Handysafe

Privacy Policy

Last Updated: May 16, 2026

Welcome to Handysafe. We are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how Handysafe (“we”, “us”, or “our”) collects, uses, processes, and stores your personal information when you use our platform, communicate with us via WhatsApp, or interact with our services in the United Kingdom.

1. Important Information and Who We Are

Handysafe is the data controller responsible for your personal data.

If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our Data Privacy Team at hello@handysafe.co.uk.

2. The Data We Collect About You

We may collect, use, store, and transfer different kinds of personal data about you, which we group as follows:

A. For Homeowners / Customers:

  • Identity Data: First name, last name.
  • Contact Data: Mobile telephone number (specifically your WhatsApp-linked number), home/billing address (for handyman visits).
  • Transaction Data: Details about payments to and from you, details of services you have booked, quotes sent, and jobs completed.
  • Media Data: Photos or videos of repair issues you upload via WhatsApp to request quotes.

B. For Handymen / Service Professionals:

  • Identity Data: First name, last name, date of birth, government-issued ID (processed via Stripe Identity).
  • Contact Data: Mobile telephone number, business address, email address.
  • Vetting Data: Background check results (Basic/Enhanced DBS certification numbers processed securely via uCheck API) and Public Liability Insurance (PLI) documentation.
  • Financial Data: Bank account details linked via Stripe Connect to receive payouts.

3. How We Use Your Data and the WhatsApp Ecosystem

Our platform relies heavily on Meta’s WhatsApp Business Cloud API to facilitate seamless communication and bookings.

A. Communication via WhatsApp

When you interact with Handysafe via WhatsApp, your data passes through Meta’s secure infrastructure.

  • Chat Logs: We temporarily and permanently log messages, images, and transaction milestones transmitted through our WhatsApp bot within our secure Amazon Web Services (AWS) servers.
  • Marketing via WhatsApp: We will only send you promotional messages or service updates via WhatsApp if you have explicitly opted-in to receive them. You can opt-out at any time by replying with the word “STOP”.

B. Meta Webhook and API Logging

To automate scheduling and invoicing, we utilize automated webhooks. When Meta pushes a webhook event to our backend, it contains details such as your WhatsApp phone number, profile name, and message payload. These are instantly ingested, processed, and logged into our access-controlled database to fulfill your service requests.

4. How Your Data is Safely Stored (Infrastructure)

All data collected by Handysafe is stored securely within Amazon Web Services (AWS) data centres located inside the United Kingdom (London Region).

We employ strict corporate and technical safeguards, including:

  • Encryption: Data is encrypted both in transit (using HTTPS/TLS 1.3) and at rest within our databases.
  • Serverless Security: Our application logic runs via AWS Lambda using modern, secure execution environments. Access logs are carefully audited via AWS CloudWatch.
  • Isolation: Phone numbers and communications are compartmentalized so that service providers and customers can interact securely through our platform without unnecessary exposure of permanent personal phone numbers.

5. Third-Party Disclosures & Integrations

We do not sell your personal data. To run our service, we share necessary data with trusted third-party microservices who act as data processors:

  1. Meta Platforms, Inc. (WhatsApp Cloud API): To deliver messages and media between you and the platform.
  2. Stripe Payments UK Ltd: To process payments, hold funds in escrow, and execute identity verification. Handysafe does not store raw credit card information on its servers.
  3. uCheck (or equivalent DBS API provider): To independently verify the criminal record and background suitability of participating handymen.

6. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

  • Customer Communication and Media: Photos of jobs and chat transcripts are retained for up to 6 years following the completion of a transaction to manage potential insurance claims under our Guarantee or to resolve disputes.
  • Handyman Records: Vetting documentation and onboarding files are kept for the duration of your membership on the platform plus 5 years post-deactivation for compliance monitoring.

7. Your Legal Rights Under UK GDPR

Under UK data protection laws, you have comprehensive rights in relation to your personal data, including the right to:

  • Request access to your personal data (commonly known as a “data subject access request”).
  • Request correction of any incomplete or inaccurate data we hold about you.
  • Request erasure of your personal data (“the right to be forgotten”).
  • Object to processing or request the restriction of processing of your personal data.
  • Request the transfer of your personal data to you or a third party.
  • Withdraw consent at any time where we are relying on consent to process your data.

To exercise any of these rights, please email us directly at hello@handysafe.co.uk. We aim to respond to all legitimate requests within one calendar month.

8. Complaints

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us first.