Handover.today

Last updated: June 4, 2026

Privacy Policy

This policy explains how Handover.today collects, uses, stores, and shares information when you visit our website, create an account, build projects, publish handover links, or view a handover page.

References to Handover.today, Handover, "we", "us", and "our" mean the current operator of Handover.today. Handover.today does not yet list a separate registered legal entity, business name, or ABN in this policy. We will update this page if those details change. Questions about the current operator can be sent to hello@handover.today.

Who This Applies To

Handover.today is built for freelancers, studios, and small agencies who package project deliverables into a single client-ready link. This policy applies to people who create Handover accounts, recipients who view published handover pages, and visitors to our marketing site.

Handover pages often contain links to third-party services such as Figma, Google Drive, Loom, Dropbox, Notion, and similar tools. Those services are governed by their own privacy policies.

Information We Collect

Account and profile information

When you create or use an account, we collect information such as your email address, display name, sign-in method, and authentication identifiers. If you sign in with Google, we may receive profile information such as your Google account identifier, name, email, and avatar from Google.

You may also add optional profile and business details, including title, business name, business email, business phone, and author display preferences. These details can be shown on published handover pages depending on your project settings.

Project and handover content

We store the projects and deliverable cards you create, including project titles, client names, descriptions, section names, card titles, notes, URLs, provider types, publish status, timestamps, and public link identifiers. When you publish a project, Handover creates a static snapshot of the public handover page so it can be served reliably.

Usage, analytics, and attribution data

We collect first-party product analytics so we can understand whether Handover is working and keep public links reliable. This can include events such as project creation, publishing, copying a link, client page views, client link opens, sharing actions, timestamps, referrers, viewport width, and related event metadata.

If you arrive with campaign parameters, we may temporarily store attribution data such as UTM parameters, referrer, and landing path, then save first-touch and latest-touch attribution to your account after sign-in.

Security and diagnostic information

For invalid public-link requests, we may log limited security telemetry such as route, sanitized path, public ID prefix and length, reason, user agent, and a salted hash of the request IP address when configured. We do not need the full attempted public ID to diagnose these misses.

Survey responses

We may use Tally to collect product feedback. Survey submissions are processed by Tally and may include a hidden user identifier so we can mark survey completion in Handover.

Cookies and Similar Technologies

Handover uses cookies and browser storage for core product flows.

  • Authentication cookies from Supabase keep you signed in and protect account-only areas of the app.
  • ho_attr temporarily stores pre-sign-up attribution data for up to one hour.
  • ho_uid stores your user ID for creator-view detection on Handover-owned domains, so your own views do not inflate client view counts.

You can control cookies through your browser settings, but disabling necessary cookies may prevent account sign-in or product features from working correctly.

How We Use Information

  • Provide, operate, and secure Handover.
  • Authenticate users and manage accounts.
  • Create, publish, host, and update handover pages.
  • Show author and business details according to project settings.
  • Measure product usage, activation, and client engagement.
  • Diagnose bugs, abuse, invalid public links, and reliability issues.
  • Respond to support requests and communicate service updates.
  • Comply with legal obligations and enforce our terms.

Published Handover Pages

Published handover pages are designed to be shared with clients using a stable, unguessable link. Anyone with the link may be able to view the published page unless access controls are added in the future or configured for that page.

Published pages may include project information, deliverable links, notes, provider labels, author details, business contact details, and timestamps. Do not publish information unless you have the right to share it with the intended recipients.

Public handover pages are marked to discourage search indexing, but noindex metadata is not the same as private access control.

How We Share Information

We do not sell personal information. We share information with service providers that help us run Handover, including:

  • Supabase for authentication, database, and account storage.
  • Vercel for hosting the web applications.
  • AWS S3 and CloudFront for published handover assets.
  • Tally for embedded surveys and survey webhooks.
  • Google when you choose Google OAuth sign-in.
  • Third-party deliverable services when you or your clients open the links you added to a handover.

We may also disclose information if required by law, to protect the service or others, or as part of a business transfer such as a merger, acquisition, or sale of assets.

Storage, Security, and Retention

We use technical and organisational measures intended to protect information against unauthorised access, loss, misuse, and alteration. No internet service can be guaranteed to be completely secure.

We retain account, project, analytics, and security information for as long as needed to provide Handover, improve the product, maintain reliable published links, comply with legal obligations, resolve disputes, and enforce agreements. If you delete projects or your account, associated information may be deleted or retained only where needed for legitimate operational, security, backup, or legal reasons.

International Processing

Handover and its service providers may process and store information in countries other than where you live, likely including Australia, the United States, and other countries where our service providers operate infrastructure or support teams. Where required, we take steps designed to protect information when it is transferred or processed internationally.

Your Choices and Rights

You can update many account and business profile details inside Handover. You can also delete projects from the product interface. Depending on where you live, you may have rights to request access, correction, deletion, restriction, portability, or objection to certain processing of your personal information.

To make a privacy request, contact hello@handover.today. We may need to verify your identity before acting on a request.

If you have a privacy complaint, contact us at hello@handover.today with details of the issue. We will review the complaint and respond within a reasonable time. If you are not satisfied with our response, you may be able to contact the privacy regulator in your jurisdiction.

Children

Handover is not intended for children. Do not use Handover if you are not old enough to enter into a binding agreement or use online services in your jurisdiction.

Changes to This Policy

We may update this Privacy Policy as Handover changes. If we make material changes, we will take reasonable steps to notify users, such as updating this page or providing notice in the product.

Contact

Questions or privacy requests can be sent to hello@handover.today.