This page explains what personal data Handlet processes, why we process it, and the lawful basis for doing so under the UK General Data Protection Regulation (UK GDPR).
Our goal is to be transparent about how data is used when you use Handlet.
1. Why We Process Personal Data
Handlet processes personal data so we can:
- Provide the Handlet service
- Allow you to connect and manage communication channels
- Generate AI-assisted message drafts and quotes
- Maintain a secure and reliable platform
- Communicate with you about your account
- Comply with legal obligations
We do not sell personal data.
We also do not use your messages or your customers' messages to train AI models for unrelated purposes.
2. Our Lawful Bases for Processing
Under UK GDPR, organisations must have a lawful basis for processing personal data.
Handlet relies on the following lawful bases depending on the activity.
Contract
Most data processing is necessary to provide the service you signed up for.
Examples include:
- Creating and managing your account
- Displaying and storing messages
- Generating AI draft replies and quotes
- Managing connected communication channels
Without this processing, the service would not function.
Consent
We rely on consent when you connect external services.
Examples include:
- Connecting Gmail, Outlook or other email providers
- Connecting messaging platforms such as WhatsApp or Messenger
You can revoke these connections at any time from your account settings.
Legitimate Interests
Some processing is necessary to operate a secure and reliable service.
Examples include:
- Security monitoring
- Fraud prevention
- Error logging and diagnostics
- Improving reliability and performance
We ensure this processing is proportionate and respects user privacy.
Legal Obligations
In some cases we must process data to comply with the law.
Examples include:
- Responding to data subject access requests
- Complying with regulatory obligations
- Maintaining certain records required by law
3. Types of Data We Process
Account Information
Examples:
- Name
- Email address
- Login credentials (stored securely)
Purpose:
- Account creation
- Authentication
- Service access
Business Profile Information
Examples:
- Business name
- Trade or service type
- User preferences and settings
Purpose:
- Configuring the service
- Personalising AI suggestions
Customer Communication Data
When you use Handlet to manage communications, we process the data necessary to provide that service.
Examples:
- Customer names
- Contact details
- Message content
- Message timestamps and channel metadata
Purpose:
- Displaying messages
- Drafting AI responses
- Managing communication history
Handlet processes this data on your behalf as part of delivering the service.
Technical and Usage Data
Examples:
- IP address
- Device type
- Log data
- Feature usage statistics
Purpose:
- Security monitoring
- Service reliability
- Diagnosing technical issues
4. Data Retention
We retain personal data only for as long as necessary to provide the service and comply with legal obligations.
Generally:
- Account data is retained while your account remains active
- Message and communication data is retained while you use the service
- Technical logs are retained for limited periods for security and diagnostics
When an account is deleted, we delete or anonymise personal data in accordance with our retention policies.
For a detailed breakdown of our lawful bases, purposes and data categories (Article 6 UK GDPR), see Lawful basis & data categories.
5. Special Category Data
Handlet does not intentionally collect or process special category personal data (such as health data, racial or ethnic origin, or religious beliefs).
If such information appears within messages sent through connected communication channels, it is processed only as necessary to provide the service.
6. Your Rights
Under UK GDPR you have several rights relating to your personal data, including the right to:
- Access your personal data
- Request correction of inaccurate data
- Request deletion of personal data
- Object to certain processing
- Request data portability
If you would like to exercise any of these rights, please contact us at:
7. Changes to This Page
We may update this page if our processing activities change or if required by law.
When updates are made, the "Last updated" date at the top of this page will be revised.