Privacy Policy

Doortana, Inc. (“Doortana,” “we,” “us”) provides a software-as-a-service platform for residential real estate professionals — agents, brokerages, teams, lenders, title companies, inspectors, and the consumers they serve — that supports the full residential real estate transaction lifecycle, including client relationship management (CRM), lead capture and pipeline management, listing creation and workflow, offer creation and negotiation, contract intelligence and document generation, electronic signature workflows, voice-driven workflow assistance, transaction coordination through closing, communications (email and SMS), and reporting and analytics (the “Platform”). This Privacy Policy explains what information Doortana collects about you, how we use it, with whom we share it, how we protect it, and the choices and rights you have.

This Privacy Policy applies to:

• Visitors to doortana.com and our marketing properties;
• Individual real estate professionals (e.g., agents, teams, transaction coordinators) who sign up directly for a self-serve subscription plan;
• Brokerage Customers and their Agents and Staff who use the Platform under a Master Services Agreement or other written agreement (with individuals and brokerages each, a Customer);
• Clients and other Transaction Participants invited to the Platform by a Customer (e.g., buyers, sellers, lenders, title agents, inspectors); and
• Anyone who corresponds with us or applies for a job at Doortana.

Controller / processor framing. When you visit our marketing site, sign up for an account, or otherwise interact with Doortana directly, Doortana is the controllerof your personal information. When a Customer uploads or generates data within the Platform — including transaction records, contracts, client lists, communications, documents, and signing artifacts (“Customer Data”) — Doortana acts as a processor(or “service provider”) on the Customer’s behalf. The Customer is the controller of that Customer Data, and the Customer’s own privacy notice governs how it is collected and shared. If you are a Client or Transaction Participant invited to the Platform by a Customer, please direct privacy questions about the underlying transaction to the Customer; Doortana will support reasonable requests routed through them.

If you do not agree with this Privacy Policy, do not use the Platform.

2.1 Information you provide

• Account information — name, email, phone, password, profile photo, role, brokerage affiliation, license number (where applicable).
• Billing information — billing contact, billing address, tax identifiers, and payment-method tokens returned by our payment processor. Doortana does not store full payment card numbers.
• Customer Data uploaded or generated by Customers, including but not limited to: client and contact records, transaction details, real estate purchase and sale contracts and supporting documents, listing data, e-signature artifacts, calendar events, and communications.
• Communications and content — messages, tasks, notes, feedback, support tickets, and survey responses you send to or through Doortana.
• Identity verification information — when required to verify a signer (e.g., one-time passcodes sent by SMS or email).

2.2 Information we collect automatically

• Usage data — pages and features accessed, actions taken, timestamps, click and navigation events, error events.
• Device and connection data — IP address, browser type, operating system, device identifiers, referrer URL, and approximate location derived from IP.
• Cookies and similar technologies — see Section 7.
• Communication metadata — message-delivery status, e-signature audit trails (signer identity, timestamps, IP, hash of signed document), and SMS delivery and reply records.

2.3 Information from third parties

• Identity providers — when you sign in via Google, Microsoft, or another federated identity provider, we receive the basic profile fields the provider returns.
• Email and calendar integrations — when you connect a Gmail, Google Calendar, Microsoft 365, or similar account, we receive the OAuth-scoped data necessary to sync messages and events you direct us to sync.
• Property and MLS data sources— when a Customer’s MLS or aggregator feed is connected, we receive listing and property records, including parcel, ownership, and listing-history fields.
• Service providers and integrations — fraud-prevention, analytics, support, and infrastructure providers may share information with us about your interactions with Doortana.

2.4 Sensitive information and Nonpublic Personal Information

Real estate transactions can involve Nonpublic Personal Information (“NPI”) as defined under the Gramm-Leach-Bliley Act (“GLBA”) (16 CFR § 313.3(n)) — for example, social security numbers, bank account information, mortgage details, or credit-related information. Doortana does not request, store, or transmit wire instructions, full bank account numbers, or routing numbers, and the Platform’s design directs participants to handle earnest money and closing funds outside the Platform. Where a Customer nonetheless uploads NPI, Doortana acts as a service provider subject to written safeguards consistent with the FTC Safeguards Rule (16 CFR Part 314).

2.5 Children

The Platform is not intended for, and is not directed to, anyone under the age of 18. Doortana does not knowingly collect personal information from children. If you believe a child has provided personal information to Doortana, contact us at privacy@doortana.com.

We use personal information to:

• Provide, operate, and improve the Platform and the Customer’s transactions on it;
• Authenticate users and verify signer identity;
• Generate, deliver, and store contracts, signing artifacts, milestones, notifications, and communications;
• Provide customer support and respond to inquiries;
• Bill Customers and manage subscriptions;
• Detect, prevent, and respond to fraud, security incidents, abuse, and violations of our Acceptable Use rules;
• Comply with legal obligations, court orders, regulatory requests, and audit requirements;
• Develop, evaluate, and improve Platform features (excluding the use of Customer Data to train generalized AI/ML models — see Section 4); and
• Communicate operational and product information about the Platform.

Legal bases (where applicable).Where European data-protection law applies, Doortana relies on (i) the necessity of processing to perform a contract with you or with a Customer who acts on your behalf; (ii) Doortana’s legitimate interests in operating, securing, and improving the Platform; (iii) compliance with legal obligations; and (iv) consent, where required (e.g., for non-essential cookies and SMS opt-in).

Doortana uses artificial-intelligence models to power features such as FillTANA (form and contract assistance), ClienTANA (client-relationship guidance), TalkTANA(voice-driven workflow), and similar capabilities (collectively, “AI Features”). When you use AI Features:

• Doortana submits the inputs necessary to generate a response (which may include excerpts of Customer Data) to Amazon Bedrock, AWS’s managed foundation-model service, running in Doortana’s AWS account in the us-east-1 region. Doortana currently uses Anthropic Claude models for most AI Features, accessed exclusively through Amazon Bedrock.
• Customer Data submitted to AI Features is not transmitted to the model provider (Anthropic). Inference runs entirely within AWS infrastructure under AWS Bedrock’s data terms. Per AWS Bedrock’s service terms, AWS does not store inputs or outputs after a request completes (other than ephemeral processing) and does not use them to train AWS models or share them with model providers. Anthropic does not see, store, or train on Customer Data submitted via Bedrock.
• Doortana does not use Customer Data to train generalized AI/ML models. We may use de-identified, aggregated usage data (which cannot reasonably be used to identify you) to evaluate and improve model selection, prompts, and feature performance.
• AI output is generated automatically, may be incorrect or incomplete, and is not legal, financial, tax, or appraisal advice. Customer is responsible for reviewing AI output before relying on or distributing it.

If you connect Google Workspace data to Doortana via OAuth (e.g., Gmail or Calendar sync), Doortana’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Doortana does not use data obtained through Google APIs to develop, improve, or train generalized AI or ML models.

Doortana shares personal information only as described below.

5.1 Within a Customer’s tenant

Information uploaded by a Customer is shared among that Customer’s authorized users, the Clients and Transaction Participants the Customer invites to a transaction, and the third-party professionals (lenders, title agents, inspectors, attorneys) the Customer or Client invites. Roles, permissions, and visibility are controlled by the Customer’s administrator(s).

5.2 Service providers (subprocessors)

Doortana engages the following subprocessors. The current list is maintained at doortana.com/trust/subprocessors. We provide Customers at least 30 days’ advance notice of new subprocessors; a Customer may object, and an unresolved objection gives the Customer a termination right under its agreement with Doortana.

Doortana imposes contractual confidentiality and security obligations on each subprocessor consistent with this Privacy Policy.

5.3 Affiliates and corporate transactions

Doortana may share personal information with current or future affiliates, and with counterparties (subject to confidentiality) in connection with a merger, acquisition, financing, or sale of assets. The acquirer’s use of personal information will remain subject to this Privacy Policy or a successor policy with materially equivalent protections.

5.4 Legal, safety, and compliance

Doortana may disclose personal information when we reasonably believe disclosure is required to (i) comply with a law, regulation, court order, or valid legal process; (ii) protect Doortana’s, our Customers’, or third parties’ rights, property, or safety; (iii) detect, prevent, or address fraud, security, or technical issues; or (iv) enforce our Terms of Service or other agreements.

5.5 With your direction

Doortana shares personal information with third parties when you or a Customer directs us to — for example, by inviting a participant to a transaction, generating an e-signature request to a recipient, or connecting an integration.

5.6 What Doortana does not do

• We do not sell personal information.
• We do not share personal information with third parties for their own marketing purposes.
• We do not use Customer Data to train generalized AI/ML models.

Doortana uses SMS text messaging to support real estate transactions on our Platform. The SMS service is delivered via Amazon Web Services Pinpoint and Amazon Simple Notification Service (SNS), in Doortana’s AWS account, in the us-east-1 region.

6.1 Information collected through SMS

When you provide a mobile phone number to Doortana — for example, when completing an intake form, accepting a portal invitation, or being added to a transaction by a Customer — we collect the number itself, the date and time it was provided, the page or context in which consent was captured, your IP address (where available), and a record of the consent disclosure shown to you. We use this information to send the messages described below, to record your consent as required by applicable law and industry standards, and to maintain a delivery and reply log.

6.2 What we send

Doortana sends only transactional and informational messages, including:

• One-time passcodes (OTP) used to verify identity on intake or signing;
• Notifications when a document is ready for review or signature;
• Status updates as transactions reach key milestones (e.g., contract executed, inspection scheduled, closing confirmed);
• Milestone-completion confirmations— text messages that ask you to confirm that a milestone is complete by replying (for example, “Reply Y when complete”). Your reply is recorded as part of the transaction record and visible to the Customer who invited you;
• Operational notices required to complete a transaction in which you are a party.

Doortana does not send marketing or promotional text messages through this service. Message frequency varies based on transaction activity.

6.3 Two-way replies

Doortana’s SMS service supports two-way replies. Replies you send to a Doortana SMS are recorded in the transaction record and visible to the Customer (and authorized Transaction Participants) the message was sent on behalf of. Do not send anything by SMS that you would not want recorded in the transaction history.

6.4 Carrier disclosure

Standard message and data rates from your wireless carrier may apply. Carriers are not liable for delayed or undelivered messages. Doortana cannot guarantee delivery and you should not rely on SMS as your only channel for time-sensitive information. The SMS service is supported by major U.S. wireless carriers, including AT&T, T-Mobile, Verizon Wireless, U.S. Cellular, Boost, Cricket, MetroPCS, and Google Voice.

6.5 Opt-out and HELP

You may opt out of Doortana SMS at any time by replying STOP to any message. After we process your STOP request, you will receive one final confirmation message and no further texts. Opting out may disable features that rely on SMS delivery (e.g., one-time codes); you may need to use an alternative verification channel to continue. For help, reply HELP to any message or email support@doortana.com.

6.6 No sharing for marketing

Doortana does not sell mobile phone numbers and does not share phone numbers or SMS content with third parties for their own marketing purposes. The only third parties that receive your phone number are AWS (delivering the message on Doortana’s instructions) and your wireless carrier (routing the message to your device).

Doortana uses cookies, local storage, and similar technologies to keep you signed in, remember preferences, measure feature usage, debug errors, and protect against fraud and abuse. We use both first-party and limited service-provider cookies (analytics, session replay limited to error events, monitoring). You can control cookies through your browser settings; disabling essential cookies will degrade or break the Platform.

A separate Cookie Notice at doortana.com/cookies describes the cookies in use and your choices.

Doortana stores and processes data primarily in the United States (AWS us-east-1). If you access the Platform from outside the United States, you understand that your information will be transferred to and processed in the United States. Where European data-protection law applies, Doortana relies on appropriate safeguards (e.g., the EU-US Data Privacy Framework, Standard Contractual Clauses) when transferring personal data out of the EEA, the UK, or Switzerland.

Doortana retains personal information for as long as needed to provide the Platform, comply with legal obligations, resolve disputes, enforce agreements, and meet legitimate business interests. Specific retention periods include:

• Customer Data— retained for the duration of the Customer’s subscription and for the period required by the Customer’s MSA. After termination, Customer Data is deleted within the timeframe set in the MSA (typically 30 days after a 30-day export window).
• Transaction artifacts and signing audit trails — retained for at least seven (7) years to support real estate transaction record-keeping and legal-defense requirements.
• Account and billing records — retained for at least seven (7) years for tax, accounting, and audit purposes.
• SMS consent and delivery logs — retained for the duration of the relationship and for a reasonable period afterward to evidence TCPA compliance and resolve disputes.
• Security and audit logs — retained per our information-security program; typically 12-24 months for active logs and longer for compliance archives.

You can request earlier deletion subject to the rights described in Section 11; Doortana will honor such requests except where retention is required by law, contract, or legitimate business purpose.

Doortana operates a written information-security program designed around the principles of confidentiality, integrity, and availability, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256);
• Field-level encryption for designated sensitive fields;
• AWS-managed key management (KMS);
• Role-based access controls, multi-factor authentication for staff, least-privilege access reviews;
• Pre-signed, time-limited URLs for document downloads (no public S3 access);
• Anti-malware scanning of uploaded documents;
• Append-only, tamper-evident audit logging of state-changing actions;
• Vulnerability management, monitored security alerting, and incident-response procedures;
• Vendor-risk review of subprocessors.

No security program is perfect. If you believe your account or any data has been compromised, contact security@doortana.com immediately.

11.1 Access, correction, deletion, portability

You can update your profile and many account settings directly in the Platform. To request a copy of personal information Doortana holds about you, correct inaccurate information, delete your account, or receive a portable copy of your data, contact privacy@doortana.com. If your information is held by Doortana on behalf of a Customer, we will direct your request to that Customer; Doortana will support reasonable requests routed through them.

11.2 California (CCPA / CPRA)

California residents have the right to (i) know what personal information is collected, used, shared, or sold; (ii) request deletion; (iii) correct inaccurate information; (iv) opt out of sale or sharing of personal information for cross-context behavioral advertising; (v) limit the use of sensitive personal information; and (vi) be free from retaliation for exercising these rights. Doortana does not sell or share personal information for cross-context behavioral advertising. To exercise California rights, contact privacy@doortana.com or use the verifiable request form at doortana.com/privacy/request. You may designate an authorized agent to make a request on your behalf, subject to verification.

The categories of personal information Doortana collects map to the CCPA categories as follows: identifiers (name, email, account identifiers); commercial information (subscription and billing records); internet activity (Platform usage); geolocation (approximate, IP-derived); professional information (license number, brokerage); inferences (limited, derived from Platform usage); and sensitive personal information limited to account credentials.

11.3 Other U.S. state rights

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and other states with comprehensive consumer privacy laws have similar rights. Doortana honors verified requests and provides an appeal process for denied requests. Contact privacy@doortana.com.

11.4 European Economic Area, United Kingdom, Switzerland

Residents of the EEA, UK, and Switzerland have rights under the GDPR / UK GDPR, including the right to access, rectify, erase, port, restrict, and object to processing, and the right to lodge a complaint with a supervisory authority.

11.5 Marketing email

You may unsubscribe from Doortana marketing emails at any time using the unsubscribe link in the email, or by contacting privacy@doortana.com. Doortana will continue to send transactional and operational emails (e.g., security alerts, invoices) regardless of marketing preference.

11.6 Do Not Track

Doortana does not currently respond to “Do Not Track” browser signals.

12.1 RESPA — No referral fees

Doortana provides software and technology services. Doortana is not a settlement service provider as defined in the Real Estate Settlement Procedures Act (“RESPA”) and does not receive a fee, kickback, or thing of value in exchange for the referral of settlement service business. Subscription fees compensate Doortana for technology services rendered, are not contingent on transaction closure, and do not depend on the volume or value of settlement-service referrals.

12.2 Fair Housing

Doortana’s communication and AI features are tools; Customer is solely responsiblefor ensuring its use of those tools complies with the Fair Housing Act, the Equal Credit Opportunity Act (“ECOA”), state fair-housing laws, and the National Association of REALTORS® Code of Ethics. Doortana does not provide brokerage, legal, tax, or appraisal advice.

12.3 MLS and listing data

If a Customer connects an MLS or aggregator feed to Doortana, Customer represents that it has the right to provide that data to Doortana for processing in connection with the Platform and will comply with applicable MLS rules, IDX/VOW agreements, and RESO licensing.

12.4 Consumer-facing portal

When a Customer invites a Client (e.g., a buyer or seller) to a Doortana client portal, the Client is presented with a consumer-facing acknowledgment that incorporates this Privacy Policy and the SMS terms. Doortana’s contractual relationship is with the Customer; the Client’s relationship with the Customer (including any agency representation) is governed by the Customer’s own agreements and disclosures.

Doortana may update this Privacy Policy from time to time. The “Last updated” date at the top of this policy reflects the most recent revision. For material changes that reduce your rights or expand the categories of data Doortana collects, Doortana will provide reasonable advance notice via the Platform or by email before the change takes effect. Continued use of the Platform after the effective date constitutes acceptance.

• Privacy questions and rights requests: privacy@doortana.com
• Security incidents: security@doortana.com
• General support: support@doortana.com
• Mail: Doortana, Inc., 1328 Kinsdale Dr, Raleigh, NC 27615

If you are in the EEA, UK, or Switzerland, you may also lodge a complaint with your local supervisory authority.