Security & Data Governance

Data Governance

Data Retention Policy

Customer data includes user profile information, conversations, messages sent and received through Handle, and interactions with Handlers (our branded AI assistants). Unless explicitly deleted by the user, this data is retained indefinitely. Handle’s retention policy ensures that data is preserved to maintain functionality and user experience while also complying with applicable data governance standards. Users have control over their data and can request deletion at any time, as outlined in our data archival/removal policy.

Data Archival/Removal Policy

Users can permanently remove their data by submitting a request through our contact form. Upon receipt of such a request, data will be securely deleted from our systems within 60 days, including backups. While we aim for immediate deletion, this period accounts for technical buffer time to ensure all copies are fully purged. However, some log data may be retained for a limited period to maintain system integrity and compliance with legal and security requirements. To enhance privacy, we restrict logging to minimal levels, focusing only on essential operational data.

Data Storage Policy

All customer data is securely stored and encrypted both at rest and during transit using SSL protocols across public networks. We employ advanced encryption standards (AES-256) to safeguard data, ensuring that all sensitive information is protected from unauthorized access. Our encryption strategy aligns with industry best practices to maintain the highest level of security for user data.

Subprocessors

Handle uses the following subprocessors for app operation and auxiliary services:

• Cloud infrastructure: AWS, Supabase
• LLM Services: OpenAI, Anthropic
• Logging and Monitoring: Axiom, Sentry

Subprocessor list last updated: Aug 29, 2024