Handlet Subprocessors
Handlet uses trusted third-party service providers to operate, secure, support, and improve the platform.
This page explains the main providers that may process personal data on Handlet's behalf. Not every provider is used for every customer, workspace, feature, or integration. Some providers only apply if you enable a particular feature, connect a channel, use billing, or opt into analytics.
Where a provider processes personal data for Handlet, we aim to use the provider's standard data processing terms, appropriate contractual safeguards, and transfer mechanisms such as adequacy decisions, the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, or Standard Contractual Clauses where relevant.
Provider Register
Providers described as core or feature-dependent may process personal data when the relevant production service or customer feature is enabled. Providers described as planned do not process customer personal data unless and until they are activated and the register and required notice are updated.
| Provider | Purpose | Typical data categories | Region / transfer note | Safeguards and terms |
|---|---|---|---|---|
| Supabase | Database hosting, authentication, edge functions, and file storage. | Account data, authentication data, workspace data, customer communication data, files, audit records, operational metadata. | Production project cltsxdfbubbuxwmvlztz is pinned to eu-west-1 (Ireland / EEA). Transfers and subprocessors are governed by Supabase terms and DPA. | Privacy, DPA. |
| Vercel | Application hosting, deployment, and delivery. | Technical logs, request metadata, app runtime data, limited operational data processed by server-side code. | Region depends on deployment configuration and Vercel infrastructure. Transfers are governed by Vercel terms and DPA. | Privacy, DPA, Security. |
| Railway | Backend infrastructure hosting, including Presidio services where configured. | Service logs, operational metadata, and message text processed by self-hosted Presidio Analyzer/Anonymizer before external AI/workflow use. | Presidio production target is West Europe / EEA unless otherwise approved. Transfers are governed by Railway terms and DPA. | Privacy, DPA. |
| Stripe | Subscription billing, checkout, payment processing, invoices, refunds, and billing portal. | Account holder details, billing details, payment metadata, invoice and subscription records. | Stripe may process data internationally under its published privacy and data processing terms. | Privacy, DPA, Sub-processors. |
| Resend | Transactional email delivery, including login links, password resets, and system notifications where configured. | Email address, message delivery metadata, transactional email content. | Resend may process data internationally under its published DPA and transfer terms. | Privacy, DPA. |
| Unipile | Connecting and syncing user-authorised inbox and messaging channels. | Connected-account identifiers, channel metadata, messages, attachments, thread metadata, provider account status. | Provider processing may involve Unipile infrastructure and the connected messaging provider selected by the customer. | Privacy, Terms. |
| n8n | Workflow automation and integration orchestration. | Workflow payloads, delivery logs, callback metadata, anonymised/minimised message context where Presidio applies. | Depends on whether workflows are self-hosted or cloud-hosted and the configured region. | Privacy, Sub-processors, Privacy docs. |
| OpenAI | AI-assisted processing where configured, such as embeddings, drafting, classification, or other model calls. | Prompt/context data, anonymised or minimised message context where the Presidio pipeline applies, technical metadata. | Processing and transfers are governed by OpenAI business terms, DPA, and subprocessor list where applicable. | Business privacy, DPA, Sub-processors. |
| OpenRouter | Optional AI model-routing fallback for limited tone features where configured. It must not be enabled for live personal data until Handlet has approved the applicable DPA, downstream model-routing, retention, training, and transfer position. | Redacted message samples, prompts, generated tone profiles or previews, and technical metadata. | Routing and downstream processing locations depend on the selected model and configuration. | Privacy. |
| Vapi | Optional call-agent and voice-assistant integrations. | Call metadata, caller/callee details, assistant context, transcripts, recordings, call outcomes, and related operational data where call-agent features are enabled. Provider-side recording or transcript storage may persist under Vapi's retention unless removed through Handlet's documented manual erasure paths. | Region and transfer position depends on the configured Vapi account and downstream providers such as OpenAI, Microsoft Azure voice, Deepgram transcription, and Twilio transport. | Privacy, customer agreement or DPA and subprocessor chain where applicable. |
| Microsoft Azure (Cognitive Services / voice) | Optional voice synthesis for call-agent integrations where configured through Vapi. | Text supplied for voice generation, generated audio, and related technical metadata. | Typically US-based; transfer position must be covered through Vapi's subprocessor chain or direct Microsoft terms where applicable. | Privacy, DPA. |
| Deepgram | Optional speech-to-text transcription for call-agent integrations where configured through Vapi. | Call audio, transcript output, and related technical metadata. | Typically US-based; transfer position must be covered through Vapi's subprocessor chain where applicable. | Privacy, DPA. |
| Twilio | Optional telephony, voice routing, or communication infrastructure where configured. | Phone numbers, call/SMS metadata, routing data, call records, and related communication metadata. | Twilio may process data internationally under its published DPA and transfer terms. | Privacy, DPA, Sub-processors. |
| ElevenLabs | Optional voice preview, text-to-speech, or voice features where configured. | Text submitted for voice generation, generated audio, voice configuration metadata, technical logs. | ElevenLabs may process data internationally under its published privacy and DPA terms. | Privacy, DPA. |
| Google OAuth / Google Workspace / Google Business Profile | Optional login, connected Gmail/Google Workspace channels, and the Google Business Profile reviews integration (reading and replying to Google reviews) where authorised by the user. | OAuth identifiers, profile details, mailbox/channel data, messages and metadata where connected; reviewer names, review text, ratings, and business-location data where the reviews integration is enabled. | Google acts under its own terms and the user's Google authorisation (US-based; processing governed by Google's terms). | Privacy. |
| Meta / Facebook | Optional Facebook Page reviews and ratings integration (reading and replying to Facebook reviews) where authorised by the user. | Page access tokens, reviewer names, review/recommendation text, ratings, and Page metadata. | Meta acts under its own terms and the user's Facebook authorisation (US-based; processing governed by Meta's terms). | Privacy. |
| Microsoft / Outlook / Microsoft 365 | Optional connected Outlook/Microsoft 365 channels where authorised by the user. | OAuth identifiers, mailbox/channel data, messages and metadata where connected. | Microsoft acts under its own terms and the user's Microsoft authorisation. | Privacy. |
| Google Analytics | Optional website or product analytics where enabled and consented. | Usage events, page views, device/browser metadata, approximate location and analytics identifiers. | Analytics only loads where configured and permitted by consent settings. | Privacy, Terms. |
| PostHog | Planned product analytics and usage insights. PostHog is not an active production subprocessor unless this status is changed and customers are notified where required. | Product usage events, feature usage metadata, device/browser metadata, analytics identifiers where enabled. | Region depends on PostHog configuration and deployment model. Non-essential analytics requires consent where applicable. | Privacy. |
| Sentry | Error monitoring and reliability diagnostics where configured. | Error traces, stack traces, performance events, environment metadata, limited request/user metadata if included in logs. | Region and transfer position depends on configured Sentry account. | Privacy, DPA. |
| Cloudflare Turnstile | Optional CAPTCHA and form-abuse prevention where configured. | IP address, device/browser, and security-challenge metadata. | Cloudflare global infrastructure and transfer terms may apply. | Privacy, DPA. |
Connected Customer Services
Some services are not always Handlet subprocessors in the strict legal sense because they are selected and authorised by the customer or account user. For example, when you connect Gmail, Outlook, WhatsApp, SMS, or another channel, that provider may process data under its own terms and your authorisation.
Handlet's role is to help you connect, sync, and manage those channels through supported integrations. You are responsible for ensuring that your use of connected services complies with the provider's terms and any notices you owe to your own customers.
Connected CRM Systems
Where you choose to connect an external CRM or job-management system, Handlet imports contact and job records you authorise so they can be matched to conversations and used for service delivery. The CRM provider is selected and authorised by you; data is exchanged with that provider's API under your authorisation and the provider's own terms.
| CRM provider | Purpose | Typical data categories | Note |
|---|---|---|---|
| Squeegee (incl. Cleaner Planner) | Import end-customer contact and job records for matching and service delivery. | End-customer names, email addresses, phone numbers, contact identifiers, job/booking details. | Customer-authorised connection; processed under the provider's terms and the customer's authorisation. |
| Aworka, Get Soapy, Joblynk, Round Monster, Overture | Catalogued CRM connectors that import end-customer contact and job records where the connector is enabled. | End-customer names, email addresses, phone numbers, contact identifiers, job/booking details. | Customer-authorised connection; activated only where the customer connects the relevant provider. |
You are responsible for ensuring you have a lawful basis to import your customers' data into Handlet and for any notices you owe to those customers. Imported CRM data is subject to the CRM retention rules described in the Privacy Policy.
UK Lookup and Enrichment Services
Some features query UK public-data and lookup services. These are independent controllers operating under their own terms; data sent is limited to what the lookup requires, and all are UK-based (no international transfer).
| Service | Purpose | Typical data categories | Note |
|---|---|---|---|
| Companies House | Company lookup during onboarding. | Company name, number, registered address (which for sole traders may include personal names/addresses). | UK Crown body; independent controller. |
| Ordnance Survey (OS Places) | Address lookup for quotes and service requests. | End-customer postal addresses queried for matching/auto-complete. | UK-based; processed for address resolution only. |
| EPC Register (Energy Performance of Buildings) | Property energy-performance enrichment for quoting where enabled. | Property address and energy-performance data by address. | UK government register; independent controller. |
Presidio PII Redaction
Handlet uses a Presidio-based PII detection and anonymisation pipeline before certain external AI or workflow processing. The Presidio Analyzer and Anonymizer are operated as Handlet-controlled services through the hosting provider listed above, rather than as a separate third-party SaaS processor.
More detail is available in the Privacy Policy, How we process personal data, and Intelligence & Benchmarking Policy.
Updates and Changes
Handlet reviews this register when:
- a new provider is added;
- a provider starts processing a new category of personal data;
- a provider is removed;
- a region, transfer safeguard, or DPA changes; or
- a material product feature changes where data is sent.
For a new or replacement subprocessor that will process customer communication data, Handlet will provide at least 30 days' prior written notice under the DPA, except where an urgent security, legal, or service-continuity issue makes that period impracticable. Customers may object on reasonable data-protection grounds using the process in the DPA.
Questions about subprocessors can be sent to privacy@handlet.ai.