Trust & security

Your data. Your clients. Here’s how we handle it.

Handl connects to your project tools, your accounting software, and your clients' payments. That's a lot of trust. Here's exactly what we do with it — no jargon, no over-claiming.

Let’s be straight. Handl touches money — your invoices, your clients’ details, your payment flows. Google calls products like this “Your Money or Your Life,” and rightly holds them to a higher bar. So do we. This page lays out what we protect and how, in plain English. Where something’s in progress, we say so.

Security

Data encryption

All data transmitted between you, your clients, and Handl is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256.

Your invoice data, client details, and payment records are never stored in plain text.

Handl security overview.
Handl integration permissions.

Integrations

What our integrations can touch

Handl connects to:

  • Monday.com, Asana, Jira, ClickUp, Trello — project milestone data only (we read task/milestone status; we don’t access unrelated project content)
  • Xero, MYOB— invoice and client data for sync (read/write scoped to invoicing only)

OAuth is used for all integrations — you grant permission through the provider’s own auth flow. Handl stores only the access token required for the connected function. You can revoke access at any time from within Handl or directly from the integration provider’s settings.

Payments

Handl does not store payment card details. Payment processing is handled through Stripe, which is PCI-DSS Level 1 compliant — the highest level of certification available for payment processors.

When your client pays through the Handl client portal, their card details go directly to the payment processor. Handl never sees them.

Where your data lives

We do not sell, share, or license your data to third parties. Ever. Your client list, invoice history, and billing data are yours.

Who can access your account

Only you (and any team members you explicitly invite) can access your Handl account. Our support team can access account metadata for troubleshooting purposes only, with your permission, and only when you’ve raised a support request.

We don’t browse customer accounts for any purpose other than resolving a support issue you’ve raised.

Compliance

StandardStatus
GDPR (EU data subjects)Compliant — see Privacy Policy
Australian Privacy ActCompliant
PCI-DSS (via payment processor)Compliant via Stripe
SOC 2 Type IIOn the roadmap — not yet certified

We won’t claim a badge we haven’t earned. If you need SOC 2 today for procurement, talk to us and we’ll tell you exactly where we’re at.

A man looking at a laptop.

If something goes wrong

We monitor Handl’s infrastructure continuously. In the event of a security incident that affects your data, we will:

  1. Notify affected users within 72 hours of becoming aware of the breach
  2. Provide a clear description of what was affected and what we’ve done about it
  3. Cooperate fully with any relevant regulatory authority

Who’s behind Handl

Handl is built by Dazlab Pty Ltd — an Australian company. It’s a founder-led product: Darren Clark spent over 20 years running digital agencies and chased plenty of late invoices the hard way before building this.

That matters for trust. There’s a real company and a real person behind it, not a faceless brand. More on the studio at Built by Dazlab; full company details live on our Privacy Policy and Contact pages.

Questions about security or data?

Email us at security@handl.works — or use the contact form. We respond to security-related queries within 1 business day.

Reclaim your time

Stop being your own debt collector.

Get paid faster with automated invoicing and reminders.

The Handl Sales Pipeline dashboard showing forecast, milestones and weekly totals.