Effective 2026-04-18 · In development
Privacy Policy
Hold is built to minimize data collection. This page is a placeholder covering the baseline commitments. Full policy is in active drafting with counsel.
What we collect
- URLs you submit to be scanned (and the AI-generated report from each)
- Handshake session cookies (HttpOnly, 30-day maxAge, scoped per handshake)
- Basic request logs (timestamp, IP, user-agent) for rate-limiting and abuse prevention
- Dispute / deletion requests you submit, including the contact you provide
What we don't
- Accounts or sign-ups — Hold is usable without registration
- Tracking pixels or third-party advertising tags
- Selling or sharing personal data with third parties for advertising
Retention
Handshake rows and attached scan data are deleted 30 days after creation. We keep aggregate, non-identifying metrics indefinitely.
Sub-processors
- Supabase (database hosting — US region)
- Perplexity (AI investigation API)
- Vercel (application hosting)
Your rights
If you are a California, Virginia, Colorado, or Connecticut resident — or the subject of any Hold scan — you can request access, correction, or deletion of your data at sendhold.link/dispute. We respond within 7 days.
Security
Reasonable administrative, technical, and physical safeguards per NY SHIELD Act. Session cookies are HttpOnly and transmitted over HTTPS in production.
Contact
Privacy questions: hello@sendhold.link
Full legal review in progress. Updates will be reflected here and dated above.