This Privacy Policy explains how Door2Door Inc. ("Door2Door", "we", "us", or "our") collects, uses, shares, and protects personal information in connection with the Door2Door platform, which includes:
- the Door2Door web admin dashboard (the "Dashboard"), and
- the Door2Door mobile application for Android (package
com.door2door.mobile) (the "App").
The Dashboard and App are referred to together as the "Service".
Two kinds of people, two roles. The Service is a business tool used by organizations ("Client Organizations") to run door-to-door canvassing campaigns. We handle two categories of personal data differently:
- Field-agent and administrator account data (the people who log in and use the Service). For this data, Door2Door is the controller.
- Resident / occupant data collected at the door by field agents (names, contact details, consent records, signatures, property photos, etc.). For this data, Door2Door acts as a processor / service provider on behalf of the Client Organization, which is the controller. If you are a resident and want to access, correct, or delete your information, please contact the organization that visited you; we will support their request. See Section 9.
1. Information we collect
1.1 Account and authentication data (field agents & administrators)
When a user signs in to the Service, we collect and store:
- Name and email address (provided through Google OAuth sign-in).
- Google account profile identifier and profile image, where made available by the sign-in.
- The user's role within a Client Organization (
dev,admin, oruser). - The organization, sites, and streets the user is assigned to.
1.2 Resident / occupant data (collected at the door)
Field agents enter information about households and properties they visit. Depending on the campaign, this can include:
- Occupant first name and last name.
- Email address and phone number.
- Consent records — whether the occupant gave or declined consent, including campaign-specific consent fields (e.g.
consent,axleConsent) and Salesforce conciliation status. - A captured signature, where the campaign collects one.
- Free-text notes entered by the agent about the visit.
- The property address and door-knock status / outcome (e.g. consent given, consent declined, not home, revisit required, address does not exist).
- Property photos captured with the device camera as evidence for a visit.
1.3 Location data
- The App uses device location (GPS) to show maps, position properties and streets, and support shift activity at a site. Map display is powered by Google Maps and Leaflet.
- Geocoding of addresses (converting an address to coordinates) is performed via a third-party geocoding provider.
- Location is used while you are using relevant features of the App. The App does not run continuous background location tracking for advertising purposes.
1.4 Photos and camera
- The App and Dashboard can capture a photo of a property as visit evidence. The photo is stored locally on the device first (file storage on mobile; IndexedDB in the browser) and later uploaded to the Client Organization's ArcGIS / Esri FieldMaps environment.
- Each pending photo records who captured it (
photoTakenBy) and whether it has been synced to ArcGIS (isSyncedToArcGIS). Once synced, the local copy is cleared.
1.5 Operational and activity data
- Shift data: clock-in/clock-out times, site, and break tracking.
- Activity / inactivity monitoring: signals used to detect whether an agent is active during a shift.
- Audit trail: an edit log of changes made to house records, including which user made the change and when (
houseEditLog).
1.6 Device and technical data
- Approximate technical information needed to operate the Service, such as device/app version, and locally stored data used for offline operation (SQLite database on mobile; browser storage on web).
- Authentication session tokens used to keep you signed in.
We do not intentionally collect special-category data (such as health, religion, or biometric identifiers) beyond what a Client Organization configures, and we do not use the data for behavioral advertising.
2. How we use information
We use personal information to:
- Authenticate users and enforce role-based access within each Client Organization.
- Provide the core canvassing workflow: sites → streets → houses → visit outcomes → consent capture.
- Capture, store, queue, and synchronize property photos with ArcGIS / FieldMaps.
- Synchronize records with a Client Organization's Salesforce and other configured integrations.
- Display maps and geocode addresses.
- Track shifts and monitor agent activity for operational management by the Client Organization.
- Maintain an audit trail and ensure data integrity across offline/online sync.
- Secure the Service, prevent abuse, debug, and improve reliability.
- Comply with legal obligations.
For resident data, the purposes and legal basis are determined by the Client Organization (the controller). Door2Door processes that data only on the Client Organization's documented instructions.
3. Legal bases (EEA/UK and similar regimes)
Where applicable data-protection law requires a legal basis:
- Account data: performance of our contract with the Client Organization, and our legitimate interest in operating and securing the Service.
- Resident data: the legal basis is established by the Client Organization, typically the consent captured at the door and/or the organization's legitimate interests for the relevant campaign.
- Legal compliance: where processing is necessary to meet a legal obligation.
4. How information is shared
We share personal information only as needed to operate the Service:
4.1 With the Client Organization
Resident data and agent operational data are made available to the Client Organization that runs the campaign and to its authorized administrators.
4.2 With sub-processors and integrations
We rely on the following categories of service providers. They process data on our or the Client Organization's behalf under contractual confidentiality and data-protection terms:
| Provider | Purpose |
|---|---|
| Convex | Backend database and serverless functions (primary data store) |
| Esri ArcGIS / FieldMaps | Storage and reconciliation of property photo evidence and spatial records |
| Salesforce | CRM synchronization of consent and household records (where the Client Organization uses it) |
| OAuth authentication (sign-in) and Google Maps map display | |
| Geocoding provider | Converting addresses to map coordinates |
| Hosting / serverless infrastructure (e.g. Vercel) | Hosting the Dashboard and the photo-upload endpoint |
The specific set of integrations active for any campaign depends on the Client Organization's configuration.
4.3 Legal and safety
We may disclose information if required by law, regulation, legal process, or governmental request, or where necessary to protect the rights, safety, and security of Door2Door, our users, or the public.
4.4 Business transfers
If Door2Door is involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to this Policy.
We do not sell personal information and do not share it for cross-context behavioral advertising.
5. Photo evidence upload — specific notice
When a property photo is synced, the image and the associated arcgis_id are transmitted over an authenticated, encrypted connection to the ArcGIS / FieldMaps upload endpoint configured for the Client Organization. After a successful upload:
- the record is marked
isSyncedToArcGIS: true, - the local photo reference is cleared, and
- the locally stored image is deleted from the device.
Photos that fail to upload remain stored locally on the device until they upload successfully or are removed.
6. Data retention
- Resident data is retained for as long as the Client Organization instructs, in line with its own retention policy and applicable law. On termination of a Client Organization's use of the Service, we delete or return its data within a commercially reasonable period, except where retention is legally required.
- Account data is retained while the account is active and for a reasonable period afterward for security, audit, and legal purposes.
- Local device copies (offline SQLite/IndexedDB, pending photos) persist on the device until synced, cleared by the user, or removed when the App's data is cleared/uninstalled.
7. Security
We use technical and organizational measures appropriate to the risk, including:
- Encryption of data in transit (HTTPS/TLS).
- Authentication and role-based access control scoped per Client Organization.
- An audit trail of edits to house records.
- Restriction of third-party API keys (e.g. the Google Maps key is restricted to the App's package name and signing certificate).
No method of transmission or storage is completely secure. Values bundled into the App binary (any EXPO_PUBLIC_* configuration) should be treated as public and never contain backend secrets; sensitive operations are validated server-side.
8. International data transfers
The Service and its sub-processors may process data in countries other than where you live. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.
9. Your rights
Depending on where you live, you may have rights to access, correct, delete, restrict, or object to the processing of your personal information, to data portability, and to withdraw consent.
- Field agents / administrators: contact us using the details in Section 13.
- Residents / occupants: because the data was collected by a Client Organization, please direct your request to the organization whose agents visited your property. If you contact us directly, we will refer your request to the relevant Client Organization and assist them in responding.
You also have the right to lodge a complaint with your local data-protection authority.
10. Children's privacy
The Service is a workforce tool and is not directed to children. We do not knowingly collect personal information from children. If you believe a child's data has been provided, contact us so we can address it.
11. Permissions used by the mobile App
The App may request the following device permissions, each used only for the stated purpose:
- Camera — to capture property/visit evidence photos.
- Location — to show maps and position streets, properties, and shift activity.
- Photos / file storage — to store pending evidence photos until they sync.
You can manage these permissions in your device settings; revoking a permission may disable the related feature.
12. Changes to this Policy
We may update this Policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, provide additional notice. Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
13. Contact us
Door2Door Inc.
Privacy contact: [privacy@door2door.example — replace with real address]
Mailing address: [company mailing address — replace]
For questions about a specific campaign or to exercise rights over data collected at your door, please contact the Client Organization that visited you.