You handle sensitive client data every day — government IDs, financial documents, personal information. We built HNDL knowing exactly what's at stake. Your clients trust you. You need to trust your tools.
HNDL processes personal information, government-issued identification, financial documents, and electronic signatures on behalf of brokers and their clients. We treat every piece of data as if our own mortgage file depended on it.
All client data is stored in Canada (AWS ca-central-1 region via Supabase). This is a Canadian product for Canadian brokers — your clients' PII stays in Canada.
We retain data only as long as your account is active and as needed to provide the service. We don't keep copies of client documents indefinitely. Full details in our Privacy Policy.
We don't sell your data. We don't share it with advertisers. We don't use it for profiling. We don't use tracking pixels or third-party analytics cookies.
Our full privacy policy is available at /privacy. Plain language, no legalese fog.
Our infrastructure providers handle the heavy lifting on security. We chose them specifically for their security track records and certifications.
All data is encrypted at rest using AES-256 encryption via Supabase's managed database. Database backups are encrypted with the same standard.
All data in transit is protected by TLS 1.3. Every connection to HNDL is encrypted — no exceptions.
Automated daily database backups via Supabase Pro. Point-in-time recovery available. Your data survives even if something goes wrong.
Payments handled by Stripe (PCI Level 1 certified). Credit card numbers never touch our servers — they go directly to Stripe.
We didn't build a generic SaaS platform and hope it fits the mortgage industry. We built for the compliance environment Canadian brokers actually operate in.
Our infrastructure runs on Vercel's edge network and Supabase's managed database platform — both built for reliability at scale. We're building uptime monitoring so we can publish real numbers, not just targets.
Application served from the nearest edge node to you via Vercel's global network. Fast load times whether you're in Toronto, Vancouver, or Calgary.
Supabase handles database reliability with automated failover and backups. Vercel handles application hosting with zero-downtime deployments.
We're a small team — if something breaks, we know about it and we fix it. We're building toward a public status page so you can see uptime data for yourself instead of taking our word for it.
We hope we never need this section. But you deserve to know what our obligations are and how we'll handle it.
If a breach creates a real risk of significant harm, PIPEDA requires us to notify the Privacy Commissioner and all affected individuals as soon as feasible. We will do that — no delays, no spin.
No data breaches to date. We intend to keep it that way. This page will be updated if that ever changes — transparency isn't optional.
We're a small team, and that's actually a security advantage. Fewer people means fewer access points, simpler access management, and direct accountability. There's no chain of 14 people between a question and an answer. You can reach the person who built the thing.
Need to share our practices with your compliance officer or brokerage? Start here.
Full privacy policy in plain language
Terms governing use of HNDL tools
Need something else? Email andrew@hndl.app and we'll get you what you need.
We'll keep earning it. Questions? Reach out anytime.
Get in Touch →