logo

Privacy Policy: Doorman

Last Updated: May 23, 2025

1. Introduction

Welcome to Doorman (the "Service"), a student focus and attendance application provided by Doorman Inc. ("we," "us," or "our"). We are based in California and operate in the United States. We are committed to protecting the privacy of students, educators, and parents who use our Service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App") and administrative dashboard (the "Dashboard"). While the underlying technology that enables some of our Service's features is a Virtual Private Network (VPN), Doorman is primarily a student focus and attendance tool.
This Service is designed for educational institutions ("Schools" or "Districts") to enforce digital compliance by restricting access to non-educational internet-connected applications and websites during specified hours and to provide administrators with detailed usage reports. In addition, the application allows users to take class-based attendance using a 'tap' feature.
We are committed to complying with applicable federal and state privacy laws, including the Family Educational Rights and Privacy Act (FERPA), the Student Online Personal Information Protection Act (SOPIPA), and Children's Online Privacy Protection Act (COPPA).
Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

We collect information in various ways when you use our Service. This information is necessary to provide and improve our Service, ensure compliance, and maintain security.
A. Information Provided by Schools/Districts:

  • School/District Information: Contact details for the institution, administrator account information (name, email, role).
  • Student Roster Information: To create and manage student accounts, we integrate with School Information Systems (SIS) or Single Sign-On (SSO) providers such as Google and Microsoft. This may include student names, student IDs, grade levels, class schedules, and email addresses (if applicable). We only collect the minimum necessary information required for the Service to function.
  • Policy Configuration Data: Whitelists and blacklists of applications and websites, restriction schedules (time-based), classroom-specific settings, and other policy parameters defined by administrators.

B. Information Collected Automatically from Student Devices:

  • Device and App Information (Anonymous Analytics): We collect anonymous information about device type, operating system, and app version for app analytics purposes to improve service functionality. This data is not tied to individual student accounts. Unique device identifiers and IP addresses are used solely for the VPN functionality and are not used for tracking or analytics.
  • NFC Classroom Check-In Data: When students tap their devices against NFC tags, we collect data confirming their presence in a specific classroom at a specific time to activate or deactivate restrictions. This includes the NFC tag identifier, student identifier, and timestamp.
  • Service Connection and Usage Data (Activity Logs for Policy Enforcement):
    • Data regarding the student's connection to our service (e.g., connection timestamps, duration) for the purpose of school administrator policy enforcement.
    • Information about internet activity attempts while the VPN is active (e.g., attempted access to blocked sites/apps). The content of web traffic itself is anonymized and not inspected or logged.
    • Timestamps of when restrictions are active ("Focus Mode: Enabled").
    • Blocked access attempts.
    • Aggregated data on focus time and application/website categories attempted to be accessed.
    • Anonymization of Web Traffic: While connection metadata and policy enforcement events are logged, the actual content of student web traffic passing through the VPN is anonymized (e.g., by not inspecting, logging, or storing payload data from the traffic) and not monitored or stored by Doorman. Student activity logs visible to administrators focus on compliance with school policies (e.g., attempts to access blocked content, focus time) rather than detailed browsing history. Identifiable student data related to policy enforcement is only accessible to authorized school personnel with appropriate permissions, in accordance with school policy and applicable law.

C. Information Related to Teachers and Administrators:

  • Account Information: Name, email address, role (e.g., IT staff, teacher, district administrator), and permissions associated with their account.
  • Action Logs: Records of actions taken within the Admin Dashboard, such as policy creation, updates, report generation, and approval requests for websites/apps.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To Provide and Manage the Service:
    • Authenticate users (students, administrators, teachers).
    • Enforce access restrictions based on school-defined policies.
    • Activate and deactivate restrictions via NFC check-in and monitor service connection status.
    • Process teacher requests for website/app approvals.
    • Push automated policy updates to student devices.
    • Provide customer support and respond to inquiries.
  • For Monitoring and Reporting (for Schools/Districts):
    • Generate aggregated and individualized (where authorized by the School/District for policy enforcement) usage reports for Schools/Districts.
    • Provide real-time monitoring of policy compliance for authorized administrators.
    • Compile daily/weekly summaries of student activity related to policy adherence, including blocked access attempts and focus time metrics.
  • For Communication:
    • Communicate with administrators about service updates, security alerts, and support issues.
  • To Improve Our Service:
    • Analyze anonymous app analytics and aggregated usage patterns to understand how our Service is used and identify areas for improvement.
    • Develop new features and functionalities.
    • Ensure the security and integrity of our Service.
  • For Compliance and Legal Obligations:
    • Comply with applicable laws and regulations, including FERPA, SOPIPA, and COPPA.
    • Respond to lawful requests from government authorities.
    • Enforce our terms of service and other agreements.

4. How We Share Your Information

We do not sell student personal information. We share information only in the following limited circumstances:

  • With Your School/District: All information collected through the Service for the purpose of policy enforcement and reporting is accessible to the respective School/District that has contracted our Service. They are the primary data controllers for student information.
  • With Parents/Guardians (As Directed by School/District): We will only share student information with parents/guardians in compliance with, and at the express direction of, the School/District that has contracted our service, and in accordance with applicable laws like FERPA.
  • Service Providers: We may share information with third-party vendors, consultants, and other service providers who perform services on our behalf (e.g., Google Cloud Platform for cloud hosting, data analytics platforms for our internal service improvement only). These service providers are contractually obligated to protect the confidentiality and security of the information and are restricted from using it for any other purpose not explicitly authorized by us for providing or improving the Service.
  • For Legal Reasons: We may disclose information if required to do so by law or in the good faith belief that such action is necessary to:
    • Comply with a legal obligation or a request from law enforcement or other government officials.
    • Protect and defend our rights or property.
    • Prevent or investigate possible wrongdoing in connection with the Service.
    • Protect the personal safety of users of the Service or the public.
  • Anonymized or Aggregated Data (Internal Use): We may use anonymized or aggregated data that does not directly identify individuals for internal research, analysis, and service improvement purposes. We will not share this anonymized or aggregated data with external third parties for their own research, analysis, or other purposes.

5. Data Security

We implement robust security measures designed to protect your information from unauthorized access, use, alteration, and disclosure. These measures include:

  • End-to-End Encryption: All data transmitted between student devices, our VPN servers, and the Admin Dashboard is encrypted using industry-standard protocols.
  • Secure Authentication: Integration with SIS or SSO providers like Google and Microsoft for secure identity management.
  • Access Controls: Role-based access controls limit access to data based on user permissions.
  • Data Minimization: We adhere to data minimization principles, collecting only the specific categories of information detailed in Section 2 ('Information We Collect') that are strictly necessary to provide, maintain, and improve the Service.
  • Regular Security Audits: We conduct regular security assessments and audits to identify and address potential vulnerabilities.
  • Data Storage: Data is stored on secure servers (e.g., Google Cloud Platform) with appropriate physical and electronic safeguards.

While we take reasonable precautions to protect your information, no security system is impenetrable, and we cannot guarantee the absolute security of your data.

6. Data Retention

We retain personal information for as long as necessary to provide the Service to the School/District, comply with our legal obligations, resolve disputes, and enforce our agreements.

  • Student Data: Student data is retained as directed by the School/District. Upon termination of the contract with a School/District, or at their request, we will securely delete or de-identify student personal information in accordance with the terms of our agreement with them and applicable law.
  • Anonymized Data: We may retain anonymized or aggregated data indefinitely for our internal analytical and service improvement purposes.

7. Your Rights and Choices

Schools/Districts are the primary controllers of student data. Students and parents should direct any requests regarding their personal information to their respective School/District.

  • Access and Correction: Schools/Districts can access and update their information and student roster information through the Admin Dashboard or by contacting us. Parents may have rights to review their child's educational records as provided by FERPA, and should contact their School/District for such requests.
  • Opt-Out of Communications: Administrators can opt-out of receiving non-essential communications from us by following the unsubscribe instructions in those communications.
  • Data Deletion: Schools/Districts can request the deletion of their data and student data associated with their account by contacting us.

8. Children's Privacy (COPPA, FERPA, SOPIPA)

Our Service is intended for use by educational institutions. We are committed to complying with:

  • COPPA (Children's Online Privacy Protection Act): We collect personal information from children under 13 only with the consent and direction of their School/District, which acts as the agent of the parent/guardian for the purposes of COPPA consent in the educational context. We do not knowingly collect personal information from children under 13 for any other purpose. If we learn that we have collected personal information from a child under 13 without appropriate consent, we will take steps to delete that information.
  • FERPA (Family Educational Rights and Privacy Act): We act as a "school official" under FERPA, as defined by the U.S. Department of Education. We receive student data from Schools/Districts and use it only for legitimate educational interests and the purposes for which it was disclosed to us, as outlined in this Privacy Policy and our agreements with Schools/Districts.
  • SOPIPA (Student Online Personal Information Protection Act): We comply with SOPIPA and similar state laws governing student data privacy. We do not use student data for targeted advertising, create profiles of students for non-educational purposes, or sell student data.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify Schools/Districts by email or through a prominent notice within the Admin Dashboard prior to the change becoming effective. We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after any modifications to this Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

10. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at info@derivative.dev.

For parent questions specifically related to your child's data or school policies, please contact your School/District administration directly.