TOS
Handles.org
Handles Privacy Policy
Handles.org Privacy Policy
Effective Date: 29/05/2025
This Privacy Policy explains how Handles Group Ltd ("Handles, "we," "our") collects, uses, shares and protects personal data when you ("Customer" or "you") visit Handles.org, create an account, or otherwise use our social‑media operating‑system services (the "Service"). It also describes your privacy rights and how UK data‑protection law applies.
Handles Group Ltd is registered in England & Wales with its registered office at Suite 5 Manor House, 1 Macauley Road, Broadstone, BH18 8AS, United Kingdom. For the purposes of UK GDPR and the Data Protection Act 2018, Handles is the data controller of the personal data described below.
1. Personal Data We Collect
Category | Examples | Source | Purpose |
---|---|---|---|
Account Data | Name, business email address, job title, organisation, OAuth identity‑provider ID, profile picture (if supplied by IdP) | Provided by you or your employer via OAuth | Create and administer Workspace accounts, authenticate users, provide support |
Social‑Media Data | Access tokens, account IDs, channel metadata, post analytics | Pulled via authorised API connections to third‑party social‑media platforms | Enable workspace features, schedule posts, generate analytics |
Billing Data | Payment method, card‑holder name, last four digits, billing address, VAT number | You directly to our payment processor (Stripe) | Process subscription fees, detect fraud, comply with tax laws |
Usage & Device Data | Log files, IP address, browser type, device identifiers, pages viewed, actions taken | Collected automatically via cookies and server logs | Service security, performance, and product analytics |
Support Data | Contact details, summary of issue, diagnostic logs | You via email or chat | Respond to enquiries and resolve incidents |
We do not intentionally collect or require sensitive data (special categories) or personal data of children. The Service is restricted to enterprise users aged 18 years or older.
2. How We Use Personal Data (Legal Bases)
Purpose | Legal Basis (UK GDPR Article 6) |
---|---|
Provide, secure and maintain the Service | Contract (Art. 6 (1)(b)) |
Process subscription payments | Contract; Legal obligation for accounting (Art. 6 (1)(c)) |
Detect, prevent or investigate fraud and abuse | Legitimate interests (Art. 6 (1)(f)) |
Improve and develop our products | Legitimate interests |
Send service‑related communications | Contract |
Send optional marketing communications (e.g., product updates, webinars) | Consent (Art. 6 (1)(a)); you may opt out at any time |
Comply with applicable laws, court orders, or regulatory requirements | Legal obligation |
3. Sharing & Disclosure
We share personal data only as described:
Service Providers (Processors). Hosting (e.g., AWS UK/EU), payment processing (Stripe), email delivery, analytics, and customer‑support platforms.
Social‑Media Platforms. When you connect a social‑media account, we disclose OAuth tokens and content to that platform as necessary to deliver the Service.
Corporate Affiliates. Within the Handles corporate group on a need‑to‑know basis.
Business Transfers. In connection with a merger, acquisition, or sale of assets (you will be notified before data is transferred).
Legal & Compliance. Where required to comply with law, enforce agreements, or protect rights, property or safety.
We do not sell personal data.
4. International Transfers
Your personal data may be transferred outside the UK/EEA (e.g., to AWS regions or Stripe in the United States). Where we do so, we rely on UK Addendum‑approved Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms, and we implement appropriate safeguards.
5. Data Security
We employ administrative, technical, and organisational measures designed to protect personal data, including:
Encryption in transit (TLS 1.2+) and at rest for core databases
OAuth 2.0 / OpenID Connect authentication
Role‑based access controls and least‑privilege principles
Routine penetration testing and vulnerability management
ISO 27001‑aligned security policies (audit pending)
However, no internet transmission is completely secure; you acknowledge that risk when using the Service.
6. Data Retention
Data Category | Default Retention Period |
---|---|
Account & Workspace data | For the duration of the subscription + 90 days |
Social‑media access tokens & analytics | Rotated or deleted upon workspace deletion or token revocation |
Billing records | 7 years to comply with HMRC accounting requirements |
Support tickets & logs | 2 years after ticket closure |
Backup archives | Encrypted; purged on a rolling 30‑day schedule |
We may retain data longer if required to establish, exercise or defend legal claims.
7. Your Rights
Subject to certain limitations, you have the following rights under UK GDPR:
Access – obtain a copy of your personal data.
Rectification – have inaccurate or incomplete data corrected.
Erasure – request deletion where we have no lawful basis to continue processing.
Restriction – limit processing under certain circumstances.
Portability – receive your data in a structured, machine‑readable format.
Objection – object to processing based on legitimate interests or direct marketing.
Withdraw consent – where processing is based on consent.
To exercise any right, email privacy@handles.org. We may need to verify your identity. If you are not satisfied with how we handle your request, you may lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.
8. Cookies & Tracking Technologies
We use cookies and similar technologies to:
Maintain session authentication (strictly necessary)
Collect anonymised usage analytics via Matomo or Google Analytics (analytics)
You can manage cookie preferences through your browser settings or via the in‑app cookie banner at first login.
9. Third‑Party Links
The Service may contain links to third‑party sites. We are not responsible for their privacy practices. We encourage you to read their privacy notices.
10. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be notified via email or in‑app message at least 30 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.
11. Contact Us
If you have questions about this Policy or our privacy practices, please contact us at:
Data Protection Officer (DPO)
Handles Group Ltd
Suite 5 Manor House, 1 Macauley Road
Broadstone, BH18 8AS, United Kingdom
Email: privacy@handles.org
© Handles Group Ltd, 2025. All rights reserved.
Feb 4, 2025
Digital Identity & The Handle Economy
Everybody wants their name on their favourite social media platform. To be the ONLY person in the world who can indisputably call themselves @Jane would be a flex of atmospheric proportions.

Written by
Handles Team

Feb 4, 2025
Digital Identity & The Handle Economy
Everybody wants their name on their favourite social media platform. To be the ONLY person in the world who can indisputably call themselves @Jane would be a flex of atmospheric proportions.

Written by
Handles Team

Feb 4, 2025
Digital Identity & The Handle Economy
Everybody wants their name on their favourite social media platform. To be the ONLY person in the world who can indisputably call themselves @Jane would be a flex of atmospheric proportions.

Written by
Handles Team

Feb 4, 2025
Digital Identity & The Handle Economy
Everybody wants their name on their favourite social media platform. To be the ONLY person in the world who can indisputably call themselves @Jane would be a flex of atmospheric proportions.

Written by
Handles Team
