Privacy Policy

1. Information We Collect

We collect information you provide directly to us, information generated through your use of the Service, and certain information from third parties (such as payment processors).

1.1 Information You Provide

Depending on how you use the Service, you may provide:

• Account and profile data: first name, last initial (where applicable), apartment/unit number, building, email, phone number, username/handle, profile photo (if any), account preferences.
• Identity verification data: We may request your full real name, government-issued identification, proof of residency, or other verification documents at any time for fraud prevention, account security, dispute resolution, legal compliance, or investigation of policy violations. Failure to provide requested verification may result in account restrictions.
• Building membership data: building name, membership status, verification details (e.g., invitation codes or other verification steps).
• Listings and item content: titles, descriptions, categories, prices, photos/videos, and other listing details.
• Orders and transaction data: items bought/sold, order timestamps, delivery preference chosen, delivery time window (for door delivery), dispute and refund actions, and other transaction metadata.
• Messages and communications: in-app messages and attachments (if messaging is enabled), including content you send to other users or to support.
• Support communications: emails, in-app support requests, and feedback.

1.2 Delivery and Proof-of-Delivery Data

To operate delivery features and reduce fraud, we may collect and store:

• Delivery preference selection (e.g., door delivery, lobby/receiving area, front desk) and building-specific delivery configuration data.
• Delivery time window information (e.g., a 3-hour delivery window for door delivery).
• Proof-of-delivery photos captured using the in-app camera, including one or more images depending on delivery type.
• Watermark data applied server-side (e.g., OrderID, server timestamp, building name, delivery method).
• Delivery status events (accepted, delivered, confirmed/auto-confirmed, disputed, resolved).

Important: Delivery photos may include the buyer's unit number, door numbers, lobby/desk context, and other visible surroundings. We recommend users avoid capturing sensitive personal documents in photos.

1.3 Payment and Identity Signals (Stripe)

Payments are processed by third parties (e.g., Stripe). We do not store full credit card numbers or bank account numbers. We may store:

• Stripe Customer ID (for buyers)
• Stripe Connect Account ID (for sellers)
• Transaction identifiers, payout identifiers, and dispute/chargeback metadata (as provided by processors)

We may use these identifiers and related signals to operate payments, prevent fraud, and help prevent users from evading enforcement actions (e.g., bans).

1.4 Automatically Collected Technical and Usage Data

When you use the Service, we automatically collect certain information, such as:

• Device and app data: device type, operating system, app version, language, time zone, device identifiers (where permitted), and diagnostic data.
• Log and performance data: IP address, event timestamps, crash reports, and performance metrics.
• Usage analytics: screens viewed, taps, scroll behavior, session duration, and feature usage patterns.
• Push notification tokens to send notifications to your device.

1.5 Location Information (Limited)

We may collect approximate location or building-level location context (e.g., the building marketplace you belong to) to help verify membership and support fraud prevention. We do not share precise GPS location with other users. If we ever add optional location features, we will disclose them in-app and update this Policy.

2. How We Use Information

We use the information we collect to:

• Operate the marketplace (create accounts, show listings, facilitate orders, and provide building-based access).
• Verify building membership and enforce building-level access controls.
• Process payments and payouts through Stripe and manage refunds, disputes, and chargebacks.
• Enable delivery features, including delivery preference selection, delivery windows, proof-of-delivery photo workflows, and delivery status notifications.
• Apply server-side watermarking and maintain delivery evidence for dispute handling and fraud prevention.
• Provide customer support and respond to inquiries.
• Prevent fraud, abuse, and policy violations, including:
  • identifying suspicious activity patterns,
  • enforcing "one account per person" and anti-evasion measures,
  • limiting off-platform circumvention attempts.
• Moderate content and user safety, including investigating reports of harassment, stalking, threats, or prohibited items.
• Use AI-assisted tools to support product functionality and trust & safety (see Section 6).
• Improve the Service, including analytics, troubleshooting, and feature development.
• Comply with law and enforce our rights, including responding to legal requests and maintaining required records.
• Create aggregated or de-identified data for analytics and improvement (not intended to identify you personally).

3. How Information Is Shared

We do not sell your personal information.

We may share information in these situations:

3.1 With Other Users (Within Your Building)

To enable the marketplace, other users may be able to see:

• your listings and listing content,
• your handle/username and limited profile information shown in-app,
• transaction status relevant to their order.

Identity sharing for delivery: After a seller accepts an order, the Service may display to the seller the buyer's first name + last initial + apartment/unit number for delivery purposes (as configured by the Service and building rules).

3.2 Proof-of-Delivery Visibility

Proof-of-delivery photos are generally accessible to:

• the buyer and seller involved in the order, and
• 2Doors staff/contractors for support, disputes, trust & safety, and fraud prevention.

We do not intend for delivery photos to be publicly visible to other users.

3.3 With Building Management / Staff (Limited)

We may share limited information with building management or staff if necessary for:

• building access verification,
• safety incidents,
• enforcing building rules,
• investigating fraud or abuse,
• responding to lawful requests.

3.4 With Service Providers

We use third-party vendors to operate the Service and may share information needed for them to perform services on our behalf, such as:

• Stripe (payments, payouts, disputes)
• Firebase/Google (authentication, Firestore database, storage, analytics, crash reporting)
• AI providers (including OpenAI) (see Section 6)
• Customer support and analytics tools (if used)

3.5 Legal, Safety, and Compliance

We may share information if we believe in good faith it is reasonably necessary to:

• comply with law, regulation, legal process, or governmental request,
• protect the rights, safety, or property of 2Doors, our users, Buildings, or the public,
• detect, prevent, or address fraud, security, or technical issues.

3.6 Business Transfers

If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction, subject to this Policy or a successor policy with comparable protections.

4. Data Storage and Retention

4.1 Where Data Is Stored

We store data using Firebase services (including Firestore, Authentication, and Storage) and may use additional infrastructure to operate the Service. Some information may be cached locally on your device.

4.2 Retention Periods

We retain information as long as necessary to provide the Service and for legitimate business purposes, including payments, fraud prevention, safety, compliance, and dispute resolution.

Delivery photos: Delivery proof photos are retained for up to 180 days, then deleted, unless:

• a dispute, claim, chargeback, investigation, or legal obligation requires longer retention, in which case we may retain relevant evidence longer (for example, until the matter is resolved).

Transaction and payment records: We may retain transaction records longer for accounting, tax, compliance, dispute, and fraud prevention purposes.

4.3 Account Deletion

If you request account deletion, we will delete or anonymize personal information within a reasonable period, except where we must retain certain data for legal obligations or legitimate business purposes (e.g., payment dispute records, fraud prevention logs, tax/accounting).

5. Messaging, Anti-Circumvention, and Safety Monitoring

If messaging is enabled, we may process message content to:

• deliver messages,
• detect spam and abuse,
• enforce policies against harassment and threats,
• reduce off-platform circumvention attempts (e.g., sharing phone numbers/emails for payment avoidance).

We may restrict, block, or redact certain content in messages (such as phone numbers/emails) to help enforce platform rules and protect users.

6. AI and Automated Processing (Including Images)

6.1 AI Suggestions for Listings

We may use AI to suggest listing titles, descriptions, categories, or pricing. You are responsible for reviewing and approving listing content before posting.

6.2 AI-Assisted Trust & Safety (Disputes / Photo Validation)

We may use AI-assisted tools (including OpenAI) to help evaluate proof-of-delivery photos and related dispute evidence for:

• fraud detection,
• consistency checks (e.g., delivery method vs. visible context),
• authenticity signals.

Important: AI outputs are probabilistic and may be inaccurate. AI signals are used as one factor in our review processes and may be combined with other evidence and platform records.

6.3 What We Share with AI Providers

If AI features are used, we may share:

• text you submit (e.g., listing descriptions),
• images you submit (e.g., listing photos or delivery proof photos),
• limited metadata needed for processing (e.g., order context required for validation).

We share only what is reasonably necessary to provide the AI feature.

7. Delivery Protection (Data Handling)

If the Service offers optional Delivery Protection for certain delivery methods (e.g., lobby/desk), we may collect and use:

• the selected protection tier (if any),
• deductible and coverage limit (calculated at purchase),
• claim submissions and timestamps,
• claim outcomes and related evidence.

We use this information to process claims, prevent abuse, and enforce claim limits.

8. Data Security

We implement reasonable technical and organizational measures to protect information, including:

• encryption in transit (HTTPS/TLS),
• access controls and logging,
• secure authentication,
• monitoring for suspicious activity.

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights and Choices

Depending on your jurisdiction, you may have rights to:

• access your personal information,
• correct inaccurate information,
• delete your account (subject to retention needs),
• object to or restrict certain processing,
• request a portable copy of your data (where feasible),
• opt out of non-essential marketing communications.

To exercise these rights, contact: support@msparllc.com. We may require identity verification before responding.

9.1 Identity Verification Requirements

We reserve the right to request your real name, government-issued identification, proof of residency, or other verification information at any time for:

• fraud prevention and account security,
• dispute resolution,
• compliance with legal obligations,
• investigation of Terms of Use violations (including prohibited content, fraud, or impersonation),
• payment processing and tax reporting requirements.

Failure to provide requested verification within a reasonable time period may result in account suspension, termination, or restriction of access to certain features. Verification information will be handled in accordance with this Policy and used solely for the purposes stated above.

10. Children's Privacy

The Service is not intended for individuals under 21. We do not knowingly collect personal information from individuals under 21. If you believe a minor has provided personal information, contact us and we will take steps to delete it as appropriate.

11. International Data Transfers

Your information may be processed in the United States or other countries where we or our service providers operate. By using the Service, you consent to such transfers where permitted by law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last Updated" date and may provide notice in-app or by email where required. Continued use after changes become effective constitutes acceptance.

13. Contact

If you have any questions about this Privacy Policy or our data practices, please contact: