Privacy policy

Privacy policy

Effective Date: January 1, 2024
Last Updated: 11/7/2025

1. Introduction and Scope

Handle, Inc., a Delaware corporation ("Handle," "Company," "we," "us," or "our"), respects your privacy and is committed to protecting your personal data. This Privacy Policy ("Policy") describes how we collect, use, process, store, share, and protect information about you when you use our artificial intelligence-powered email management and communication platform and related services (collectively, the "Services").

This Policy applies to all users of our Services, including visitors to our website, trial users, and paying customers. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Policy and our Terms of Service.

Important Notice for EU/UK Users: If you are located in the European Union, United Kingdom, or other jurisdictions with comprehensive data protection laws, additional rights and protections may apply to you as described in Section 12 below.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Full name, email address, phone number, job title, company name, billing address, and payment information

  • Profile Information: Professional preferences, communication settings, and customization choices

  • Communications: Messages you send to us, feedback, support requests, and survey responses

  • Email Content: When you connect your email accounts, we access and process email content, metadata, attachments, and contact information to provide our AI-powered services

2.2 Information Collected Automatically

  • Usage Data: Features used, time spent, click patterns, navigation paths, and user interactions within our Services

  • Device Information: Device type, operating system, browser type and version, screen resolution, and device identifiers

  • Network Information: IP address, ISP, approximate geographic location, and network connection type

  • Performance Data: Service performance metrics, error logs, and diagnostic information

  • Cookies and Tracking: Information collected through cookies, web beacons, and similar technologies as described in our Cookie Policy

2.3 Information from Third Parties

  • Email Providers: Data from Gmail, Outlook, and other email services you connect to our platform

  • CRM Integrations: Data when you integrate third-party CRM systems

  • Authentication Services: Information from SSO providers like Google Workspace or Microsoft 365

  • Business Partners: Information from authorized resellers, implementation partners, and referral sources

3. How We Use Your Information

We process your personal data for legitimate business interests, contractual necessity, legal compliance, or your consent.

3.1 Service Delivery and AI Processing

  • Analyze email content using AI to generate contextually appropriate responses

  • Prioritize and categorize incoming communications

  • Provide scheduling, meeting coordination, and calendar management

  • Integrate with your existing tools

  • Deliver notifications and alerts

3.2 Account Management and Support

  • Create and maintain accounts

  • Process payments

  • Provide customer support

  • Send service announcements

  • Conduct onboarding

3.3 Service Improvement and Development

  • Analyze usage patterns

  • Develop and improve features

  • Conduct R&D (with anonymized data only)

  • Perform quality assurance

3.4 Legal and Security Purposes

  • Comply with laws

  • Protect rights and property

  • Prevent fraud and unauthorized access

  • Enforce Terms of Service

4. AI Processing and Machine Learning

4.1 AI Model Training

  • No personal training: Personal email content is not used to train general AI models

  • Anonymized analytics may be used

  • Opt-in required for research

4.2 Real-time Processing

  • Email content processed in real time

  • Secure encrypted infrastructure

  • AI-generated content can be reviewed

4.3 Third-party AI Services

  • Third-party AI (OpenAI, Google AI, Microsoft AI) may be used

  • Strict data processing agreements

  • Equivalent privacy and security protections required

5. Data Security and Protection

We implement comprehensive security measures to protect your personal data:

5.1 Technical Safeguards

  • Encryption: Data is encrypted in transit using TLS 1.3+ and at rest using AES-256 encryption

  • Access Controls: Role-based access controls and multi-factor authentication for all team members

  • Infrastructure Security: SOC 2 Type II compliant hosting with regular security audits

  • Network Security: Firewalls, intrusion detection, and continuous monitoring

  • Data Isolation: Customer data is logically isolated and segregated

5.2 Organizational Safeguards

  • Background checks and security training for all employees

  • Principle of least privilege for data access

  • Regular security awareness training and incident response procedures

  • Annual third-party security assessments and penetration testing

5.3 Data Breach Response

In the unlikely event of a data breach, we will notify affected users and relevant authorities within 72 hours as required by applicable laws, and provide detailed information about the incident and remediation steps.

6. Data Sharing and Disclosure

We do not sell, rent, or trade personal information.

6.1 With Your Consent

E.g., third-party integrations.

6.2 Service Providers and Vendors

Cloud hosting, payments, support, analytics, security, etc.

6.3 Legal Requirements

As required by subpoenas, regulatory investigation, legal rights protection, etc.

6.4 Business Transfers

Mergers, acquisitions, asset sales.

7. Your Privacy Rights and Choices

7.1 Access and Portability

  • Request data copy

  • Receive data in machine-readable format

  • Manage data from dashboard

7.2 Correction and Deletion

  • Correct inaccurate data

  • Delete personal data

  • Delete account

7.3 Processing Controls

  • Object to processing

  • Restrict processing

  • Withdraw consent

7.4 Communication Preferences

  • Manage notifications

  • Unsubscribe from marketing

  • Control push notifications

To exercise rights: privacy@usehandle.ai

8. Data Retention and Deletion

8.1 Active Accounts

  • Account data: retained during activity + 90 days

  • Email content: default retention 2 years

  • Usage data: up to 3 years

8.2 Deleted Accounts

  • Personal data deleted within 90 days

  • Anonymized data may remain

  • Financial records kept 7 years

8.3 Legal Hold

Retention extended if required.

9. International Data Transfers

9.1 Transfer Mechanisms

  • Adequacy decisions

  • Standard Contractual Clauses

  • Binding Corporate Rules

9.2 Data Localization

Regional hosting available (US, EU, etc.).

10. Cookies and Tracking Technologies

Essential, performance, functional, and marketing cookies.
Preferences can be managed through browser or cookie tool.

11. Children's Privacy

Not intended for users under 16.
Data of minors will be deleted if found.

12. Regional Privacy Rights

12.1 EU/UK (GDPR)

  • Rights regarding processing

  • Contact DPO: dpo@usehandle.ai

  • Right to complain to authorities

12.2 California (CCPA/CPRA)

  • Right to know, delete, opt-out

  • No discrimination

12.3 Other Jurisdictions

Compliance with local laws.

13. Changes to This Privacy Policy

Changes may include:

  • Updated date

  • Email notifications

  • Prominent notices

  • Consent when required

14. Contact Information

Handle, Inc.
Privacy Team
Contact: luis.doriz@usehandle.ai

Contact us at

support@usehandle.ai

Inbox

CRM

Agents

Pricing

Privacy Policy

Terms

Handle was born in San Francisco, created by founders who had scaled companies from zero to billions and led teams of over a thousand people. After years of building, one truth became impossible to ignore: email hadn’t changed in decades. Every decision, deal, and customer interaction still began (and got lost) in someone’s inbox. We created Handle to change that. To turn email from chaos into clarity. Because we believe the future of work doesn’t live in another tab; it starts right here, in your inbox.

Contact us at

support@usehandle.ai

Inbox

CRM

Agents

Pricing

Privacy Policy

Terms

Handle was born in San Francisco, created by founders who had scaled companies from zero to billions and led teams of over a thousand people. After years of building, one truth became impossible to ignore: email hadn’t changed in decades. Every decision, deal, and customer interaction still began (and got lost) in someone’s inbox. We created Handle to change that. To turn email from chaos into clarity. Because we believe the future of work doesn’t live in another tab; it starts right here, in your inbox.

Contact us at

support@usehandle.ai

Inbox

CRM

Agents

Pricing

Privacy Policy

Terms

Handle was born in San Francisco, created by founders who had scaled companies from zero to billions and led teams of over a thousand people. After years of building, one truth became impossible to ignore: email hadn’t changed in decades. Every decision, deal, and customer interaction still began (and got lost) in someone’s inbox. We created Handle to change that. To turn email from chaos into clarity. Because we believe the future of work doesn’t live in another tab; it starts right here, in your inbox.