Doorstep · Privacy Policy · Last updated 2026-04-20
Privacy Policy.
This policy explains what the Doorstep web application and the Doorstep Chrome extension collect, how we use it, and what we do not do with your data. It applies to every agency and every user of Doorstep.
Who we are
Doorstep is a real-estate CRM operated by the Doorstep team for Georgian real-estate agencies. If you have questions about this policy or your data, contact us at hello@doorstep.agency.
What the web application collects
When an agency signs up and creates users, we store:
User profile: name, surname, email, phone, optional profile photo, role (agent / manager / owner / admin).
Password, stored as a one-way hash (pbkdf2-sha256) — never as plaintext.
Listings your agents import or create: titles, descriptions, prices, locations, rooms, photos, owner contact information, and all other property data the agent enters or imports.
Notes, subtasks, client requests, commissions, and closed-deal records that your agents create.
Social-publishing credentials (Telegram / Facebook / Instagram tokens) entered by the Doorstep team on your behalf during onboarding. These are stored encrypted at rest with AES-128 (Fernet) and are never shown back in the UI after saving.
Session cookies to keep you logged in.
Routine server logs (request URL, timestamp, response status) for operational monitoring.
What the Chrome extension does
The Doorstep Chrome extension runs only on these sites:
myhome.ge and its supporting subdomains (statements.myhome.ge, statements.tnet.ge, api-statements.tnet.ge, static.my.ge).
ss.ge and home.ss.ge.
The user's own Doorstep account at doorstep.agency.
On a real-estate listing page, the extension can:
Read the listing data the user is looking at (title, price, photos, rooms, owner phone, etc.), and send it to the user's own Doorstep account when the user clicks "Scrape this listing".
On the platforms' create-listing forms, auto-fill the fields from a listing the user has in their Doorstep account when the user clicks "Upload to myhome.ge" or "Upload to ss.ge".
The extension does not run on, read from, or send data to any other website. It acts only in response to explicit user clicks.
What we do not do
We do not sell data. Ever.
We do not share data with third parties for advertising, analytics, or profiling.
We do not track your browsing history across sites.
We do not read content from any site other than the ones listed above.
We do not store credentials for myhome.ge or ss.ge — the extension uses your own browser session on those sites, not stored passwords.
We do not display social-media access tokens after they are saved; even we cannot view them once entered.
Who can see your data
You see your own listings, notes, and commission records.
Your direct manager can see your listings and private notes (this is a product feature — managers are accountable for team activity).
Your agency's owner can see everything within the agency.
The Doorstep operations team can view account records to provide support, onboard agencies, and respond to platform issues.
Data is never visible to users from other agencies. Every database query is scoped to the current user's agency.
Where your data lives
Application data is hosted on Supabase in Frankfurt (eu-central-1), encrypted in transit (TLS) and at rest. Uploaded files (photos, logos) are stored in the same region. Social-media credentials have an additional layer of Fernet encryption on top of the database encryption, with the decryption key held on the application server, not in the database.
How long we keep data
We retain your agency's data for as long as the agency account is active. If your agency offboards, data is deleted within 30 days of the account being closed, except for closed-deal records which may be retained in anonymized form for statistical purposes. You may request full deletion of your personal records at any time by emailing the address below.
Your rights
You can access, correct, or export your own data at any time from inside the app. To request deletion of your user record, transfer of data to another system, or further information about how your data is processed, contact hello@doorstep.agency. We respond within 14 business days.
Changes to this policy
If we materially change this policy, we will update the "Last updated" date at the top of this page and notify account owners by email. Continued use of Doorstep after a policy change constitutes acceptance of the revised policy.