Privacy Policy (GDPR) – Handoffs

Handoffs is a trade name of The Next Ten (“we”, “us”).

Country: The Netherlands

Contact: hello@handoffs.team

a) Data you provide

• Name, email, organization and role (if provided)
• Messages and information you submit in beta applications or contact forms
• Account information needed to provide login and access
• Workspace and team data you set up (team names, member emails, role assignments)

b) Data we collect automatically

We currently do not use cookies for analytics or advertising. We may still process basic technical data needed to operate and secure the service (for example IP address, device/browser type, timestamps, and event logs).

c) Customer Data and handoff content

Content you create in the service (handoff titles, summaries, acceptance criteria, requirements, comments, attachments, and any uploaded files or links) may include personal data - for example party names, email addresses, or descriptions of work involving identifiable people. You are responsible for ensuring you have the rights to upload and share Customer Data.

d) Integrations

If you connect third-party services (for example Slack, Linear, Jira, Asana, GitHub, or our sister product Dexter), we exchange the minimum data needed to deliver notifications, sync status, or post on your behalf. Tokens are encrypted at rest. You can disconnect an integration at any time from your workspace settings.

We use personal data to:

• Provide, maintain, secure, and support the service (including authentication and routing handoffs to the right people)
• Review and process beta applications and onboarding
• Respond to inquiries and communicate service-related updates
• Deliver third-party notifications you have configured (for example Slack messages on lifecycle changes)
• Monitor and prevent abuse, fraud, and security incidents
• Comply with legal obligations and enforce our agreements

We rely on:

• Contract (Art. 6(1)(b)) to provide the service you request
• Legitimate interests (Art. 6(1)(f)) to secure and improve the service and respond to inquiries
• Consent (Art. 6(1)(a)) where required (for example, if we introduce non-essential cookies later)
• Legal obligation (Art. 6(1)(c)) where applicable

The service may include AI-assisted features (for example summaries, drafting assistance, and surfacing-related items) using machine learning (“AI Outputs”). AI Outputs can be inaccurate or incomplete and should be reviewed where accuracy matters.

Model training: By default, customer-provided content is not used to train or fine-tune models for other customers. We may use aggregated or de-identified usage data to improve performance and reliability.

Please do not upload special categories of personal data under GDPR or other highly sensitive personal data unless explicitly agreed in writing (for example in an enterprise agreement and data processing addendum).

To run Handoffs, we rely on trusted providers for infrastructure (for example hosting, file storage, email delivery, and the third-party messaging services you choose to connect). This can involve processing limited personal data (such as account email addresses or message contents you intentionally route through them). These providers are not allowed to use your data for their own purposes and must protect it.

We may also disclose personal data if required by law, or to protect rights, safety, and the integrity of the Services.

A list of subprocessors is available upon request.

We support users outside the EU/UK. Where personal data is transferred outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses and supplementary measures where needed.

We keep personal data only as long as necessary:

• Beta applications and contact requests: typically up to 12 months after last interaction, unless you request deletion sooner
• Account data: while your account is active, then for a limited period for security, backups, and legal compliance
• Workspace and handoff content: for the lifetime of your workspace, plus a limited backup window after deletion
• Logs: retained for limited periods appropriate for security and troubleshooting

We use appropriate technical and organizational measures designed to protect personal data, including access controls, encryption in transit and at rest where applicable, and per-tenant isolation of workspace data.

If you are in the EEA/UK, you may have rights to access, correct, delete, restrict, object, or port your personal data. You may also withdraw consent where processing is based on consent. You can lodge a complaint with your supervisory authority.

To exercise rights, contact hello@handoffs.team.

We currently do not use non-essential cookies. If we introduce them later, we will update this policy and request consent where required.

Questions: hello@handoffs.team