HANDOFF

Legal

Privacy Policy

Last updated: April 26, 2026

This policy explains what data Handoff collects, why we collect it, and how we use it. We aim to keep this short, plain, and honest.

What we collect

  • Account info: name, email, password (hashed), profile details you enter.
  • Client info: contact info you add for your clients (name, email, optional phone & notes).
  • Content: files, messages, project metadata you upload.
  • Payment info: billing details are handled by Stripe — we never see or store credit card numbers.
  • Usage data: basic logs (IP, browser, request paths) for security and debugging.

How we use it

  • To run the service: authenticate accounts, deliver files, send transactional emails.
  • To improve Handoff: aggregate analytics, fix bugs, plan features.
  • To bill you and process payouts via Stripe.
  • To respond to your support requests.

We do not sell your data. We do not use your Content to train AI models.

Where data lives

  • Supabase — managed PostgreSQL for accounts, projects, messages.
  • Cloudflare R2 — file storage with end-to-end encryption in transit.
  • Stripe — payments and connected accounts for creator payouts.
  • Resend — transactional email delivery.
  • Vercel — application hosting and request logs.

These providers have their own privacy policies and security practices. We've picked them because they're reputable and meet our standards.

Your rights

  • Access, edit, or delete your account info at any time from settings.
  • Request a copy of your data — email us and we'll respond within 30 days.
  • Delete your account permanently — also via settings, or by emailing us.

Cookies

We use cookies only for things that make the service work: keeping you signed in, remembering your last-used email at the portal sign-in page, and basic security checks. No third-party tracking or advertising cookies.

Children

Handoff is not intended for users under 18. We don't knowingly collect data from anyone under 18. If you believe we have, contact us and we'll delete it.

Security

We use HTTPS everywhere, hashed passwords, signed-URL access for files, and follow standard practices to protect your data. No system is perfect — if we ever experience a breach affecting your data, we'll notify you promptly.

Changes

We may update this policy. Material changes will be communicated by email or in-app at least 7 days before they take effect.

Contact

Questions about your data? Email privacy@creativehandoff.com.