Legal

Privacy Policy

What personal information we handle, how we use it, who we share it with, and the rights you have.

Last updated: 29 June 2026

Get a Handl PTY LTD (ABN 53 676 423 304), trading as Handl and Handl Billing (“Handl”, “we”, “us”), is committed to protecting your privacy. Get a Handl PTY LTD is part of the Dazlab group. This policy explains what personal information we handle, how we use it, who we share it with, and the rights you have.

It applies to handl.works, the Handl application, and the client payment portal (together, “the Service”). It sits alongside our Terms of Use and Cookie Policy.

We comply with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

1. Quick summary

  • We collect the information needed to run a billing platform: account details, the data you upload to bill your clients, payment information (via Stripe), and technical usage data.
  • We don’t sell your data, and we don’t use your or your clients’ data to train AI models.
  • Some of your data is processed by third-party services (“sub-processors”) — listed in §6.
  • You have rights to access and correct your information, and to complain to a regulator.

2. The two roles we play — controller and processor

This distinction matters for a billing product, so we want to be clear about it.

  • When the data is about you (our customer) — your name, email, login, billing details, how you use Handl — we are the data controller. We decide how that information is handled, and this policy governs it.
  • When the data is about your clients — the people and businesses you invoice, whose details you upload or sync into Handl — you are the controller and we are your processor. We only handle that data to provide the Service to you and on your instructions. How we do that is set out in our Data Processing Agreement. If one of your clients asks us about their data, we’ll direct them to you.

3. What we collect

Information you give us

  • Account and contact details (name, email, phone, company, role).
  • Billing and subscription details for your Handl plan.
  • The content you put into Handl to do your billing: client names and contacts, project and milestone data, invoices, scope-change orders, rates, and messages.

Information from your connected tools

  • When you connect an integration (project management tools, accounting tools, Stripe) using OAuth, we receive data within the scopes you grant — for example, project and milestone data, or invoice and payment status. You can revoke these connections at any time.

Payment information

  • Client card payments are processed by Stripe on your own connected Stripe account. Handl does not store your clients’ full card details. We receive transaction metadata (amounts, status, references) needed to run billing and reporting.

Information we collect automatically

  • Usage and device data (log data, IP address, browser/device type, pages and features used) and cookies. See our Cookie Policy for detail.

4. How we use information

We use personal information to:

  • Provide and operate the Service — create invoices, send reminders, process payments, forecast cash flow, and run integrations.
  • Run AI and automation features you’ve enabled — see §5.
  • Support, secure, and improve the Service — respond to requests, prevent fraud and abuse, debug, and develop features.
  • Communicate with you — service messages, and marketing you can opt out of at any time.
  • Meet our legal and tax obligations.

We collect for these primary purposes and for closely related secondary purposes you’d reasonably expect. You can unsubscribe from marketing at any time using the link in our emails or by contacting us.

5. AI processing

Handl includes AI features that draft invoices, reminders, and client communications, and help track scope. To do this, relevant billing and project data is processed using Google Gemini on Google Cloud (see §6).

  • We do not allow your data, or your clients’ data, to be used to train third-party AI models.
  • AI output can contain errors; you stay responsible for reviewing material content before it’s relied on or sent, as set out in our Terms.

6. Sub-processors

We use a small number of trusted third parties to run the Service. Each is bound by contract to protect personal information and use it only to provide their service to us.

Sub-processorPurposeRegion
StripePayment processing (on your connected account)Global (incl. US)
Google Cloud (incl. Gemini)Application hosting, storage, email infrastructure, and AI featuresGlobal (incl. US)

Your connected integrations (e.g. Monday, Asana, Jira, ClickUp, Trello, Xero, MYOB) also receive or send data, but they act under your account and your agreements with them, not as our sub-processors.

We keep this list up to date and will give notice of material changes via this page or the DPA.

7. Who else we share information with

Beyond our sub-processors, we may disclose personal information:

  • where you ask us to or consent;
  • where required or authorised by law, or to respond to lawful requests;
  • to protect our rights, users, or the public from fraud, abuse, or harm; and
  • to a successor entity in a merger, acquisition, or restructure (on notice to you).

We do not sell personal information.

8. How long we keep it, and deletion

  • We keep personal information only as long as needed for the purposes above, or as the law requires.
  • Account and customer data: retained while your account is active. After you close your account, you can export your data first; we then delete or de-identify it within a reasonable period, except where we must keep records (for example, financial and tax records, typically up to 7 years under Australian law).
  • Data you process as a controller (your clients’ data) is handled and deleted in line with our DPA and your instructions, subject to the same legal-retention exceptions.

9. Security

We protect personal information using reasonable technical and organisational measures, including encryption in transit, access controls, and limiting who can see what. Card data is handled by Stripe under its PCI-DSS certification — Handl doesn’t store full card numbers. No system is perfectly secure, but we work to keep risks low and to respond quickly if something goes wrong (see §12).

10. Your rights

You can ask us to access or correct the personal information we hold about you, and we’ll respond within a reasonable time. We may need to verify your identity first. We won’t charge to access your information, though we may charge a reasonable admin fee for providing copies.

If your request is about data we process on behalf of one of our customers (i.e. you’re their client), we’ll refer you to that customer, who controls the data.

If you have a privacy concern, contact us first (§13). If you’re not satisfied, you can complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

11. Where the Service is offered, and overseas processing

Handl is intended for customers in Australia and other supported regions. It is not directed at individuals in the EU or EEA, and we don’t offer the Service to EU/EEA-based customers.

Handl is based in Australia and uses sub-processors located overseas (including the United States — see §6), so your information may be stored and processed outside Australia. We take reasonable steps to ensure those parties protect your information consistently with this policy and the APPs.

12. Data breaches

If a data breach occurs that is likely to result in serious harm, we’ll notify affected individuals and the OAIC as required under Australia’s Notifiable Data Breaches scheme.

13. Contact

Questions, requests, or complaints about privacy: support@getahandl.com.

You can also contact the OAIC at oaic.gov.au.

14. Changes to this policy

We may update this policy from time to time. The current version is always on this page, with the “last updated” date at the top. For material changes we’ll take reasonable steps to let you know.