HandldHandld

Privacy Policy

Last updated: February 2026

1. What We Collect

When you use Handld, we collect the following data:

Account data: your email address (via email, Apple, or Google sign-in); your country and language preferences.

Call data: business names and phone numbers you provide; the questions you select; full call recordings and verbatim transcripts of conversations between our AI and the business; AI-generated answer summaries and translations.

Location data: approximate location (coarse, ~5 km accuracy) collected once during onboarding to detect your country. Only the derived country code is stored on our servers; GPS coordinates are not retained.

Usage data: app launches, screen views, feature interactions, call success/failure rates, and user ratings of answers. This data is collected via PostHog analytics (EU-hosted).

Device data: a pseudonymous device identifier generated by PostHog for analytics. We do not collect your device name, model, or advertising identifier.

Push notification tokens: an Expo push token is stored so we can notify you when a call is complete.

Diagnostic data: crash logs and error reports (error messages, component stack traces) collected via PostHog to identify and fix bugs.

2. How We Use Your Data

We use your data to: operate the Handld service and place AI phone calls on your behalf; generate transcripts, answer summaries, and translations from call recordings; deliver push notifications when your call results are ready; detect your country and language for a localised experience; analyse usage patterns to improve app quality and reliability; diagnose crashes and fix technical issues; and communicate important service updates.

3. Third-Party Services

We share data with the following service providers, each of which processes data under their own privacy policies:

Supabase (EU) — authentication, database hosting, and backend processing. Receives: email, user profile, call data, transcripts, push tokens.

ElevenLabs — AI voice agent that places phone calls. Receives: business phone number and question text. Returns: call transcript and analysis.

OpenAI — transcript processing and translation. Receives: call transcript text and question text only. Does not receive your email, name, or phone numbers.

PostHog (EU) — privacy-focused analytics and error tracking. Receives: pseudonymous usage events, screen views, crash logs, and a device identifier. Session replay is enabled with all text inputs masked.

Apple — authentication via Apple Sign-In. Receives: authentication tokens for identity verification.

Expo — push notification delivery and over-the-air updates. Receives: push token and app version.

We do not sell your data. We do not use advertising networks, third-party tracking SDKs, or data brokers.

4. Data Storage & Security

Your data is encrypted in transit using TLS and stored on Supabase-managed infrastructure with row-level security policies that restrict access to your own data. Authentication tokens are stored on-device using encrypted secure storage (Expo SecureStore). We implement access controls, encryption, and regular security reviews. While no system is 100% secure, we take reasonable measures to safeguard your information.

5. Your Rights (GDPR/CCPA)

Depending on your location, you have the right to: access and receive a copy of your personal data; correct inaccurate data; delete your data ("right to be forgotten"); receive your data in a portable, machine-readable format; withdraw consent for data processing at any time; and object to automated decision-making. To exercise any of these rights, contact us at przemek.paziewski01@gmail.com.

6. Data Retention

We retain your data for as long as your account is active. Call recordings, transcripts, and answer summaries are stored to provide ongoing access to your call history. When you request account deletion, it is scheduled with a 30-day grace period. After 30 days, all personal data — including call recordings, transcripts, and profile information — will be permanently removed, except where retention is required by law.

7. Analytics & Tracking

Handld uses PostHog (EU-hosted) for privacy-focused analytics. We track app usage events (screen views, feature interactions, errors) to improve the product. PostHog generates a pseudonymous device identifier for analytics; we do not use Apple's advertising identifier (IDFA). We do not use advertising trackers, third-party cookies, or sell your data to advertisers. We do not track you across other apps or websites.

8. Children's Privacy

Handld is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

9. International Transfers

Your data is primarily stored and processed in the European Union (Supabase, PostHog). Call transcripts may be processed by OpenAI and ElevenLabs in the United States. Apple processes payment data in the United States. We ensure appropriate safeguards are in place, including standard contractual clauses where required, to protect your data during international transfers.

10. Changes & Contact

We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or via email. If you have questions about this policy or your data, contact us at przemek.paziewski01@gmail.com.