Handle

Handle Privacy Policy

Last updated: 28 October 2025

We're Smalldesk Ltd (trading as Handle), and we take your privacy seriously. We're the controller of your personal data for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Got questions? Drop us a line at privacy@handle.help

1. Scope

This policy covers personal data processed when you visit our websites (including handle.help), join our waitlist, interact with our marketing, contact us, or use our services and related communications.

2. Categories of personal data we process

Data you provide:

  • Contact details (name, email, company, role)
  • Messages and support requests
  • Optional form fields (e.g., team size)

Data we collect automatically:

  • Device, browser, OS, IP address, approximate location
  • Site usage (pages, actions, timestamps)
  • Email engagement (opens, clicks, bounces)

Data from third-party sources:

  • Publicly available or business-profile data (e.g., company, role, work email) from enrichment services such as Apollo.io

We do not require special category data for our services. Please do not submit it.

3. Purposes and legal bases

We process personal data for the purposes and legal bases below:

PurposeExamplesLegal basis
Waitlist and product updatesStore waitlist entries, send launch emails, manage early accessConsent (UK GDPR Art. 6(1)(a))
Service communicationsAdministrative and security notices, operational updatesContract (6(1)(b)) or Legitimate interests (6(1)(f))
Direct marketing to business contactsNews, product updates, event invitesConsent (6(1)(a)) or Legitimate interests (6(1)(f)); compliance with PECR applies
Analytics and site performanceMeasure traffic, improve UX, debug incidentsLegitimate interests (6(1)(f))
Security and fraud preventionDetect abuse, protect accounts and systemsLegitimate interests (6(1)(f))
Legal complianceRespond to lawful requests, enforce termsLegal obligation (6(1)(c))

Where we rely on consent, you can withdraw it at any time. Where we rely on legitimate interests, we balance those interests against your rights.

4. Processors and infrastructure

We use trusted processors to host, send, or store data on our behalf. These processors act only on our instructions and are bound by contracts:

  • Microsoft – authentication, email synchronisation, and sending via Microsoft 365
  • Google – authentication, email synchronisation, and sending via Google Workspace; analytics for site usage and advertising performance measurement
  • Amazon Web Services (AWS) – cloud infrastructure and data storage
  • Upstash – rate limiting and temporary session data
  • Cloudflare – spam protection and security services
  • Mailgun – email delivery and engagement analytics
  • Apollo.io – business contact management and data enrichment

All processors are carefully selected and bound by data processing agreements. We recommend reviewing their respective privacy policies to understand how they handle data.

We may update this list as our stack evolves. Material changes will be reflected in this policy.

5. International transfers

Some processors (e.g., Mailgun, AWS, Apollo.io, Google) may process data outside the UK and EEA. Where transfers occur, we use the ICO-approved International Data Transfer Addendum to the Standard Contractual Clauses (SCCs) or rely on an adequacy decision, as applicable.

6. Retention

We keep personal data only as long as needed for the purposes above or to comply with legal obligations. Waitlist and prospect contact details may be retained to manage ongoing communications about Handle. If you object or withdraw consent, we will suppress your details from further marketing.

7. Your rights (UK GDPR)

You can:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (where applicable)
  • Restrict processing (where applicable)
  • Object to processing, including direct marketing
  • Port your data (where applicable)
  • Withdraw consent at any time for consent-based processing

To exercise rights, email privacy@handle.help. We may request verification. We aim to respond within one month.

You may complain to the UK Information Commissioner's Office (ICO): ico.org.uk.

8. Marketing choices

You can unsubscribe using links in our emails or by contacting us.

If you unsubscribe, we keep a minimal suppression record to honour your choice.

9. Cookies and tracking

We use server-side analytics to measure site usage and marketing performance. We set a first-party cookie on your device to track your session, but all data is anonymised and cannot be used to identify you personally. Your IP address is not shared with analytics providers, and your data is processed in a privacy-preserving way.

Email communications may include pixel tracking to measure opens and clicks. You can disable images in your email client to reduce this, or unsubscribe.

10. Security

We apply technical and organisational measures, including access controls, encryption in transit and at rest (where supported by the platform), least-privilege access, logging, and regular reviews of third-party security posture. No method of transmission or storage is 100% secure.

11. Sharing and disclosures

We may disclose personal data:

  • To processors listed in Section 4
  • To professional advisers (legal, accounting) under duty of confidentiality
  • To authorities where required by law
  • In a business transaction (merger, acquisition, asset sale); your data will remain protected and you will be notified of any material changes

We do not sell personal data.

12. Changes to this policy

We may update this policy. The latest version is available at https://handle.help/legal/privacy. Material changes will be signposted on the site or by email where appropriate.

13. How to contact us

Questions or requests: privacy@handle.help