HandoffAI
Back to home

Privacy Policy

Last updated: March 28, 2026

1. Introduction

HandoffAI ("we," "us," or "our") operates the HandoffAI platform at handoffai.app. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile image through our authentication provider, Clerk. If you sign up via GitHub OAuth, we receive your public GitHub profile information.

Integration Data

When you connect third-party services (GitHub, GitLab, Bitbucket, Slack, Notion, Gmail, Google Drive, Jira, Confluence, or Trello), we access project-related data using read-only OAuth scopes. This includes repository metadata, commit history, channel messages, document content, and issue trackers. We only access the specific repositories, channels, and pages you select.

Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers or bank account details on our servers. We retain your Stripe customer ID and subscription status for billing purposes.

Generated Content

Handoff documents generated by our AI are stored in our database and associated with your account. This includes the markdown content, section data, and generation metadata.

3. How We Use Your Information

We use the information we collect to:

  • Generate handoff documents from your connected project sources
  • Process AI synthesis of your project data through our AI providers
  • Manage your account and subscription
  • Provide customer support
  • Improve our service and develop new features

4. AI Processing

Your project data is sent to AI language models (via OpenRouter and Anthropic) to generate handoff documents. This data is processed in real-time and is not used to train AI models. We use tiered model routing based on project complexity to balance quality and cost.

5. Data Storage and Security

Your data is stored in PostgreSQL databases hosted on Supabase with enterprise-grade security. OAuth access tokens are encrypted at rest using AES-256-GCM encryption before storage. All data is transmitted over HTTPS/TLS. See our Security page for more details.

6. Third-Party Services

We use the following third-party services to operate HandoffAI:

  • Clerk — Authentication and user management
  • Stripe — Payment processing
  • Supabase — Database hosting
  • Vercel — Application hosting and deployment
  • OpenRouter / Anthropic — AI model providers
  • Integration providers — GitHub, GitLab, Bitbucket, Slack, Notion, Gmail, Google Drive, Jira, Confluence, Trello

Each third-party service has its own privacy policy governing its use of your data.

7. Data Retention

We retain your account data and generated handoffs for as long as your account is active. Integration tokens are stored only while the connection is active and are deleted when you disconnect a service. You can delete your handoffs at any time from the dashboard. If you delete your account, all associated data is permanently removed within 30 days.

8. Cookies

We use essential cookies for authentication session management (provided by Clerk). We do not use advertising or tracking cookies. No third-party analytics cookies are used.

9. Your Rights

You have the right to:

  • Access your personal data stored in our systems
  • Request correction of inaccurate data
  • Request deletion of your data and account
  • Disconnect any integration and revoke our access at any time
  • Export your generated handoff documents

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at hello@handoffai.com.

Privacy Policy — HandoffAI