Handfast

Last updated: 21 April 2026

Handfast ("we", "us", or "our") is a couples task-management app built for iOS. This Privacy Policy explains what personal information we collect, how we use it, and your rights in relation to it.

By using Handfast, you agree to the collection and use of information as described in this policy.

1. Information We Collect

Account information

• Email address — used to create and authenticate your account
• Display name — shown to you and your linked partner
• Profile photo (avatar) — optional; uploaded by you
• Pronoun preference — optional; used in UI copy

Usage data

• Tasks you create, are assigned, or complete
• Brownie points balance and transaction history
• Achievement badges earned
• Voucher redemptions
• Partner linking — a shared partnership identifier connecting you and your partner's accounts

Device and notification data

• Push notification token — stored to send you in-app notifications; deleted from our servers when you sign out or delete your account
• We do not collect device identifiers, advertising IDs, or crash analytics

Biometric data

• If you enable Face ID or Touch ID, biometric processing is performed entirely on your device by iOS. We never receive or store biometric data.

2. How We Use Your Information

• To operate and personalise the app for you and your partner
• To send push notifications about tasks, deadlines, and rewards (only if you grant notification permission)
• To send a weekly summary email (only if you opt in; you can opt out at any time in the app)
• To maintain your streak, badges, and points balance
• To allow your partner to see your display name, avatar, and shared task/rewards data

We do not use your data for advertising, profiling, or sale to third parties.

3. Data Sharing

We share data only as required to operate the service:

• Supabase — our backend database, authentication, and file-storage provider. Data is stored in the EU (Ireland) region. Supabase is SOC 2 Type II certified. See supabase.com/privacy.
• Resend — used to send weekly summary emails when you opt in. Only your email address is shared for delivery purposes. See resend.com/privacy.
• Apple — if you sign in with Apple, Apple processes your authentication. See apple.com/legal/privacy.

We do not share your data with any other third parties.

4. Data Retention

Your data is retained for as long as your account is active. When you delete your account from within the app, all personal data — including your profile, tasks, points history, achievements, voucher redemptions, and push notification token — is permanently deleted from our servers. Avatar images stored in file storage are also removed.

5. Security

All data is transmitted over HTTPS. Passwords are hashed by Supabase Auth and never stored in plain text. Supabase sessions are stored in your device's secure enclave (iOS Keychain via SecureStore). We apply row-level security policies so users can only access their own data and their linked partner's shared data.

6. Children's Privacy

Handfast is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us and we will delete it.

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data (via "Delete Account" in the app, or by contacting us)
• Opt out of marketing emails at any time via the notification settings in the app

8. Changes to This Policy

We may update this policy from time to time. We will post the updated policy on this page with a revised "last updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.

9. Contact

If you have any questions about this Privacy Policy or your data, please contact us at:
ru7hl355@gmail.com