Legal
Privacy Policy
Effective date: March 12, 2026
HNDL ("we," "us," "our") operates the hndl.app website and related mortgage broker tools (OnBoard, Complai, DocAI, RespondAI). This privacy policy explains how we collect, use, store, and protect your personal information in compliance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).
The short version: We collect only what we need to provide our tools. Your data is stored in Canada. We don't sell it, share it with advertisers, or use it for anything other than running the service you signed up for.
1. Information we collect
Information you provide directly
- Account information: Name, email address, and business name when you create an account or join a waitlist
- Client information (processed on your behalf): When you use tools like Complai or OnBoard, your clients may provide personal information including names, contact details, and identification documents through our platform. You are the data controller for this information — we process it on your behalf
- Financial documents: Bank statements and other financial documents uploaded through DocAI for analysis
- Communications: Messages you send through our contact form or to our support email
Information collected automatically
- Usage data: Pages visited, features used, and general interaction patterns
- Device information: Browser type, operating system, and device type (for ensuring our tools work correctly)
- Log data: IP addresses and timestamps for security purposes
2. How we use your information
We use the information we collect to:
- Provide, operate, and improve our tools
- Process and analyze documents on your behalf (DocAI)
- Manage compliance workflows for your clients (Complai, OnBoard)
- Send you transactional emails (account confirmations, product updates)
- Respond to your inquiries and support requests
- Maintain the security of our platform
We do not use your information for advertising, profiling, or any purpose unrelated to providing the service.
3. Where your data is stored
All personal and client data is stored in Canada (AWS ca-central-1 region). We chose Canadian data residency because this is a Canadian product built for Canadian mortgage brokers, and your clients' data should stay in Canada.
We do not sell, rent, or trade your personal information to any third party. We do not share data with advertisers or data brokers.
4. How we protect your data
- All data is encrypted at rest using AES-256 encryption
- All data in transit is protected by TLS 1.3 (HTTPS)
- Client data is isolated using row-level security (RLS) at the database level — HNDL staff cannot view your clients' documents, identification records, or financial information. Only you can access data associated with your account
- We never store credit card numbers — payment details go directly to our payment processor
- Database backups are automated daily
5. Data retention
We retain your data for as long as your account is active and as needed to provide our services. If you stop using HNDL, we will retain your data for a reasonable period to allow you to reactivate, after which it will be deleted.
Client documents processed through our tools (bank statements, identification documents) are retained only as long as necessary for the service. We do not keep copies of client documents indefinitely.
6. Your rights under PIPEDA
As a Canadian resident, you have the right to:
- Access — Request a copy of the personal information we hold about you
- Correction — Request correction of inaccurate or incomplete information
- Withdrawal of consent — Withdraw your consent for us to use your information (this may mean we can no longer provide the service)
- Complaint — File a complaint with the Office of the Privacy Commissioner of Canada if you believe we have violated your privacy rights
To exercise any of these rights, contact us at andrew@hndl.app.
7. Cookies
We use only essential cookies required for the platform to function (authentication, session management). We do not use advertising cookies, tracking pixels, or analytics cookies that follow you across the web.
8. Changes to this policy
We may update this privacy policy from time to time. When we do, we will update the effective date at the top of this page. For significant changes, we will notify you by email.
9. Contact
If you have questions about this privacy policy or how we handle your data: