disclosure of the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the purposes for collecting it, and the categories of third parties with whom we share it
  • Right to Delete — request deletion of personal information we have collected, subject to certain exceptions
  • Right to Opt-Out of Sale — we do not sell your personal information, so no opt-out is required; however, you may contact us to confirm this
  • Right to Non-Discrimination — we will not discriminate against you for exercising any of your CCPA rights

To exercise your CCPA rights, submit a verifiable request to privacy@doorstepplatform.com from your account email address. We will respond within 45 days.

EU and UK Residents (GDPR)

If you are located in the European Union or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR:

  • Right of Access — obtain confirmation of whether we process your personal data and receive a copy
  • Right to Rectification — request correction of inaccurate personal data
  • Right to Erasure (“right to be forgotten”) — request deletion of your personal data in certain circumstances
  • Right to Data Portability — receive your personal data in a structured, machine-readable format
  • Right to Object — object to processing based on legitimate interests
  • Right to Restrict Processing — request that we limit processing of your personal data in certain circumstances

Our legal basis for processing your personal data is primarily the performance of a contract (providing the Service you subscribed to) and legitimate interests (improving the platform, preventing fraud). To exercise your GDPR rights, contact privacy@doorstepplatform.com. We will respond within 30 days.

11. Children

Doorstep is not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us at privacy@doorstepplatform.com and we will promptly delete the account and associated data.

12. Changes to This Policy

We may update this Privacy Policy as our practices evolve or as required by law. We will notify you of material changes via email to your registered address or through a prominent notice in the platform at least 14 days before the change takes effect. The “Last Updated” date at the top of this page indicates when the current version took effect.

13. Contact

Questions, requests, or concerns about this Privacy Policy or your data? Contact us at:

Eric VanderWegen Agency LLC

State of Idaho

privacy@doorstepplatform.com