Privacy and Security Policy

Privacy and Security Policy

At Handshake, we take your privacy and security seriously. This policy outlines our commitment to protecting your data and explains how we collect, use, and safeguard your information. We adhere to best practices outlined in the NIST Cybersecurity Framework 2.0 to ensure the highest standards of data protection.

01

Information we collect

We believe in minimal data collection. We only gather information that is essential to provide and improve our service.

  • Basic account information (name and email address)

  • User responses within the app

  • Product usage data

  • Access method (web or mobile, browser type)

  • Usage statistics

  • Payment information (processed securely through Stripe)

Information we collect

We believe in minimal data collection. We only gather information that is essential to provide and improve our service.

  • Basic account information (name and email address)

  • User responses within the app

  • Product usage data

  • Access method (web or mobile, browser type)

  • Usage statistics

  • Payment information (processed securely through Stripe)

02

How we use your information

We use your data solely to:

  • Provide and maintain our service

  • Improve and optimize our product based on user behavior

  • Process payments

  • Communicate with you about our service

How we use your information

We use your data solely to:

  • Provide and maintain our service

  • Improve and optimize our product based on user behavior

  • Process payments

  • Communicate with you about our service

03

Data protection and security

Your trust is our top priority. We implement robust security measures to protect your data:

  • Our infrastructure is SOC 2 compliant, ensuring we meet high standards for security, availability, and confidentiality

  • We use industry-standard encryption to protect data in transit and at rest

  • We regularly review and update our security practices

  • Our app undergoes regular security reviews and audits every 5 days to maintain the highest level of protection for your data

NIST Cybersecurity Framework Implementation

We have implemented key elements of the NIST Cybersecurity Framework 2.0 to enhance our security posture:

  • Asset Management: We maintain a comprehensive inventory of all devices and software used in our operations, ensuring all assets are accounted for and secure.

  • Access Control: We implement strong authentication methods and follow the principle of least privilege to ensure only authorized personnel can access sensitive data.

  • Data Security: We employ encryption for data at rest and in transit, and have established secure data backup and recovery procedures.

  • Information Protection: We have implemented measures to protect against malware and regularly update our systems and software.

  • Awareness and Training: Our staff undergoes regular cybersecurity awareness training to maintain a security-conscious culture.

  • Anomalies and Events: We have systems in place to detect and analyze unusual activities that may indicate a security incident.

  • Security Continuous Monitoring: We continuously monitor our systems for cybersecurity events and verify the effectiveness of protective measures.

  • Response Planning: We have developed and maintain an incident response plan to ensure quick and effective response to potential security incidents.

Data protection and security

Your trust is our top priority. We implement robust security measures to protect your data:

  • Our infrastructure is SOC 2 compliant, ensuring we meet high standards for security, availability, and confidentiality

  • We use industry-standard encryption to protect data in transit and at rest

  • We regularly review and update our security practices

  • Our app undergoes regular security reviews and audits every 5 days to maintain the highest level of protection for your data

NIST Cybersecurity Framework Implementation

We have implemented key elements of the NIST Cybersecurity Framework 2.0 to enhance our security posture:

  • Asset Management: We maintain a comprehensive inventory of all devices and software used in our operations, ensuring all assets are accounted for and secure.

  • Access Control: We implement strong authentication methods and follow the principle of least privilege to ensure only authorized personnel can access sensitive data.

  • Data Security: We employ encryption for data at rest and in transit, and have established secure data backup and recovery procedures.

  • Information Protection: We have implemented measures to protect against malware and regularly update our systems and software.

  • Awareness and Training: Our staff undergoes regular cybersecurity awareness training to maintain a security-conscious culture.

  • Anomalies and Events: We have systems in place to detect and analyze unusual activities that may indicate a security incident.

  • Security Continuous Monitoring: We continuously monitor our systems for cybersecurity events and verify the effectiveness of protective measures.

  • Response Planning: We have developed and maintain an incident response plan to ensure quick and effective response to potential security incidents.

04

Third-party services

We use the following third-party services to help us analyze and improve our product:

  • Posthog

  • Flusk

These services help us understand how users interact with our app, allowing us to make informed decisions about product improvements. They are bound by strict confidentiality agreements and are prohibited from using your data for any other purpose.

Third-party services

We use the following third-party services to help us analyze and improve our product:

  • Posthog

  • Flusk

These services help us understand how users interact with our app, allowing us to make informed decisions about product improvements. They are bound by strict confidentiality agreements and are prohibited from using your data for any other purpose.

05

Our commitment to not selling your data

At Handshake, we firmly believe that your personal information is not a commodity to be bought and sold. We want to make it absolutely clear:

We do not sell your data to anyone, ever.

Many companies profit from selling user data to various parties. Common purchasers of such data often include:

  • Advertising networks

  • Data brokers

  • Marketing agencies

  • Market research firms

  • Social media platforms

  • Political organizations

  • Financial institutions

  • Insurance companies

We reject this practice entirely. Your data is used solely for the purposes outlined in this privacy policy, namely to provide and improve our service. We do not sell, rent, or lease your personal information to any third parties. Your trust is far more valuable to us than any potential profit from selling your data.

Our commitment to not selling your data

At Handshake, we firmly believe that your personal information is not a commodity to be bought and sold. We want to make it absolutely clear:

We do not sell your data to anyone, ever.

Many companies profit from selling user data to various parties. Common purchasers of such data often include:

  • Advertising networks

  • Data brokers

  • Marketing agencies

  • Market research firms

  • Social media platforms

  • Political organizations

  • Financial institutions

  • Insurance companies

We reject this practice entirely. Your data is used solely for the purposes outlined in this privacy policy, namely to provide and improve our service. We do not sell, rent, or lease your personal information to any third parties. Your trust is far more valuable to us than any potential profit from selling your data.

06

Your data rights

We respect your right to control your data:

  • You can request access to your personal data at any time

  • You have the right to delete your data from our systems upon request, no questions asked

  • To exercise these rights, please contact us

Your data rights

We respect your right to control your data:

  • You can request access to your personal data at any time

  • You have the right to delete your data from our systems upon request, no questions asked

  • To exercise these rights, please contact us

07

Data retention

We retain your data only for as long as necessary to provide our service and comply with legal obligations. If you delete your account, we will remove your personal information from our systems within 7 days.

Data retention

We retain your data only for as long as necessary to provide our service and comply with legal obligations. If you delete your account, we will remove your personal information from our systems within 7 days.

08

Updates to this policy

We may update this policy from time to time. We will notify you of any significant changes by email or through our app.

Updates to this policy

We may update this policy from time to time. We will notify you of any significant changes by email or through our app.

09

Contact us

If you have any questions about this privacy policy or our data practices, please contact us

By using our service, you agree to the terms of this privacy policy. We are committed to maintaining your trust and protecting your privacy.

Contact us

If you have any questions about this privacy policy or our data practices, please contact us

By using our service, you agree to the terms of this privacy policy. We are committed to maintaining your trust and protecting your privacy.

Last updated: July 16, 2024