Privacy Policy

Last updated: 15 July 2026

Who we are

Doorstep ("we", "us", "our") is a social and dating application connecting homeowners. We are based in Adelaide, South Australia. By using Doorstep you agree to the collection and use of your information as described in this policy.

We handle your personal information in accordance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and where applicable, the EU General Data Protection Regulation (GDPR).

What we collect

We collect the following categories of personal information:

Why we collect it

We use your information to:

Legal basis for processing

We process your personal data on the following legal bases:

How we store and protect your data

Your data is stored on Supabase infrastructure (PostgreSQL database and object storage), hosted on secure cloud servers. Supabase is SOC 2 Type II certified and applies encryption at rest and in transit (TLS 1.2+).

Because our infrastructure and service providers operate internationally, your personal data may be stored or processed on servers located outside Australia, including in the United States. Where data is disclosed overseas we take reasonable steps to ensure it is handled in line with the Australian Privacy Principles. By creating an account and using Doorstep, you consent to your data being processed on servers outside Australia.

Access to your data within our systems is controlled by Row Level Security (RLS) policies — meaning database queries are restricted so users can only access data they are authorised to see.

Photos you upload are stored in our cloud object storage and served over encrypted connections (TLS) via unique, hard-to-guess web addresses. These photo links are not individually password-protected: anyone who has a link — or who you share it with — can open the image, and a link may stay reachable until the photo itself is deleted (for example when you remove it, or when your account is permanently purged after deletion). We do not publicly list or index your photos, and we never share them with third parties for advertising or marketing.

Messages between matched users are encrypted in transit (TLS 1.2+) and at rest on our infrastructure, and access is restricted by Row Level Security so users can only see their own conversations. Messages are not end-to-end encrypted: to keep the community safe and to comply with Australian law, authorised personnel may access message content where necessary to investigate reports, detect abuse or illegal content, and respond to lawful requests. Please do not share highly sensitive information (such as financial details or government identifiers) in chat.

Data retention and deletion

We keep your personal information only as long as your account is active or as needed to provide the service, meet legal obligations, or resolve disputes. Profile data, photos, messages, match history, and location are retained while your account is active.

When you delete your account via Settings → Delete Account, your profile is hidden from all other users immediately and you are signed out of all sessions. Your account then enters a recovery window and remains recoverable for 90 days (or 365 days where required for safety or legal reasons, such as a reported or banned account). If you sign back in within that window your account is restored, but your previous matches, conversations, and most profile details are cleared so you start fresh. Once the window passes, an automated process permanently removes your profile, photos, messages, and match history from our active databases.

Some records are retained after deletion where the law or safety requires it: subscription and payment transaction records are kept for 7 years to meet Australian taxation requirements; server and access logs are kept for up to 90 days for security and fraud prevention; and aggregated, anonymised analytics that cannot be linked back to you may be retained. A fuller breakdown is available in the Data Retention Policy within the app (Settings → Data retention).

Third parties

We share data with the following trusted third parties only as necessary to operate the service:

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

Your rights

Under the Australian Privacy Act and GDPR (where applicable), you have the right to:

To exercise any of these rights, contact us at privacy@doorstepcompany.com. We will respond within 30 days.

Sensitive information

To match you with compatible people, Doorstep collects information that may be considered "sensitive information" under the Australian Privacy Act (and "special category data" under the GDPR), including your gender, the genders you are interested in, and your relationship intentions — which may reveal information about your sexual orientation.

We collect and use this information only to operate the matching service. We rely on your consent, which you give by completing your profile and using the app, and you can withdraw it at any time by editing your profile or deleting your account.

Automated matching and machine learning

Doorstep uses an automated system to suggest potential matches. It draws on your profile details, stated preferences, suburb, and the knocks, rings and waves you and others send, to decide which profiles to show you.

We may also use machine-learning techniques to improve match suggestions and to detect spam, fraud, or behaviour that breaches our terms. These suggestions are recommendations only — they do not make decisions that produce legal or similarly significant effects about you without human involvement.

Communications and notifications

We send two kinds of messages: service messages needed to operate your account (such as new matches, new chat messages, and security or account notices), and optional updates about new features and tips.

You can turn off push notifications at any time in your device settings, and opt out of optional updates without affecting essential service messages. We do not send third-party marketing.

Advertising and sale of data

We do not sell your personal information, and we do not share it with third parties for their own advertising or marketing. Doorstep does not display third-party advertising and does not use advertising trackers or cookies.

Identity and photo verification

We do not currently collect biometric information. If we introduce identity or photo verification in the future (for example, checking that a selfie matches your profile photos), any biometric information will be collected only with your express consent, used solely to verify your identity, and deleted once verification is complete or you delete your account. We will update this policy before launching any such feature.

Users outside Australia

Doorstep is currently offered to users in Australia. If you access Doorstep from outside Australia, additional rights may apply to you.

If you are in the European Economic Area or the United Kingdom, you have the rights of access, rectification, erasure, restriction, portability, objection, and to withdraw consent, and you may lodge a complaint with your local data protection authority. Our legal bases for processing are set out in "Legal basis for processing" above.

If you are a California resident, you may have rights under the CCPA/CPRA, including to know, delete, and correct your personal information and to limit the use of sensitive personal information. We do not "sell" or "share" your personal information as those terms are defined under California law.

To exercise any of these rights, contact us at privacy@doorstepcompany.com.

Children

Doorstep is not intended for users under 18 years of age. We do not knowingly collect data from anyone under 18. Date of birth is collected at registration and verified to confirm minimum age. If you believe a minor has created an account, contact us immediately at privacy@doorstepcompany.com.

Cookies and tracking

Doorstep is a native mobile application and does not use browser cookies. We may use device identifiers and anonymised session analytics to understand how the app is used. These are not used for advertising profiling.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top and notify you via the app if the changes are material. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact us

For any privacy-related questions or requests:
Email: privacy@doorstepcompany.com
Address: Adelaide, South Australia, Australia

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au, or your local data protection authority if you are based in the EU.