Last Updated: June 19, 2026 · Eric VanderWegen Agency LLC
We take your privacy seriously. This policy explains what data Doorstep collects, how we use it, who we share it with, and what rights you have. If you have questions, email privacy@doorstepplatform.com.
Doorstep is operated by Eric VanderWegen Agency LLC, based in the State of Idaho. We provide an AI-powered marketing and referral platform for licensed real estate agents and mortgage loan officers. In this policy, “Doorstep,” “we,” “us,” and “our” refer to Eric VanderWegen Agency LLC.
Our platform is available at doorstepplatform.com. Questions about this policy may be directed to privacy@doorstepplatform.com.
We collect the following categories of personal data:
Account Information
When you create an account, we collect your name, email address, and password (stored as a one-way hash). If you complete billing setup, we collect billing name and address through Stripe. We do not store full card numbers.
Professional Information
Information you provide to personalize your experience: license type (real estate agent or mortgage loan officer), brokerage name, phone number, website URL, bio, brand name, brand colors, uploaded logo, writing samples, voice style preferences, NMLS or license number, and AI voice profile responses.
Content You Create
AI-generated posts, campaigns, email sequences, market reports, and other content you create through Doorstep, along with associated metadata (platform, scheduled date, publish status). Media files you upload to the media library.
Social Media Account Access
When you connect a social media account (Instagram, Facebook, LinkedIn, Google Business), we store OAuth access tokens, basic profile information (username, user ID, page names), and the permissions you have granted. We do not store your social media passwords. See Section 4 for full details on social media data.
Client and Contact Data You Import
Contact information and transaction records for your clients that you enter or import into Doorstep via CSV upload or CRM sync: names, email addresses, phone numbers, property addresses, close dates, sale prices, and notes. See Section 5 for full details.
Usage Data
Technical information about how you use the platform: pages visited, features used, content generated, errors encountered, browser type, operating system, IP address, and timestamps. This data is used to improve the Service and troubleshoot issues.
Payment Information
Payment processing is handled entirely by Stripe. We receive confirmation of successful payments, your billing name and address, and the last four digits and card type for your records. We never store your full card number, CVV, or banking credentials.
Communications
Records of emails and SMS messages sent to your clients through Doorstep sequences, including delivery status and engagement data (opens, clicks) where available from our delivery partners.
We use the data we collect to:
We do notsell your personal data or your clients' personal data to third parties. We do not use your data for advertising purposes unrelated to Doorstep.
You own your client data. All client information, contact records, transaction data, and notes that you enter or import into Doorstep — whether via manual entry, CSV upload, or CRM sync — belongs to you.
We process your client data only to deliver the features you've configured on the platform:
We do not access, analyze, sell, or use your client data for any purpose beyond executing your direct instructions through the platform. We do not share your client data with third parties except the delivery partners (Twilio for SMS, SendGrid for email, Lob for direct mail) necessary to send the communications you have configured.
You can export your client data at any time from your account settings. You can delete individual client records or your entire account and all associated client data.
Doorstep uses Anthropic's Claude API to generate marketing content on your behalf. When you request content generation, the relevant inputs — your voice profile, brand information, writing samples, content type, and any specific instructions you provide — are sent to Anthropic's API for processing.
AI-generated content may contain errors or suggestions that require your review. You are responsible for reviewing and approving all content before publishing. See our Terms of Service for the AI content disclaimer.
To improve AI content quality over time, we may analyze aggregate, anonymizedusage patterns — such as which content types are most frequently generated or most commonly edited before publishing. This analysis never involves identifying you individually or using your clients' data.
Doorstep uses the following third-party services to operate the platform. Each service has its own privacy policy governing their handling of any data we share with them:
We do not sell data to any of these partners or allow them to use your data for purposes beyond providing the specific services listed above.
We retain your account data, client data, and content for as long as your account is active.
When you cancel your subscription, your data is retained for up to 90 days so you can export it, after which it is permanently deleted from our systems, subject to the anonymization clause below.
If you request account deletion, we will delete your personally identifiable data within 30 days, except where retention is required by law. Billing records are retained for 7 years per standard accounting and tax requirements.
Anonymized Aggregate Data
After 18 months, Doorstep may retain and use anonymized, aggregated, de-identified data derived from platform usage for service improvement, AI model improvement, and industry benchmarking. This data cannot be linked back to you, your business, or your individual clients. It includes information like average content performance metrics and aggregate sequence completion rates — never names, contact details, or identifiable transaction data.
We use industry-standard security practices to protect your data, including:
No security system is perfect. If you believe your account has been compromised, contact us immediately at privacy@doorstepplatform.com.
You have the following rights regarding your personal data:
California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
To exercise your CCPA rights, submit a verifiable request to privacy@doorstepplatform.com from your account email address. We will respond within 45 days.
EU and UK Residents (GDPR)
If you are located in the European Union or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR:
Our legal basis for processing your personal data is primarily the performance of a contract (providing the Service you subscribed to) and legitimate interests (improving the platform, preventing fraud). To exercise your GDPR rights, contact privacy@doorstepplatform.com. We will respond within 30 days.
Doorstep is not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us at privacy@doorstepplatform.com and we will promptly delete the account and associated data.
We may update this Privacy Policy as our practices evolve or as required by law. We will notify you of material changes via email to your registered address or through a prominent notice in the platform at least 14 days before the change takes effect. The “Last Updated” date at the top of this page indicates when the current version took effect.
Questions, requests, or concerns about this Privacy Policy or your data? Contact us at:
4. Social Media Data
This section specifically addresses how Doorstep accesses, uses, and protects data from your connected social media accounts. Doorstep integrates with Facebook, Instagram, LinkedIn, and Google Business Profile to publish content on your behalf.
Authorization and Access
We access your social media accounts only with your explicit authorization. When you connect an account, you are redirected to that platform's official authorization flow (OAuth 2.0), where you can review and approve the specific permissions Doorstep is requesting before granting access. We never receive or store your social media passwords.
We request only the minimum permissions necessary to publish content on your behalf:
How We Publish Content
We publish content to your social media accounts only when you explicitly approve and schedule it through the Doorstep platform. No content is published automatically without your review and action. You remain in full control of what is posted and when.
What We Do Not Do With Your Social Media Data
Token Storage and Security
Your OAuth access tokens are stored securely and encrypted in our database. Access to these tokens is restricted to the publishing functions that act on your explicit instructions. Tokens are never exposed to other users, third parties, or used for any purpose beyond the actions you initiate.
Revoking Access
You can revoke Doorstep's access to any connected social media account at any time from Settings → Integrationswithin the platform. You can also revoke access directly from each social platform's own security or app settings. Upon revocation, we will delete your stored OAuth tokens for that account.
Compliance with Platform Policies
Doorstep's use of social media APIs complies with the terms and developer policies of each respective platform, including Meta's Platform Terms, LinkedIn's API Terms, and Google's API Services User Data Policy. User data obtained from these APIs is used only for the purposes disclosed in this policy and is not transferred to third parties except as necessary to provide the Service (e.g., storing tokens in our Supabase database).