Privacy Policy

Last updated: March 26, 2026

1. Information We Collect

We collect the following information when you use The Handover:

• Account information: Email address, name, and avatar from your OAuth provider (Google or GitHub).
• Decision data: Action descriptions, context, approver emails, urgency levels, responses, and timestamps submitted through the API.
• Usage data: API request counts, decision statistics, and rate limit counters tied to your API keys.
• Audit logs: Records of decision events (created, opened, resolved, expired) for accountability.

2. How We Use Your Information

• To provide and operate the Service (routing decisions, sending notifications).
• To enforce rate limits and usage quotas.
• To generate audit trails for your account.
• To communicate with you about your account and service updates.

3. Data Sharing

We do not sell your data. We share information only as necessary to provide the Service:

• Email delivery: Approver emails and decision content are passed to our email provider (Resend) to send notifications.
• Authentication: OAuth tokens are exchanged with Google/GitHub for login.
• Webhooks: If you configure a callback URL, decision data is sent to your specified endpoint.

4. Data Storage and Security

Data is stored in Supabase (PostgreSQL) with encryption at rest. API keys are stored as SHA-256 hashes — we never store your raw key. All traffic is encrypted via TLS.

5. Data Retention

• Free tier: Audit logs retained for 7 days.
• Pro tier: Audit logs retained and exportable.
• Decision data: Retained for the duration of your account.
• You may request deletion of your data by contacting us.

6. Your Rights

You have the right to:

• Access and export your decision data via the API or dashboard.
• Request correction or deletion of your personal data.
• Close your account at any time.

7. Cookies

We use localStorage for session tokens (access and refresh tokens). We do not use tracking cookies or third-party analytics.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or dashboard notification.

9. Contact

For privacy-related inquiries, email us at support@thehandover.xyz.