Privacy Policy

Last updated: April 2, 2026

1. Overview

Handozo ("we", "us", "our") operates the Handozo platform. This Privacy Policy describes how we collect, use, and protect information when you use our Service. By using Handozo, you consent to the practices described in this policy.

2. Information We Collect

We collect the following categories of information:

Account information: Name, email address, and profile details you provide during registration.

Branding assets: Logos and images you upload to customize your portals.

Kit content: Text, questions, timeline data, and other content you create in your kits.

Client responses: Intake form answers submitted by your clients through your portals.

Payment information: Billing details are processed and stored by Stripe - we do not store credit card numbers.

Usage data: Portal open events, section views, and completion events, associated with anonymous client fingerprints.

Technical data: IP addresses (for rate limiting), browser type, and device information.

3. How We Use Your Information

• To provide, maintain, and improve the Service

• To process payments and manage subscriptions via Stripe

• To send transactional emails (kit delivery, intake notifications, deposit confirmations)

• To provide analytics on portal engagement (Pro and Agency plans)

• To enforce rate limits and prevent abuse

• To respond to support requests

4. Data Sharing

We do not sell your personal information. We share data only with the following third-party services, solely to operate the platform:

Supabase: Database hosting and authentication (your account and kit data)

Stripe: Payment processing for subscriptions and client deposits

Resend: Transactional email delivery

Vercel: Application hosting and edge rendering

Sentry: Error monitoring (anonymized error reports, no PII)

5. Client Data & Your Responsibilities

When your clients submit intake forms or interact with your portals, you are the data controller for that information. We act as a data processor on your behalf. You are responsible for: (a) informing your clients about data collection; (b) obtaining necessary consent; (c) complying with applicable privacy regulations (GDPR, CCPA, etc.) for the client data you collect through the Service.

6. Data Security

We implement industry-standard security measures including: encrypted data transmission (TLS), Row-Level Security on all database tables, parameterized queries to prevent injection attacks, rate limiting on public endpoints, input validation and sanitization, and Content Security Policy headers. Payment data is handled entirely by Stripe in compliance with PCI DSS standards.

7. Data Retention

Your account data and kit content are retained as long as your account is active. Client responses and analytics events are retained for the lifetime of the associated kit. Upon account deletion, all associated data (kits, responses, deposits, events) is permanently deleted within 30 days. Stripe retains payment records independently per their own retention policies.

8. Cookies & Tracking

Handozo uses essential cookies for authentication session management (via Supabase Auth). We do not use advertising cookies or third-party tracking pixels. Portal analytics use anonymous browser fingerprinting - no cookies are set on your clients' browsers.

9. Your Rights

You have the right to: (a) access your personal data; (b) correct inaccurate data; (c) request deletion of your data; (d) export your data; (e) withdraw consent for data processing. To exercise these rights, contact us at the email below. We will respond to requests within 30 days.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or in-app notification. Continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or data requests, contact us at privacy@Handozo.app.