Skip to content
Handiro

Legal

Privacy Policy

Version: 2026-05-29

This policy describes how Handiro (“Handiro”, “we”, “us”) collects, uses, and protects your personal data when you use our website at https://handiro.com and any related services.

1. Who we are

Handiro operates this platform under the Handiro brand. You can reach us via our contact form with any privacy question.

2. What we collect

  • Account info · name, email, phone, password (hashed), profile photo.
  • Pro info · bio, services offered, service area, hourly rate, ID / license / insurance documents you choose to upload.
  • Job content · job descriptions, addresses, photos, messages between you and other users.
  • Payment metadata · Stripe / PayPal transaction IDs, amounts, dates. We never store full card numbers.
  • Usage data · IP, browser, device, pages viewed (subject to your cookie preferences).
  • Support chats · transcripts of conversations with our AI assistant or a human teammate · retained 30 days.

3. Why we collect it (legal basis)

  • Provide the service · contract performance.
  • Operate trust + safety features · legitimate interest.
  • Send transactional emails / SMS / push · contract performance.
  • Improve the site · legitimate interest; opt-out via cookie banner.
  • Meet legal / tax obligations · legal obligation.

4. Who we share with

  • Stripe · payment processing (Pro subscriptions + per-job fees).
  • PayPal · alternative payment processing.
  • Supabase · database, file storage, authentication.
  • Resend · transactional email delivery.
  • Anthropic · powers the Forge support chat. Messages may be processed to generate replies. Anthropic does not train on API content.
  • Upstash Redis · rate limiting + caching.
  • Google Maps · geocoding + location services.
  • Google Analytics (GA4) · usage analytics, only with your consent.
  • Vercel · hosting + CDN.

We do not sell your personal information. We share with the above processors only to operate the service. Each processor is bound by a Data Processing Agreement that limits their use of your data to providing services to us.

5. How long we keep data

  • Account info · until you delete your account.
  • Job + booking records · 7 years for tax / dispute records.
  • Payment records · 7 years (legal requirement).
  • Support chat transcripts · 30 days, then automatically purged.
  • Analytics · 14 months (default GA4 retention).
  • Anonymized job data · may be retained indefinitely for aggregate platform statistics.

6. Your rights

You have the right to access, correct, delete, port, and object to processing of your data. To exercise these:

  • Access / export · Settings → “Export my data” (JSON download).
  • Correction · edit your profile in Settings, or email us.
  • Deletion · Settings → “Delete my account” (anonymizes PII; aggregate stats retained for legal records).
  • Object / restrict · contact us via our contact form.
  • Complaint · you can lodge a complaint with your data protection authority.

6.1 California residents · CCPA / CPRA rights

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you the following rights:

  • Right to know what personal information we collect, use, disclose, and sell or share.
  • Right to access the specific pieces of personal information we collected about you in the prior 12 months.
  • Right to delete personal information we collected from you, subject to legal exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing of personal information. Handiro does not sell or share personal information for cross-context behavioral advertising.
  • Right to limit use of sensitive personal information.
  • Right to non-discrimination for exercising your rights.

To submit a request, email our contact form or use Settings → Export / Delete. We will verify your identity via the email on your account and respond within 45 days (we may extend an additional 45 days when reasonably necessary, with notice). An authorized agent may submit a request on your behalf with written authorization.

6.2 Other US state rights

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy laws have rights similar to those above, including access, deletion, correction, portability, and opt-out of targeted advertising / profiling. Handiro does not engage in targeted advertising, profiling, or sale of personal data. You may appeal an adverse decision on a rights request by replying to our denial; we will respond to appeals within 60 days.

7. Cookies and tracking

See our Cookie Policy for the full list. We honor the Global Privacy Control (GPC) signal and the legacy “Do Not Track” header · when sent, we treat your visit as an opt-out of analytics and any future advertising cookies.

8. International transfers

Data is processed in the United States. We rely on standard contractual clauses where applicable for any transfers from the EU / UK.

9. Children

Handiro is not intended for users under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us and we will delete it.

10. Law enforcement and legal process

We may disclose information when required by a valid subpoena, court order, search warrant, or other legal process; to comply with applicable law; to protect the safety of any person; to prevent fraud; or to enforce our Terms. Where lawfully permitted, we will notify the affected user before disclosure so they can object or seek protective measures. Emergency disclosures may be made without prior notice when there is an imminent threat to life or safety.

11. Data breach notification

If we discover a security incident involving your personal information, we will notify you and the appropriate regulators in the time and manner required by applicable law (typically within 72 hours for state breach-notification statutes). Notifications will include the nature of the incident, the categories of information involved, the steps we have taken, and what you can do to protect yourself.

12. Security

We use industry-standard safeguards · encrypted connections (TLS), encrypted storage at rest, hashed passwords, scoped access tokens, role-based access controls, audit logging of staff actions, and regular dependency updates. No method of transmission or storage is 100% secure; we cannot guarantee absolute security but we work hard to protect your data.

13. Changes to this policy

We will email registered users when we make material changes. The most current version is always at this URL.

This Privacy Policy is provided for your information. It is not legal advice. Consult an attorney before relying on any provision.