Handoff

Privacy Policy

Last updated: 2026-07-14.

1. What we collect

2. How we use it

To operate the service: authenticate you, deploy sites to your Cloudflare, deliver handoff links, process subscriptions, and send you notifications about change requests.

3. Where it lives

Account + handoff data is stored in a database on the service's server (hosted on Railway). Uploaded site files deploy to your Cloudflare account. We do not sell your data. The operator responsible for this data is VCHandoff (see the Terms).

Services we rely on (each receives only what its job requires): Stripe (payments), Cloudflare (site deploys — your own account), Railway (application hosting), our email delivery provider (transactional emails like verification and change-request notifications), Umami Cloud (aggregate analytics), Google Fonts (font files).

4. Your Cloudflare token

The scoped Cloudflare API token you connect is encrypted at rest and only used to deploy to your own account. You can revoke it any time from your Cloudflare dashboard; you can disconnect it from Handoff in the Hosting tab.

5. Data retention & deletion

You can delete your sites and revoke handoff links from the dashboard, and you can delete your entire account (including its data) yourself from the dashboard's account settings — no need to ask. Deleted site files are removed from your Cloudflare when you remove a site. Backups age out on a rolling basis (roughly two weeks).

6. Cookies

A single session cookie authenticates you while logged in. No advertising cookies are set, and our analytics (Umami) is cookieless.

7. Your rights

You can access and correct your account data in the dashboard, export your site files any time (Download zip), and delete your account yourself. Depending on where you live (e.g. GDPR/CCPA regions), you may have additional rights — contact us and we'll honor them. If we ever have a data breach affecting you, we'll notify you at your account email.

8. Contact

Privacy questions: contact us.

← Back to Handoff