Handld
Legal

Privacy Policy

Last updated: April 2026

This privacy policy explains how Handld ("we," "us," "our") collects, uses, stores, and protects your personal data when you use our website at handldhq.com and our platform (together, "the Service").

Handld is operated by Handld App Ltd, a company registered in England and Wales (company number [to be confirmed]), with its registered address at [to be confirmed]. For the purposes of UK GDPR and the Data Protection Act 2018, we are the data controller.

If you have any questions about this policy or how we handle your data, you can contact us at [email protected].

1. What data we collect

We collect the following types of personal data:

Account information

When you create an account, we collect your name, email address, and password. If you sign up via Google, we receive your name and email address from your Google account.

Profile and business information

You may provide your business name, logo, brand colours, website address, and contact details to customise your account and client portal.

Client data

When you add clients to Handld, you enter their name, email address, company name, and other contact details. If your clients create a login for the client portal, we also collect their email address and password.

Time tracking and task data

We store the time entries, tasks, notes, and file attachments you create within the Service.

Financial data

We store invoice details, payment amounts, and billing history. We do not store credit or debit card numbers — all payment processing is handled securely by Stripe. Stripe's privacy policy is available at stripe.com/privacy.

Usage data

We automatically collect information about how you use the Service, including your IP address, browser type, device type, pages visited, and time spent on the platform. We use this to improve the Service and diagnose technical issues.

Cookies

We use cookies and similar technologies as described in our Cookie Policy.

2. How we use your data

We use your personal data for the following purposes:

  • To provide the Service — creating your account, managing your subscription, enabling time tracking, invoicing, task management, the client portal, and all other platform features.
  • To process payments — managing your subscription billing via Stripe and enabling your clients to pay invoices online.
  • To communicate with you — sending transactional emails (account confirmations, invoice notifications, payment receipts, password resets), responding to support requests, and sending product updates. We will never send marketing emails without your explicit consent.
  • To improve the Service — analysing usage patterns to understand how the platform is used and where we can make improvements.
  • To ensure security — detecting and preventing fraud, abuse, and unauthorised access.
  • To comply with legal obligations — meeting our obligations under applicable laws, including tax and accounting requirements.

We will never sell your personal data to third parties.

3. Legal basis for processing

Under UK GDPR, we rely on the following legal bases:

  • Performance of a contract — processing your data is necessary to provide the Service you've signed up for.
  • Legitimate interests — we process usage data and analytics to improve the Service, provided this does not override your rights. Our legitimate interest is to operate and improve a functional, secure platform.
  • Legal obligation — we may process data to comply with tax, accounting, or regulatory requirements.
  • Consent — where we send marketing communications, we do so only with your explicit consent, which you can withdraw at any time.

4. Who we share your data with

We share your data only with the following categories of third parties, and only to the extent necessary to provide the Service:

  • Stripe — for payment processing. Stripe acts as an independent data controller for payment data. See stripe.com/privacy.
  • Hosting and infrastructure providers — our platform is hosted on secure servers within the European Union. These providers process data on our behalf under data processing agreements.
  • Email delivery services — we use a third-party email provider to send transactional emails (e.g. invoice notifications, password resets). They process data on our behalf and do not use it for their own purposes.
  • Analytics providers — we use Google Analytics to understand how the Service is used. Google Analytics collects anonymised usage data. You can opt out using the Google Analytics opt-out browser add-on.
  • Advertising platforms — we use Google Ads and the Meta Pixel (Facebook/Instagram) to run and measure advertising campaigns. These platforms may receive data about your visit to our website (such as pages viewed and actions taken) to help us serve relevant advertisements and measure their effectiveness. This data is processed in accordance with Google's and Meta's respective privacy policies. You can manage your preferences via your Google and Meta account settings.

We do not sell your personal data to third parties. We do share limited data with advertising platforms (Google Ads and Meta) as described above, solely to run and measure our own advertising campaigns.

Client portal data: When you use Handld's client portal feature, your clients' data (name, email, portal activity) is processed by us on your behalf. In this context, you are the data controller for your clients' data, and we are the data processor. You are responsible for ensuring your clients are informed about how their data is used, including directing them to this privacy policy or your own.

5. International data transfers

Your data is stored on servers within the European Union. If any data is transferred outside the EU/UK (for example, if a third-party service provider operates outside this region), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office.

6. How long we keep your data

We retain your data for as long as your account is active and you continue to use the Service. If you cancel your subscription, your data is retained for 90 days in case you wish to reactivate your account. After 90 days, your data is permanently and irreversibly deleted.

We may retain certain data for longer where required by law — for example, invoice and payment records may be retained for up to seven years to comply with UK tax and accounting obligations.

7. Your rights

Under UK GDPR, you have the following rights:

  • Right of access — you can request a copy of all personal data we hold about you.
  • Right to rectification — you can ask us to correct inaccurate or incomplete data.
  • Right to erasure — you can ask us to delete your data, subject to any legal obligations we have to retain it.
  • Right to restrict processing — you can ask us to limit how we use your data in certain circumstances.
  • Right to data portability — you can request your data in a structured, commonly used, machine-readable format (CSV).
  • Right to object — you can object to processing based on legitimate interests.
  • Right to withdraw consent — where we process data based on your consent, you can withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Data security

We take the security of your data seriously. We use SSL/TLS encryption for all data in transit, encrypt sensitive data at rest, perform automatic daily backups, restrict access to personal data to authorised personnel only, and regularly review our security practices.

No system is completely secure. If we become aware of a data breach that poses a risk to your rights, we will notify you and the ICO in accordance with our legal obligations.

9. Children's data

Handld is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

10. Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you by email or through a notice on the platform. The "last updated" date at the top of this page indicates when the policy was most recently revised.

11. Contact us

If you have any questions about this privacy policy or how we handle your data, please contact us at:

Email: [email protected]
Post: Handld App Ltd, registered address to be confirmed