Last updated: 5 March 2026
Privacy Policy
Handby is committed to protecting your personal data. This policy explains what we collect, why we collect it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Handby is the data controller for personal data processed through handby.uk. We are registered with the Information Commissioner's Office (ICO).
Contact: privacy@handby.uk
2. Data we collect
We collect the following categories of personal data:
| Data | Source | Why we collect it |
|---|---|---|
| Full name | You provide it at registration | To identify your account and display on your profile |
| Email address | You provide it at registration | To authenticate your account and send service notifications |
| Password (hashed) | You provide it at registration | To secure your account — we never store plain-text passwords |
| Profile photo | You upload it optionally | To display on your public provider profile |
| Location / postcode | You provide it or via GPS | To match customers with nearby providers |
| Business name & bio | Providers provide it optionally | To display on your public provider profile |
| Service listings | Providers create them | To show customers what you offer and at what price |
| Quote request messages | Customers write them | To facilitate the introduction between customer and provider |
| Reviews and ratings | Customers submit after a job | To build trust and help other customers choose providers |
| IP address & device info | Collected automatically | For security, fraud prevention, and service reliability |
3. Legal basis for processing
We rely on the following lawful bases under UK GDPR:
- Contract — processing necessary to provide the Handby service to you (e.g. account creation, matching, quote requests)
- Legitimate interests — fraud prevention, platform security, and improving our service
- Legal obligation — where we are required to retain records by law
- Consent — for any marketing communications (you may withdraw consent at any time)
4. How we use your data
- To create and manage your account
- To display provider profiles in search results
- To facilitate quote requests between customers and providers
- To display and moderate reviews
- To send transactional emails (e.g. new quote request notification)
- To detect and prevent fraud or abuse
- To comply with legal obligations
We do not sell your personal data to third parties, nor do we use it for automated decision-making that produces legal or similarly significant effects.
5. Who we share data with
We share data only where necessary:
| Recipient | Reason | Location |
|---|---|---|
| Supabase Inc. | Cloud database and authentication provider (data processor) | EU / USA (adequacy decision applies) |
| Vercel Inc. | Web hosting and deployment platform | USA (adequacy decision applies) |
| postcodes.io | Free UK postcode lookup API — no personal data sent | UK |
| Law enforcement / regulators | Where required by law or court order | UK |
All processors are bound by data processing agreements and are required to protect your data to at least the same standard as Handby.
6. How long we keep your data
| Data | Retention period |
|---|---|
| Account and profile data | Until you delete your account |
| Quote request messages | 2 years after the request closes |
| Reviews | Until you delete your account or request removal |
| Authentication logs | 90 days for security purposes |
| Financial/transaction records | 7 years (legal obligation) |
When you delete your account, all personal data is removed within 30 days, except where we are legally required to retain it.
7. Your rights
Under UK GDPR you have the following rights:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate or incomplete data
- Erasure — ask us to delete your data ("right to be forgotten"). You can also do this directly via Settings → Delete account
- Restriction — ask us to limit how we use your data in certain circumstances
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing
To exercise any of these rights, email privacy@handby.uk. We will respond within 30 days. We may ask you to verify your identity before fulfilling a request.
8. Complaints
If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
We would appreciate the opportunity to address your concerns first — please contact us at privacy@handby.uk before escalating to the ICO.
9. Security
We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords, and access controls to protect your data. However, no method of transmission over the internet is 100% secure. If you believe your account has been compromised, contact us immediately at privacy@handby.uk.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The "Last updated" date at the top shows when this policy was last revised.