Last updated: March 24, 2026
Account information: When you create an account, we collect your name, email address, and password. Passwords are encrypted using industry-standard hashing and are never stored in plain text. If you sign in with Google, we receive your name, email, and profile picture from Google.
Content you upload: Files (images, PDFs, videos, ZIPs), links, project details, comments, invoice data, and any notes you add. This content is uploaded and stored at your direction.
Client information: When you create projects or invoices, you provide your client's name and email address. When clients access a portal link, they voluntarily enter their name and email to participate in reviews.
Payment method handles: You may store PayPal usernames, Venmo handles, Cash App tags, or Stripe payment links for display on invoices. We do not process payments or store credit card numbers.
Google Drive tokens: If you connect Google Drive for backups, we store OAuth access and refresh tokens to upload files to your Drive on your behalf. We only access files and folders that Handoff creates — we cannot read your existing Drive files.
Technical data: IP addresses (for rate limiting only, not stored long-term), browser type, and session cookies necessary for authentication. We do not use analytics or tracking cookies.
We use your information to:
We do not sell, rent, or share your personal information with advertisers or data brokers. We do not use your content to train AI models.
Database: Account data, project metadata, comments, invoices, and notification records are stored in Supabase Postgres with Row Level Security (RLS) policies that enforce data isolation between users at the database level.
File storage: Uploaded files are stored in Cloudflare R2 (S3-compatible object storage). Files are organized by user ID and project, and access paths are validated server-side to prevent unauthorized access.
Authentication: Handled by Supabase Auth with support for email/password and Google OAuth. Sessions use secure, HTTP-only cookies. Sensitive operations (password change, email change) require re-authentication.
Encryption: All data in transit is encrypted via TLS/HTTPS. Supabase encrypts data at rest. Passwords are hashed using bcrypt.
Security measures: API routes verify authentication tokens, upload paths are validated to prevent directory traversal, email notifications are rate-limited and throttled, and security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy) are set on all responses.
We use the following services to operate Handoff:
Each service has its own privacy policy governing how it handles your data.
When you share a project portal link with a client, they can view deliverables, leave comments, and approve or request changes — all without creating an account. Portal links use randomly generated 12-character tokens that are unguessable and do not expose your personal information.
Clients voluntarily provide their name and email when entering the portal. This information is stored in their browser (localStorage) and used to attribute comments and send notifications to you. Client names and emails are visible to you (the project owner) but not to other clients.
Image and video previews in the client portal display watermarks until you mark the project as complete and approve the deliverables. Watermarked downloads burn the watermark into the file. Clean downloads are only available after release.
Invoices you create are stored in our database. When you send an invoice, the client receives an email with a link to a public invoice page. Only invoices with "sent" or "paid" status are accessible via the public link — draft invoices are never exposed. Invoice data includes your name, client name, client email, line items, payment method handles, and branding (logo, accent color).
If you connect Google Drive, we request the drive.file OAuth scope, which only allows Handoff to access files and folders it creates. We cannot read, modify, or delete your existing Drive files.
When you initiate a backup, your files are streamed from our storage to your Google Drive. We store your OAuth tokens (encrypted at rest) to perform these operations. You can disconnect Google Drive at any time from Settings, which revokes our access and deletes the stored tokens.
We retain your account data and uploaded content for as long as your account is active. You can export your data at any time via the Backups page (local JSON download or Google Drive).
When you delete your account, we delete all associated data (projects, deliverables, invoices, comments, notifications, client records, and files in storage) within 30 days. Some data may persist in encrypted database backups for up to 90 days.
You can delete individual projects, invoices, or client records at any time. Deleted files are removed from storage immediately.
You have the right to:
We use only essential cookies required for the service to function:
We do not use advertising cookies, tracking pixels, or third-party analytics.
Handoff is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
We may update this policy from time to time. We will notify you of material changes via email or through the Service. Your continued use of Handoff after changes constitutes acceptance.
For privacy-related questions, contact us at hello@justhandoff.com.