KnocKnock KnocKnock
Log in Get started

Privacy Policy

Last updated: June 14, 2026

This Privacy Policy explains how KnocKnock (“KnocKnock,” “we,” “us,” or “our”), a product operated by Davis Roofing Solutions, collects, uses, discloses, and protects information in connection with the KnocKnock website, web dashboard, mobile application, and related services (collectively, the “Services”). Please read it carefully. By using the Services you acknowledge the practices described here.

1. Who this policy covers, and our two roles

KnocKnock is a business-to-business platform that door-to-door sales and canvassing organizations (“Customers”) use to manage field teams. Our privacy responsibilities differ depending on whose information is involved:

  • As a “controller” / “business”: for the account, billing, and website information of the Customers and individual users (owners, admins, managers, and reps) who sign up for and operate the Services, we decide how that information is used and this policy governs directly.
  • As a “processor” / “service provider”: for information that a Customer’s team collects and stores in the platform about the people and properties they canvass (for example, prospect and homeowner names, addresses, contact details, notes, and door-knock outcomes), and for rep location data collected on the Customer’s behalf, we act on that Customer’s instructions. The Customer is the controller of that information. If you are a member of the public whose information was entered into KnocKnock by a canvassing company, please see Section 13 and contact that company directly; we will assist them in responding to your request.

2. Information we collect

2.1 Information you provide

  • Account & workspace data: name, work email, password (stored only as a salted hash), company/workspace name, role, team assignment, and profile details.
  • Company information: business name, phone, email, address, and team/seat counts.
  • Field data entered by reps: door-knock records (addresses, timestamps, outcome/pin type, notes), territories you draw, custom pins and KPIs, and leads/prospect records (names, addresses, phone numbers, email addresses, statuses, and notes about prospects and customers).
  • Documents & e-signatures: files you upload (such as contracts), the field/token layouts you configure, and the signer name, typed/drawn signature image, signed date, and resulting signed documents.
  • Communications: team chat messages, demo/contact requests, and messages you send to us for support.

2.2 Information collected automatically

  • Precise geolocation. The Services are designed for field work and collect precise GPS location from a rep’s device, including continuous (“always-on”) background location while the rep is working, route history, live position shared with their managers and teammates, and the coordinates attached to each logged door-knock. Precise geolocation is treated as sensitive information under several laws. See Section 4.
  • Device & usage data: IP address, browser/device type, operating system, app version, pages and features used, log and diagnostic data, and timestamps.
  • Cookies & similar technologies: see Section 7.
  • Push notification tokens: if you enable notifications, a device/browser token used to deliver milestone and manager alerts.

2.3 Information from third parties

  • Reverse geocoding: we convert coordinates into street addresses using mapping/geocoding providers.
  • Property & owner data: where enabled, we may retrieve property and owner-of-record information for an address from third-party property-data providers.
  • CRM connections: if a Customer connects a CRM (e.g., HubSpot or Salesforce), data may flow to and from that CRM at the Customer’s direction.
  • Payment processor: our payment provider gives us limited billing details (e.g., subscription status, the last four digits and brand of a card). We never receive or store full card numbers.

3. How we use information

  • Provide, operate, secure, and improve the Services and their features (territories, tracking, knock logging, leaderboards, KPIs, reports, documents/e-signature, chat, and notifications).
  • Authenticate users, enforce roles and permissions, and keep each workspace’s data isolated from others.
  • Show reps’ live and historical locations and door-knock activity to authorized members of the same workspace, and power leaderboards, milestone announcements, reports, and out-of-territory alerts.
  • Process payments, manage trials and subscriptions, and prevent fraud.
  • Send transactional and service messages (invites, trial and billing notices, security alerts) and, where permitted, product updates.
  • Provide support, respond to requests, and enforce our terms.
  • Comply with legal obligations and protect the rights, safety, and property of users, the public, and KnocKnock.

4. Location data (important)

Because canvassing happens in the field, precise location is central to the Services. Reps’ devices may share location continuously in the background during working hours so that managers can see live positions, validate that knocks occur within assigned territories, and reconstruct routes. Reps and Customers should understand and consent to this collection before use; Customers are responsible for informing their team members and obtaining any consent required by law or by employment agreements. Mobile operating systems let a user review and revoke location permissions at any time through device settings, though doing so will limit core functionality. We retain location data as described in Section 9 and treat it as sensitive personal information.

5. How we share and disclose information

We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising. We disclose information only as follows:

  • Within your workspace: to other authorized members of your Customer organization, according to their role and permissions (for example, managers can see reps’ locations, leads, and stats).
  • Service providers / subprocessors: vendors who process data on our behalf under contract and only to provide the Services (see Section 6).
  • At a Customer’s direction: for example, syncing data to a connected CRM the Customer chose to enable.
  • Legal & safety: to comply with law, legal process, or governmental request, and to protect rights, safety, and property.
  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this policy.
  • With your consent: for any other purpose disclosed to you.

6. Subprocessors

We use reputable third parties to run the Services. These currently include, by category:

  • Hosting & infrastructure: WP Engine (managed WordPress hosting).
  • Payments: Stripe (subscription billing and card processing).
  • Email delivery: our transactional email/SMTP provider.
  • Push notifications: our push-notification provider.
  • Maps & geocoding: our mapping and reverse-geocoding providers.
  • Property data: property/owner-data providers (where enabled).
  • CRM (Customer-directed): e.g., HubSpot, Salesforce.

Each subprocessor is bound to appropriate confidentiality and data-protection obligations. We will provide an up-to-date list on request.

7. Cookies and similar technologies

We use strictly necessary cookies to authenticate users, keep you signed in, and maintain session security, and we use limited analytics/diagnostic data to keep the Services reliable. We do not use third-party advertising or cross-site tracking cookies. You can control cookies through your browser, but disabling essential cookies will prevent sign-in.

8. Security

We use administrative, technical, and physical safeguards designed to protect information, including encryption of data in transit (HTTPS), hashed-and-salted password storage, role- and permission-based access controls, per-workspace data isolation, and restricted access to production systems. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a breach affecting your information, we will notify affected parties as required by law.

9. Data retention

We retain account and workspace information for as long as the account is active and as needed to provide the Services. Operational field data (such as knock logs, location history, leads, and documents) is retained for the period the Customer configures or as needed for the Customer’s legitimate business and legal purposes; location history in particular may be aggregated or pruned over time. When an account is closed, we delete or de-identify personal information within a commercially reasonable period, except where retention is required for legal, accounting, security, or dispute-resolution purposes. Customers may request export or deletion of their workspace data as described below.

10. International data transfers

We operate primarily in the United States, and information we collect may be processed and stored in the United States and other countries where we or our subprocessors operate. These countries may have data-protection laws different from those in your jurisdiction. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

11. Your privacy rights

Depending on where you live, you may have some or all of the following rights regarding your personal information: to access or obtain a copy of it; to correct it; to delete it; to obtain portability; to object to or restrict certain processing; to withdraw consent; and to limit the use or disclosure of sensitive personal information.

If your information is held by KnocKnock on behalf of a Customer (Section 1), we will refer your request to that Customer and assist them. Otherwise, you can exercise your rights using the contact details in Section 14. We will verify your identity before responding and will not discriminate against you for exercising your rights. You may use an authorized agent where the law permits.

11.1 European Economic Area / United Kingdom (GDPR)

Where the GDPR or UK GDPR applies and KnocKnock is the controller, our legal bases for processing are: performance of a contract (to provide the Services); legitimate interests (to operate, secure, and improve the Services, balanced against your rights); consent (for example, optional communications or, where applicable, location and notifications); and compliance with legal obligations. You also have the right to lodge a complaint with your local supervisory authority.

11.2 California (CCPA/CPRA)

In the prior 12 months we may have collected the categories of personal information described in Section 2, including identifiers, contact and commercial information, internet/usage activity, precise geolocation (a category of sensitive personal information), and audio/electronic information (such as signatures). We collect it for the business purposes in Section 3 and disclose it to the parties in Sections 5–6. We do not sell or share personal information as those terms are defined under the CPRA, and we do not knowingly sell or share the personal information of minors. California residents have the rights to know, access, correct, delete, opt out of sale/sharing (not applicable, as we do none), and to limit the use of sensitive personal information; we only use sensitive information (such as precise geolocation) to provide the Services and as otherwise permitted. We will not discriminate against you for exercising these rights.

11.3 Other U.S. states

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, and others) have rights to access, correct, delete, and obtain a copy of their personal data, and to opt out of targeted advertising, sale, and certain profiling. We do not engage in targeted advertising, the sale of personal data, or profiling that produces legal or similarly significant effects. You may appeal a decision on your request by contacting us.

12. Marketing and electronic communications

We send transactional messages necessary to operate the Services (which you cannot opt out of while you have an account). With your permission where required, we may send product updates; you can unsubscribe from those at any time using the link in the message or by contacting us. Any SMS or calls made by Customers to prospects are the responsibility of the Customer, who must comply with applicable laws (including the TCPA and CAN-SPAM) and obtain any necessary consent.

13. Prospects, homeowners, and other non-users

If you are a member of the public and a canvassing company recorded information about you or your property in KnocKnock, that company — not KnocKnock — is the controller of that information and decided to collect it. To access, correct, or delete it, please contact the company that knocked on your door. If you are unsure who that is, contact us using Section 14 and we will make reasonable efforts to route your request to the appropriate Customer.

14. Children’s privacy

The Services are intended for businesses and their personnel and are not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us personal information, contact us and we will delete it.

15. Third-party links and services

The Services may link to or integrate with third-party websites and services (such as CRMs, maps, or payment pages). Their privacy practices are governed by their own policies, and we are not responsible for them.

16. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last updated” date and, where appropriate, provide additional notice. Your continued use of the Services after an update means you accept the revised policy.

17. How to contact us

For privacy questions or to exercise your rights, contact us at:

KnocKnock — a product of Davis Roofing Solutions
Email: support@knocknockpro.com
Attn: Privacy