Privacy Policy

Last updated: March 4, 2026

Our Privacy-First Philosophy

Handrive is built on a privacy-first, peer-to-peer architecture. Your files stay on your devices and transfer directly between them - we never store your files on our servers. This privacy policy explains what minimal data we do collect to provide our service.

Information We Collect

Account Information

When you create an account, we collect:

  • Email address - Used for authentication and account recovery
  • Username - Your display name within the app
  • Avatar URL - Optional profile picture (if using Google sign-in)
  • Google ID - If you sign in with Google, we store your Google account identifier to link your account

Authentication Data

We support two authentication methods:

  • Email OTP - We send a one-time password to your email. The code is temporarily stored (hashed) and deleted after verification.
  • Google OAuth - We receive your email, name, and profile picture from Google. OAuth session data is temporary and deleted after login completes.

Contacts

When you add friends or contacts in Handrive, we store the relationship between your account and theirs to enable sharing.

Information We Do NOT Collect

  • Your files - Files are stored locally on your devices and transfer directly via P2P
  • File metadata - File names, sizes, and types stay on your devices
  • Device information - Device details are managed locally via P2P sync, not sent to our servers
  • Usage analytics - We do not track how you use the app
  • Location data - We do not collect your location

How Your Data is Stored

Server-Side

Your account information (email, username, avatar) and contacts are stored in our secure PostgreSQL database. Authentication sessions are stored temporarily and expire automatically.

Client-Side

The Handrive app stores data locally on your device in an encrypted SQLite database, including:

  • Your authentication token
  • Device information for P2P sync
  • File and share metadata
  • Transfer history

Peer-to-Peer Transfers

When you share files with others:

  • Files transfer directly between devices using P2P technology
  • All transfers are end-to-end encrypted before leaving your device
  • Our servers never see or store the content of your files
  • Connection metadata may pass through relay servers only when direct P2P connection is not possible

Third-Party Services

We use the following services:

  • Google OAuth - For sign-in with Google (subject to Google's Privacy Policy)
  • Google Fonts - For typography on this website
  • Cloudflare - For app downloads and CDN services
  • Vercel - For hosting this website

Data Retention

We retain your account information for as long as your account is active. Temporary authentication data (OTP codes, OAuth sessions) is automatically deleted after use or expiration.

Your Rights

You have the right to:

  • Access your account information
  • Update or correct your profile
  • Delete your account and all associated data
  • Export your data

To delete your account, use the account settings in the app or contact us at the email below.

Security

We implement industry-standard security measures including:

  • End-to-end encryption for all file transfers
  • Secure password hashing (when applicable)
  • HTTPS for all server communications
  • PKCE protection for OAuth flows
  • Encrypted local database storage

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this privacy policy, please contact us at:

privacy@handrive.app