Privacy Policy
Last updated: 7 July 2026
This policy explains how Handover handles personal data when you visit our website, join our early-access list, create delivery pages, upload files, or receive a delivery link. It is written as a practical product overview and should be reviewed alongside our Terms of Service.
1. Introduction
Handover ("we", "us", or "our") provides tools for preparing, sharing, and managing client-facing file deliveries. We aim to collect only the information we need to operate the service, support users, protect accounts, and understand whether Handover is working well.
2. What Personal Data We Collect
We collect personal data you provide directly and information collected automatically:
Data you provide directly
- Account and profile details, such as name, email address, and company name
- Waitlist and early-access requests
- Delivery page content, recipient-facing copy, files, and file metadata
- Messages you send us, including support requests and feedback
- Billing information processed by our payment provider, where paid plans apply
Automatically collected data
- Log data such as IP address, browser, device, pages viewed, and timestamps
- Product usage data, such as delivery views, downloads, upload status, and feature interactions
- Cookies and similar technologies used to run the service and measure usage
3. How We Use Your Personal Data
We use your information to:
- Create accounts and provide access to Handover
- Store, present, and deliver files and delivery pages at your direction
- Generate links, previews, download access, passwords, expiry controls, and metrics
- Respond to support requests, feedback, and early-access enquiries
- Maintain security, prevent abuse, debug issues, and improve reliability
- Send service updates and product communications, where permitted
- Process payments and comply with legal, tax, and accounting obligations
4. Lawful Basis for Processing
We rely on one or more lawful bases under UK GDPR, including:
- Performance of a contract: to provide Handover and fulfil service requests
- Consent: where you have opted in, for example to certain marketing emails
- Legitimate interests: for product improvement, analytics, support, and security
- Legal obligations: to comply with applicable laws and respond to legal requests
5. Cookies and Tracking Technologies
We use cookies and similar technologies to operate our service, analyse usage, and improve performance. Some cookies are essential for authentication and security. Others, such as analytics cookies, are used where permitted by law and your choices.
6. Sharing and Disclosure of Personal Data
We may share your data with:
- Service providers and partners who help operate the service including hosting, storage, analytics, email delivery, authentication, support, and payments
- Legal authorities or third parties if required by law or to protect rights and safety
- Business transfers: if the business is sold or reorganised, data may be part of transferred assets
We do not sell your personal data. We do not use files uploaded to Handover to train AI models.
7. International Transfers
Your information may be processed outside the UK or European Economic Area by us or our service providers. Where this occurs, we use appropriate safeguards where required, such as adequacy decisions, standard contractual clauses, or equivalent measures.
8. Data Retention
We retain personal data only as long as reasonably necessary for the purposes described in this policy, including providing the service, maintaining security, resolving disputes, and meeting legal obligations. Delivery content and files are retained while they are active in your account, subject to product settings, deletion choices, backup windows, and any legal requirements.
9. Your Rights
Under UK GDPR, you may have the right to:
- Access your personal data
- Correct or update inaccurate data
- Erase your data ("right to be forgotten")
- Restrict or object to processing
- Withdraw consent at any time (where processing is based on consent)
- Data portability
- Lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe your rights are not upheld
To exercise your rights, please contact us at privacy@hndvr.io.
10. Security
We implement reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration. These measures include account authentication, access controls, encrypted transport, and operational monitoring. However, no system is totally secure and we cannot guarantee absolute protection.
11. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. The updated policy will be posted with a revised "Last updated" date. Significant changes will be communicated where required.