Privacy Policy

Last updated: April 11, 2026 — revised to disclose Google Analytics, Google Fonts, Vercel, Upstash, and clarify website-vs-app data handling

TL;DR: The app never sees your Claude conversations — they go directly from your Mac to your own cloud storage. The website (codehandoff.com) uses Google Analytics for traffic measurement, same as most marketing sites. We try to be unusually specific below so you can decide what you're comfortable with.

The App vs. The Website

We treat these as two separate products with two different privacy stances:

The app (code-handoff CLI and the menubar helper installed on your Mac): zero telemetry by default. Opt-in crash reporting only. Your Claude data never passes through our servers.
The website (codehandoff.com pages, /api/* serverless functions): standard product-marketing analytics — Google Analytics, Google Fonts, Polar checkout — plus a few integrity logs we describe explicitly below.

What We Collect

When You Purchase

When you buy Code Handoff through Polar, we receive:

Your email address (for license key delivery)
Your name (for the license)
Transaction details (order ID, date, amount)

Payment information (credit card, etc.) is processed entirely by Polar. We never see or store your payment details.

When Polar sends us a purchase webhook, our server logs a non-sensitive event for debugging: order_id, email_hash (first 10 hex chars of SHA-256 of the buyer email — not reversible to an email without knowing it already), purchase total, status, and created-at timestamp. We then forward a purchase event to Google Analytics (see Website Analytics below) containing the transaction ID and amount — but not the email or name.

When You Use the App

Code Handoff stores the following locally on your Mac:

Your license key and activation status
Machine identifier (hostname + random ID)
Sync configuration (which cloud provider, folder paths)
OAuth tokens for your cloud provider (Dropbox, Google Drive, etc.)

Important: All of this data stays on YOUR machine. We do not have access to it.

Optional Crash Reports (Off by Default)

Code Handoff ships with opt-in crash reporting. It is OFF by default. You must explicitly enable it during code-handoff setup or by setting CH_CRASH_REPORTING=1. When enabled, and only when the app hits an unhandled exception, we POST the following to codehandoff.com/api/crash:

Exception type (e.g., FileNotFoundError)
Scrubbed traceback — absolute paths replaced with <home>/<cwd>, license keys scrubbed, email addresses scrubbed, IP addresses scrubbed, bearer tokens scrubbed
Python version and OS platform string
App version (e.g., 1.1.0)
An anonymous install ID (first 16 chars of SHA256 of the install directory — not your MAC address, not your machine ID, not correlatable across installs)

Crash reports are throttled to at most one per 24 hours per install. We never send file contents, Claude conversations, rclone remote names, OAuth tokens, license keys, or email addresses. You can disable at any time by setting crash_reporting: false in ~/.code-handoff/config.json or by setting CH_CRASH_REPORTING=0.

What the server logs on its side: the scrubbed crash payload above plus a received-at timestamp. The client's IP is used only to rate-limit abusive callers in server memory and is not written to logs, hashed into logs, or persisted anywhere.

When You Visit the Website

Every page under codehandoff.com — including this privacy policy — loads Google Analytics 4 (measurement ID G-5RP6DYBD6V). Google receives the standard pixel data when you view a page:

Page URL, referrer, and title
Your IP address (Google truncates it before storage, per their policy)
User agent / device / browser / viewport
Approximate geolocation derived from IP (typically country + region)
A first-party GA cookie that lets Google recognise you across visits to our site

In addition to raw pageviews we fire a small number of custom events so we can tell which parts of the site are working:

section_view — when a main section scrolls into view
click (outbound) — when you click a link off-site
file_download — when you click the DMG download button (event label = download URL, plus a friendly file name)
visitor_type — new vs returning, backed by a localStorage counter
open_contact, contact_submit — when you use the contact modal
purchase — fired server-side from /api/webhook with transaction ID and amount only (see "When You Purchase" above)

We do not use GA to identify you personally. We do not set a user_id, we do not join GA data to your email, and we do not send your license key or any crash-report content to GA. You can block the pixel with any standard ad blocker or tracker blocker — the site does not depend on GA to function.

The website also loads the Inter font family from Google Fonts (fonts.googleapis.com). Google Fonts receives your IP on the first load because it's a CDN.

Our API routes (/api/webhook, /api/license-lookup, /api/devices, /api/crash, /api/health) are rate-limited per IP + per license key. If the UPSTASH_REDIS_REST_URL environment variable is configured for the deployment, rate-limit counters are stored in Upstash Redis; otherwise we fall back to in-memory counters inside the serverless function. Counters auto-expire on a short window (typically ≤5 minutes) and hold only the key and a numeric request count — no payload, no user content.

What We Do NOT Collect

Your Claude conversations or project contents
Your cloud storage credentials or files
In-app usage analytics, telemetry, or keystrokes (only opt-in crash reports as described above)
Anything the CLI does after it's installed — the CLI never phones home except for the opt-in crash endpoint
Any personally identifiable information beyond purchase details

Website analytics (GA4) is a separate system from the app; see "When You Visit the Website" above for exactly what Google receives. If you want a fully analytics-free experience, downloading the DMG from the GitHub releases page and using the CLI directly skips the marketing site entirely.

How Sync Works

Code Handoff uses a "shadow sync" architecture:

Your Claude data stays in its native location (~/.claude)
We copy changes to YOUR cloud storage folder (Dropbox, Google Drive, etc.)
Sync happens directly between your Mac and your cloud provider
Data never passes through our servers

Third-Party Services

Polar (Payments & Licensing)

We use Polar to process payments, issue licenses, validate activations, and send purchase webhooks. They handle all payment processing and have their own privacy policy. The CLI talks directly to Polar (not through our server) when you activate, deactivate, or validate a license key.

Google Analytics & Google Fonts

Every page on codehandoff.com loads Google Analytics 4 and the Inter font from Google Fonts. Both are provided by Google under the Google Privacy Policy. See "When You Visit the Website" above for the exact event list. Use any standard tracker blocker if you'd prefer not to share this information with Google.

Vercel (Hosting)

The marketing site and /api/* handlers are hosted on Vercel. Vercel receives standard edge-server log data (IP, request path, timestamp, status code) for the marketing pages and API calls.

Upstash Redis (Rate Limiting)

When configured, Upstash hosts the rate-limit counters for our API handlers. Only short-lived numeric counters keyed by IP or license key are stored; no request bodies, headers, or user content.

Cloud Providers

Your data syncs through your chosen cloud provider (Dropbox, Google Drive, OneDrive, or iCloud). Your use of these services is subject to their respective privacy policies.

GitHub

We host our open-source code and release downloads on GitHub. Downloading the app is subject to GitHub's Privacy Statement.

Data Retention

Purchase records: Kept for tax/legal compliance (typically 7 years)
License data: Kept as long as your license is active
Local app data: Deleted when you uninstall the app

Your Rights

You can:

Request a copy of any data we have about you
Request deletion of your data (note: this may invalidate your license)
Uninstall the app at any time to remove all local data

Security

License files are stored with restricted permissions (user-only readable)
OAuth tokens are stored locally and never transmitted to us
All API communication uses HTTPS
We never store passwords or sensitive credentials

Children's Privacy

Code Handoff is not intended for users under 13 years of age. We do not knowingly collect information from children.

Changes to This Policy

We may update this privacy policy from time to time. We'll notify users of significant changes via email or in-app notification.

Contact

Questions about this privacy policy? Contact us at support@codehandoff.com