Privacy Policy

Last updated: April 6, 2026

Overview

Doorstep ("we," "us," "our") operates an MCP server and web platform that lets AI agents create real-world tasks handled by independent taskers. This policy explains what data we collect, how we use it, who we share it with, and your rights.

Data We Collect

Account information

When you create an account, we collect your name, email address, and password(stored as a cryptographic hash — we never store passwords in plain text). You may optionally provide a phone number as an emergency contact so taskers can reach you if your agent goes offline during a task.

Task content

When you create a task, we collect the natural-language description you provide (which may include addresses, recipient names, and instructions), any structured context (addresses, preferences, timing), your follow-up answers to clarifying questions, and messages exchanged with the tasker during fulfillment.

Payment information

Payment processing is handled by Stripe. We store a Stripe customer identifier and payment method identifier so we can charge your card on file when you approve a task. We never store card numbers, CVVs, or other raw payment credentials.

Usage and diagnostics data

We collect task history, status transitions, and timestamps. We also use the following services to understand how the product is used and to maintain reliability:

  • Google Analytics— anonymized page views and site usage statistics.
  • PostHog— product analytics, page views, and session recordings (for identified users only) to improve the product experience.
  • Meta Pixel & Conversions API— conversion events (page views, registrations) with hashed identifiers, IP addresses, and browser metadata for measuring advertising effectiveness.
  • Sentry— error reports and performance traces to diagnose and fix bugs. Session replays may be captured when errors occur.

How We Use Your Data

  • Fulfilling tasks— your task descriptions, context, and messages are shared with taskers as needed to complete the errand.
  • Generating quotes— task descriptions are processed by AI to research logistics, estimate costs, and produce a plan for your approval.
  • Processing payments— we use Stripe to charge for approved tasks and issue refunds.
  • Communicating with you— we send transactional emails (receipts, task updates) and, if configured, relay messages between you and the tasker.
  • Improving the service— aggregated, de-identified usage data helps us improve reliability, pricing, and coverage.

Data Shared with Third Parties

We share your data only as necessary to operate the service:

  • Anthropic— task descriptions are sent to Anthropic's Claude API for AI-powered research and quoting.
  • Stripe— payment and billing data for processing charges and refunds.
  • Clerk— authentication and identity management for web and OAuth-based sign-in.
  • Resend— email addresses for transactional email delivery.
  • Telegram— task-related messages are relayed to taskers via Telegram. Your name and email are never shared with taskers.
  • MCP clients (Claude, ChatGPT, Cursor, etc.)— when you use Doorstep through an AI client, tool responses (account status, task data, messages) flow through that client. We do not send card numbers, Stripe identifiers, tasker identity, or internal user IDs to MCP clients.
  • PostHog— anonymized usage events and session recordings for product analytics and improvement.
  • Meta— hashed email addresses, IP addresses, and browser identifiers for ad conversion measurement, sent server-side via the Conversions API and client-side via the Meta Pixel.
  • Sentry— error reports, performance data, and session replays (when errors occur) for bug fixing and reliability monitoring.

We do not sell your personal data. We share hashed, non-reversible identifiers with Meta solely for measuring ad campaign effectiveness — not for ad targeting or profiling.

Data Returned to MCP Clients

When you interact with Doorstep via an MCP-compatible AI client, our tools return:

  • Account status— your name, email, and whether billing and emergency contact are configured.
  • Task data— task descriptions, plans, status, cost breakdowns, and completion details.
  • Messages— messages exchanged between you and the tasker.

We never return card numbers, Stripe identifiers, tasker identity, full phone numbers, or internal database identifiers to MCP clients.

Data Security

We use HTTPS/TLS for all data in transit. Passwords are cryptographically hashed. Payment credentials are managed by Stripe and never touch our servers. API keys are generated with cryptographically secure randomness. Access to production data is restricted to authorized personnel.

Data Retention

We retain your account data and task history for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where retention is required by law (e.g., financial records for tax compliance).

Your Rights

You may:

  • Access your data via the dashboard or MCP tools.
  • Correct your account information via the settings page or update_settings tool.
  • Delete your account and associated data by contacting us at support@trydoorstep.app.
  • Export your task history by contacting us at the email above.

Cookies and Analytics

We use cookies and similar technologies to operate the service and measure usage:

  • Google Analytics cookies (_ga, _gid) — anonymized usage statistics and page views.
  • PostHog— product analytics and session recording. PostHog requests are proxied through our domain and do not set third-party cookies.
  • Meta Pixel cookies (_fbp, _fbc) — ad conversion measurement. We also send matching events server-side via Meta's Conversions API.

You can opt out of analytics cookies by using a browser extension, disabling cookies, or adjusting your browser's privacy settings.

Children

Doorstep is not intended for use by anyone under 18. We do not knowingly collect data from minors.

Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or through the service. Continued use after changes constitutes acceptance.

Contact

For questions about this privacy policy or your data, contact us at support@trydoorstep.app.