Security
Data isolation
Every Handover customer's data is completely isolated using PostgreSQL row-level security. It is technically impossible for one customer's data to be read by another customer or by any Handover employee without direct database access.
PSA credential security
Your HaloPSA and ConnectWise API credentials are encrypted using AES-256 before being stored. The encryption key is stored separately in our infrastructure and never in the database. Credentials are only decrypted in memory at the moment they are needed to fetch your PSA data.
Data storage
All data is stored in Supabase (PostgreSQL) hosted in the EU. We do not transfer your data outside the EU/UK.
What we store
Handover stores the reports you generate, the PSA data used to generate them, and your account preferences. We never store your clients' personal data beyond what appears in your PSA ticket and project names.
GDPR
Handover is GDPR compliant. We are registered with the ICO. You can request deletion of all your data at any time by emailing hello@gethandover.uk.
Deletion
Deleting your Handover account permanently deletes all stored data including reports, PSA connection credentials, and account intelligence history. This cannot be undone.