HandleThat

Privacy Policy

Effective: 2026-05-02 · Last updated: 2026-05-14

1. Introduction

ForeverBuilt, LLC (“we”, “us”), a Washington State limited liability company doing business as HandleThat, operates the HandleThat desktop application and the handlethat.app website (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, and what rights you have over it.

2. Information We Collect

  • Account data: email address, encrypted password, display name.
  • Subscription data: tier (BYOK/Starter/Pro), Stripe customer ID, billing history (held by Stripe).
  • Usage data: token counts, API call counts, error logs (no message or document content).
  • Technical data: app version, operating system, IP address for authentication requests.

3. What We DON’T Collect

HandleThat is a local-first desktop app. The following stay on your computer and are never sent to our servers:

  • Meeting transcripts
  • Documents or document content
  • Chat conversations
  • Indexed folder contents
  • Local SQLite database
  • BYOK API keys (encrypted on your device only via Windows DPAPI)

4. How We Use Information

We use collected information to: (a) provide and maintain the Service, (b) process subscription billing, (c) provide customer support, and (d) understand aggregate usage patterns to improve the Service. We do not use your information for advertising or sell it to third parties.

5. AI Processing

When you use HandleThat’s AI features through our managed proxy, the content you submit (chat messages, document summaries you request, meeting transcript excerpts) is sent to Anthropic for processing under Anthropic’s Privacy Policy. We do not retain this content on our servers; we record only token counts for billing. If you provide your own API key (BYOK), your content goes directly from your device to your chosen API provider and never passes through our infrastructure.

6. Data Sharing

We share data with the following service providers, only as needed to provide the Service:

  • Stripe (billing): subscription and payment data
  • Anthropic (AI processing): content you submit when using managed-proxy AI features
  • Supabase (auth and database hosting): account data and usage metrics
  • Deepgram (meeting transcription): audio sent for real-time transcription, not retained
  • Vercel (website hosting and cookieless web analytics): the handlethat.app marketing site is hosted on Vercel and uses Vercel Web Analytics to count anonymous page views. No cookies, no cross-site tracking, no fingerprinting. This applies to the website only — the HandleThat desktop app has no analytics or telemetry.

We do not sell or rent your information to anyone.

7. Data Storage and Security

Account and subscription data are stored in Supabase with encryption at rest and TLS in transit. Local content (transcripts, documents, conversations) stays on your computer. BYOK API keys are encrypted with Windows DPAPI on your device and never transmitted to us.

8. Data Retention

We retain account data for as long as your account is active. When you close your account, account and usage data are deleted within 30 days. Subscription and billing records are retained for seven (7) years per applicable tax law.

9. Your Rights

You have the right to access, correct, export, or delete your account and personal information at any time. To exercise these rights, email support@handlethat.app. We respond within 30 days at no cost.

10. Children’s Privacy

HandleThat is not intended for use by anyone under 16. We do not knowingly collect information from children. If you believe we have, contact us at support@handlethat.app and we will delete it promptly.

11. International Users (EU/UK/California Rights)

ForeverBuilt, LLC is a Washington State company; our service is hosted in the United States (Supabase US infrastructure). If you access HandleThat from the European Economic Area, United Kingdom, or California, additional rights and disclosures apply.

For EU/UK users (GDPR):

  • Legal basis: contract performance (providing the service you signed up for) and legitimate interest (security, fraud prevention, improvement).
  • Your rights: access, rectification, erasure, portability, restriction, objection, automated-decision opt-out, and to lodge a complaint with your local Data Protection Authority.
  • Data transfer: Your data is transferred to and stored in the United States under Standard Contractual Clauses (SCCs) and applicable adequacy frameworks.
  • Data Protection Contact: support@handlethat.app

For California users (CCPA/CPRA):

  • We do not sell or share your personal information for cross-context behavioral advertising.
  • Your rights: right to know, right to delete, right to correct, right to opt-out of sale (we don’t sell), right to limit use of sensitive personal information, right to non-discrimination.
  • Categories collected: identifiers (email, account ID), commercial info (subscription tier), internet activity (token usage logs), inferences (none — we don’t profile).

To exercise any of these rights, email support@handlethat.app. We respond within 30 days, charge no fee, and verify identity before processing.

12. Cookies and Tracking

The handlethat.app website uses a single “strictly necessary” cookie for authentication (provided by Supabase). The website also uses Vercel Web Analytics for anonymous page-view counts — this is cookieless and does not track individuals or sessions across sites. The HandleThat desktop app uses no analytics SDK and contains no third-party trackers. We do not use any advertising or behavioral-tracking cookies anywhere.

13. Changes to This Policy

If we make material changes to this policy, we will notify you by email and post a notice in the app at least 30 days before they take effect. Continued use of the Service after changes take effect indicates acceptance.

14. Contact

ForeverBuilt, LLC d/b/a HandleThat
16915 SE 272nd St, Ste 100 #8118
Covington, WA 98042
Email: support@handlethat.app