Lawful Basis, Purposes & Data Categories
This page sets out Handlet's lawful bases for processing your personal data under UK GDPR, the purposes we use it for, and the categories of data we process. It complements our Privacy Policy and our summary How we process personal data.
1. Lawful Bases for Processing
Handlet processes personal data under the following lawful bases defined in Article 6 of the UK GDPR.
Account creation, login and service delivery
- Lawful basis: Contract (Article 6(1)(b))
- Reason: Processing is necessary to provide the Handlet service to the user.
Inbox and message ingestion and display
- Lawful basis: Contract (Article 6(1)(b))
- Reason: Processing is required for the core inbox functionality.
AI-assisted drafts (replies, quotes and summaries)
- Lawful basis: Contract (Article 6(1)(b))
- Reason: Processing is required to generate AI suggestions within the service. Users retain full control over what messages are sent.
Storage of customer contact and message data (on behalf of the user)
- Lawful basis: Contract (Article 6(1)(b))
- Reason: Processing is necessary to deliver the assistant functionality and message management features.
Security, fraud prevention and abuse detection
- Lawful basis: Legitimate Interests (Article 6(1)(f))
- Reason: Processing is necessary to protect the platform, users and system integrity.
Product reliability, diagnostics and performance monitoring
- Lawful basis: Legitimate Interests (Article 6(1)(f))
- Reason: Required to maintain service quality, stability and performance.
Marketing emails (e.g. product updates)
- Lawful basis: Legitimate Interests (Article 6(1)(f)) or Consent (Article 6(1)(a))
- Reason: Non-essential marketing communications will normally rely on user consent.
Connecting third-party communication channels (e.g. Gmail, WhatsApp, Messenger)
- Lawful basis: Consent (Article 6(1)(a))
- Reason: Users explicitly authorise connections between Handlet and third-party services.
Compliance with legal obligations
- Lawful basis: Legal Obligation (Article 6(1)(c))
- Reason: Processing necessary to meet legal or regulatory requirements (e.g. tax, regulatory compliance).
Handling data deletion requests and data subject rights
- Lawful basis: Legal Obligation (Article 6(1)(c))
- Reason: Required to comply with data subject rights under UK GDPR.
2. Purposes of Processing (Plain Language)
Handlet processes personal data for the following purposes.
| Purpose | Description |
|---|---|
| Providing the Handlet service | To allow users to manage messages in one inbox, generate AI-assisted replies and quotes, and manage customer communications. |
| Account authentication and management | To ensure that only authorised users can access their accounts and associated data. |
| Channel connections and synchronisation | To ingest and send messages through connected services such as email, messaging platforms and social media (with user consent). |
| Operating and improving the product | To maintain reliability, security and performance, including diagnosing and resolving technical issues. |
| Communicating with users | To send service communications relating to account activity, security alerts and, where lawful, product updates. |
| Legal and regulatory compliance | To meet legal obligations such as responding to data subject requests and maintaining necessary records. |
Handlet does not sell personal data.
Handlet does not use customer message content to train AI models for unrelated purposes.
3. Categories of Data Processed
3.1 Account and Identity Data
Examples: Name, email address, password (stored in hashed form).
- Lawful basis: Contract
- Retention: Retained while the account is active and thereafter only as required by legal obligations and retention policies.
3.2 Business and Profile Data
Examples: Business name, trade or service type, user configuration settings (such as tone preferences and working hours).
- Lawful basis: Contract
- Retention: Retained while the account remains active.
3.3 Customer and Communication Data (processed on behalf of the user)
Examples: Customer names, customer contact details, message content, message metadata (timestamps, channels, identifiers).
- Lawful basis: Contract
- Retention: Retained while the user continues to use the service or until deletion is requested in accordance with policy.
3.4 Technical and Usage Data
Examples: IP address, device type, log data, feature usage information (non-content analytics).
- Lawful basis: Legitimate Interests
- Purpose: Security, diagnostics and service reliability.
- Retention: Stored only for limited periods necessary for operational and security purposes.
3.5 Requests and Audit Data
Examples: Records of access or deletion requests you make, and logs we keep to meet legal and record-keeping obligations.
- Lawful basis: Legal Obligation or Legitimate Interests
- Retention: Kept only as long as required by law or to protect the security of the service.
4. When We Rely on Legitimate Interests
Under UK GDPR we can process data where we have a "legitimate interest" that is not overridden by your rights. Where Handlet uses this basis, we apply the following.
| Element | Description |
|---|---|
| Interest | Running a secure, reliable platform and protecting users, their businesses and the integrity of the service. |
| Necessity | Processing such as logging, monitoring and abuse detection is necessary to operate the service safely and effectively. |
| Balance | We keep data to a minimum, restrict who can access it, and do not use it for unrelated marketing or to train AI. Your rights and interests are protected through our privacy controls and the information we publish here. |
We review this whenever we change how we process data.
5. Special Category and Criminal Data
Handlet does not intentionally process special category personal data (such as health data, race or religion) or criminal offence data as part of its standard product functionality.
If such information appears within message content provided by users, it is processed only to the extent necessary to provide the service (for example displaying messages or generating draft replies) and in accordance with Handlet's Privacy Policy and applicable data protection law.
Handlet Limited