Privacy Policy
Handle AI Pty Ltd (formerly Cupcake AI Pty Ltd) (ACN 673 132 888) registered in Chatswood NSW 2067 (“Handle”, “we”, “us” or “our”) is committed to providing quality services to you and to respecting your privacy.
This privacy policy sets out how we collect, use, process, store, share and disclose your Personal Information (as defined in section 1 below) from the operation of our website at https://www.handle.work/ (“Website”), our product, being an AI assistant builder (“Platform”), our services, including support and solution enhancement services in respect of the Platform (each of the Website, Platform and services, together the “Services”) (“Privacy Policy”). Please note that if you are a Handle customer, when you signed up for any of our Services, you agreed to our terms and conditions by entering into an agreement with Handle, which includes obligations in this Privacy Policy.
We are committed to protecting your privacy and respecting and upholding your rights under the Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988 (Cth) and the General Data Protection Regulation (EU 2016/679) (the “GDPR”), and if applicable, the California Consumer Privacy Act (“CCPA”) and any other relevant laws pertaining to privacy of individuals in jurisdictions which our Services are available (collectively, “Privacy Laws”).
We are a data controller for the purposes of the GDPR, but in some circumstances may be a data processor. We ensure that we will take all necessary and reasonable steps to comply with the relevant Privacy Laws and to deal with inquiries or complaints from individuals about compliance with the relevant Privacy Laws.
By accessing and using our Services, you freely and expressly consent to the collection, use, processing, storage and disclosure of Personal Information by us as set out in this Privacy Policy.
1. Information collected by Handle
Personal information is any information relating, directly or indirectly, to an identified or identifiable natural person (“Personal Information”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
The type of Personal Information we collect from you includes, without limitation, the following:
2. How we collect your Personal Information
We will collect Personal Information only by lawful and fair means and never in an unreasonably intrusive way. Generally, we will collect your Personal Information:
If you use a pseudonym when dealing with us or you do not provide identifiable information to us, we may not be able to provide you with any or all of our services as requested.
We require individuals to provide accurate, up to date and complete Personal Information at the time it is collected
3. We do not collect sensitive personal information
We will not collect sensitive Personal Information or special categories of Personal Information (as defined under the relevant Privacy Laws) from you. We ask that you do not send us, or do not disclose, any sensitive personally identifiable information (such as information related to racial or ethnic origin, sex life or sexual orientation, political opinions, religious or other beliefs, genetic or biometric data, health criminal background or trade union membership) on or through our Services. If you do provide any sensitive Personal Information, we will require that you provide express consent to us collecting that information as part of you using our services.
4. Information about minors
Our Services are not intended for users under the age of 18. We acknowledge that the definition of a “minor” changes between jurisdictions, however, we do not knowingly seek or collect Personal Information from any children below the age of 18 years. Any Personal Information found to have been provided by a user under the age of 18 will be removed as soon as possible and we will cease the use of that Personal Information and deactivate any related account.
5. How your Personal Information is used
We use, process and disclose your Personal Information for the purposes for which the information is collected, or for a directly related purpose, including (but not limited to):
Where we:
we may use and process your Personal Information to send you information about products and services we believe are suited to you and your interests or we may invite you to attend special events.
At any time, you may opt out of receiving direct marketing communications from us. Unless you opt out, your consent to receive direct marketing communications from us and to the handling of your Personal Information as detailed above will continue. You can opt out by following the unsubscribe instructions included in the relevant marketing communication, or by contacting us in writing at hello@handle.work.
6. Who we may need to disclose your Personal Information to
We may disclose your Personal Information to the following service providers:
We will only disclose any Personal Information you have provided to any entity outside of the Handle corporate group if it is necessary and appropriate to facilitate the purpose for which your Personal Information was collected pursuant to this Privacy Policy. We engage third-party vendors to help deliver our services, including Workplace Platforms and security platforms (each a “Service Provider”).
We use Vanta Inc. (www.vanta.com) (“Vanta”), a third-party compliance and security management platform, to maintain an up-to-date list of our vendors. For more information about our current vendors, please see https://trust.handle.work, or contact us at security@handle.work.
When entering into a transaction with us you expressly and freely consent to your Personal Information being disclosed or transferred to any of the above Service Providers. We will take steps reasonably necessary to ensure your Personal Information is treated securely and in accordance with this Privacy Policy. We use reasonable endeavours to ensure that each Recipient receiving your Personal Information is bound by the relevant Privacy Laws (including the standard contractual clauses approved by the European Commission). The standard contractual clauses are available on the European Commission’s website at https://ec.europa.eu/info/law/law-topic/data-protection_en.
7. How we store and protect your Personal Information
We all reasonably necessary measures to protect the information we collect through our Services which are stored electronically. We take reasonable steps to protect your Personal Information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your Personal Information.
However, we cannot guarantee the absolute security of any Personal Information transmitted over the internet and therefore you disclose information and Personal Information to us at your own risk. We will not be liable for any unauthorised access, modification or disclosure, or misuse of your Personal Information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law.
If we no longer need your Personal Information for any of the purposes set out in this Privacy Policy, or as otherwise required by the relevant Privacy Laws, we will take such steps as are reasonable in the circumstances to destroy your Personal Information or to de-identify it.
Your Personal Information may be stored and processed in countries outside of your location, including in jurisdictions that may have different privacy and data protection standards. We use Vanta, to maintain an up-to-date record of the countries where that Personal Information is stored and processed. If you would like more information about these locations, please see https://trust.handle.work, or contact us at security@handle.work.
8. How long do we store your information for?
We retain user data as long as an account is active. If an account has been inactive for 24 months, we will endeavor to delete that user data from our platform.
You can streamline this deletion process by requesting that your account be deleted, in-app, via our contact form or by emailing hello@handle.work. Once we receive a deletion request, we aim to delete user data within 30 days.
9. What is our legal basis?
Under the GDPR, we must have a legal basis to process Personal Information collected from individuals residing in the European Union. We rely on several legal bases to process your Personal Information, including:
10. Cross-border disclosure of Personal Information
We may disclose your Personal Information to third-party recipients located in or outside of the jurisdiction in which Personal Information is provided in order to provide our Services to you. As at the date of this Privacy Policy, such third-party recipients are located in USA, Australia and other countries whose laws may not be recognised by the EU Commission as providing an adequate level of protection to Personal Information. It is possible that additional third parties from other countries may be recipients in the future.
In order to protect your information, we take care where possible to work with subcontractors and service providers who we believe maintain an acceptable standard of data security compliance.
When entering into a transaction with us you consent to your Personal Information being disclosed or transferred to such third-party recipients and you acknowledge and agree that we have no obligation to take such steps as are reasonable in the circumstances to ensure that the information that is transferred or disclosed to the third-party recipients will be treated in a manner that is consistent with the relevant Privacy Laws. You also agree that insofar as the law allows, we have no liability to you or anyone else for any breach by a third-party recipient of the relevant Privacy Laws.
11. Direct marketing communications
Where we:
we may use and process your Personal Information to send you information about our Services as well as other products and services we believe may be suited to you and your interests or we may invite you to attend special events.
At any time, you may opt out of receiving direct marketing communications from us. Unless you opt out, your consent to receive direct marketing communications from us and to the handling of your Personal Information as detailed above will continue. You can opt out by following the unsubscribe instructions included in the relevant marketing communication, or by contacting us in writing at hello@handle.work.
12. Cookies
We use cookies, web beacons and similar technologies (collectively “Cookies”) on our Website. By accessing or using this Website, you agree that we can store and access Cookies in accordance with this Privacy Policy. You will be able to accept or reject the collection of Cookies by us.
Cookies are small files that can be stored on and accessed from a user’s device when the user accesses a website. They enable authorised web servers to recognise you across different websites, services, devices and browsing sessions.
We may use Cookies to enable users to access and use our Website and Services, including to:
You can delete and refuse to accept browser Cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of the Website.
Unless you have adjusted your browser setting so that it will refuse Cookies, our system will issue Cookies when you direct your browser to our Website.
13. Choices regarding Your Privacy
You may be provided with choices with how we collect and process your information, including:
14. Notices specific to certain jurisdictions
We are dedicated to ensuring that individuals in certain jurisdictions have access to their privacy rights as provided by the Privacy Laws of your jurisdiction. We have set out details below dependent on your location.
Australia
You have the right to both ask:
If you ask, we must within a reasonable timeframe give you access to your Personal Information and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.
We will notify you in writing and explain our reasons if we refuse to give you access to, or correct, your Personal Information.
European Economic Area
For the purposes of the GDPR, we are a ‘data controller’ of your Personal Information. Under the GDPR, an individual residing in the European Union has enhanced privacy rights, including the right to:
Should we decline you access to your Personal Information, we will provide a written explanation setting out our reasons for doing so. These rights are limited in some situations – for example, we can demonstrate that we have a legal requirement to process your Personal Information. In some instances, this means that we may retain some data even if you withdraw your consent.
We may charge a reasonable fee that is not excessive to cover the charges of retrieving your Personal Information from our customer account database. We will not charge you for making the request.
If you believe that we hold Personal Information about you that is not accurate, complete or up to date, then you may request that your Personal Information be amended. We will respond to your request to correct your Personal Information within a reasonable timeframe, and you will not be charged a fee for correcting your Personal Information.
If we no longer need your Personal Information for any of the purposes set out in this Privacy Policy, or as otherwise required by the relevant Privacy Laws, we will take such steps as are reasonable in the circumstances to destroy your Personal Information or to de-identify it.
California
For the purposes of the California Consumer Privacy Act (as amended by the California Privacy Rights Act (“CPRA”), we do not sell your Personal Information for any commercial purposes.
Under the CCPA, Californian residents are given the right to know what type of Personal Information has been collected by us about them, and if this Personal Information has been disclosed for purposes set out in this Privacy Policy in the last 12 months.
We set out below the categories of information we collect (utilising terms as defined in the CCPA).
Information we may collect and disclose:
Information we will not collect or disclose:
Californian residents also have specific rights provided by the CCPA set out below:
If you are a resident of California and wish to exercise any of your rights under the CCPA, please contact us at hello@handle.work. California residents maintain the right to exercise the rights given to them under the CCPA.
When you provide any information to us, we ask that you provide sufficient:
(a) information that allows us to reasonably verify you or are an authorised representative of that person; and
(b) detail such that we understand and can evaluate your request.
We will always endeavour to respond to you within a reasonable time period after receipt of a request. If we require additional time or have been delayed, we will communicate with you directly. All our communications will be via email and any disclosures we provide will only cover a 12-month period preceding your request. If applicable, any response from us may also provide a reason why we cannot comply with a request.
15. Access, Management or Deleting your Personal Information
Subject to some exceptions provided by the relevant Privacy Laws, you may request access to your Personal Information in our customer account database, or seek correction of it, by contacting us at hello@handle.work Should we decline you access to your Personal Information, we will provide a written explanation setting out our reasons for doing so.
We may charge a reasonable fee that is not excessive to cover the charges of retrieving your Personal Information from our customer account database. We will not charge you for making the request.
If you believe that we hold Personal Information about you that is not accurate, complete, or up to date, then you may request that your Personal Information be amended. We will respond to your request to correct your Personal Information within a reasonable timeframe, and you will not be charged a fee for correcting your Personal Information.
If we no longer need your Personal Information for any of the purposes set out in this Privacy Policy, or as otherwise required by the relevant Privacy Laws, we will take such steps as are reasonable in the circumstances to destroy your Personal Information or to de-identify it.
16. Third Party Sites and Services
Our Services may contain links to other third-party websites and services including social media networks. This Privacy Policy applies solely to information collected by us via our Services.
17. Contacting Us
If you require further information regarding our Privacy Policy or wish to make a privacy complaint, please contact us in writing at hello@handle.work.
18. Notices and Revisions
We reserve the right to modify this Privacy Policy in whole or in part from time to time without notice. Non-material changes and clarifications will take immediate effect, and material changes will take effect 30 days after the posting of the amended Privacy Policy on the Website.
19. Enforcement
We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personally identifiable information that cannot be resolved between us and the individual.
Last updated: February 17, 2025
Making
better
connections
© 2025 Handle. All rights reserved.
Privacy Policy
Handle AI Pty Ltd (formerly Cupcake AI Pty Ltd) (ACN 673 132 888) registered in Chatswood NSW 2067 (“Handle”, “we”, “us” or “our”) is committed to providing quality services to you and to respecting your privacy.
This privacy policy sets out how we collect, use, process, store, share and disclose your Personal Information (as defined in section 1 below) from the operation of our website at https://www.handle.work/ (“Website”), our product, being an AI assistant builder (“Platform”), our services, including support and solution enhancement services in respect of the Platform (each of the Website, Platform and services, together the “Services”) (“Privacy Policy”). Please note that if you are a Handle customer, when you signed up for any of our Services, you agreed to our terms and conditions by entering into an agreement with Handle, which includes obligations in this Privacy Policy.
We are committed to protecting your privacy and respecting and upholding your rights under the Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988 (Cth) and the General Data Protection Regulation (EU 2016/679) (the “GDPR”), and if applicable, the California Consumer Privacy Act (“CCPA”) and any other relevant laws pertaining to privacy of individuals in jurisdictions which our Services are available (collectively, “Privacy Laws”).
We are a data controller for the purposes of the GDPR, but in some circumstances may be a data processor. We ensure that we will take all necessary and reasonable steps to comply with the relevant Privacy Laws and to deal with inquiries or complaints from individuals about compliance with the relevant Privacy Laws.
By accessing and using our Services, you freely and expressly consent to the collection, use, processing, storage and disclosure of Personal Information by us as set out in this Privacy Policy.
1. Information collected by Handle
Personal information is any information relating, directly or indirectly, to an identified or identifiable natural person (“Personal Information”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
The type of Personal Information we collect from you includes, without limitation, the following:
2. How we collect your Personal Information
We will collect Personal Information only by lawful and fair means and never in an unreasonably intrusive way. Generally, we will collect your Personal Information:
If you use a pseudonym when dealing with us or you do not provide identifiable information to us, we may not be able to provide you with any or all of our services as requested.
We require individuals to provide accurate, up to date and complete Personal Information at the time it is collected
3. We do not collect sensitive personal information
We will not collect sensitive Personal Information or special categories of Personal Information (as defined under the relevant Privacy Laws) from you. We ask that you do not send us, or do not disclose, any sensitive personally identifiable information (such as information related to racial or ethnic origin, sex life or sexual orientation, political opinions, religious or other beliefs, genetic or biometric data, health criminal background or trade union membership) on or through our Services. If you do provide any sensitive Personal Information, we will require that you provide express consent to us collecting that information as part of you using our services.
4. Information about minors
Our Services are not intended for users under the age of 18. We acknowledge that the definition of a “minor” changes between jurisdictions, however, we do not knowingly seek or collect Personal Information from any children below the age of 18 years. Any Personal Information found to have been provided by a user under the age of 18 will be removed as soon as possible and we will cease the use of that Personal Information and deactivate any related account.
5. How your Personal Information is used
We use, process and disclose your Personal Information for the purposes for which the information is collected, or for a directly related purpose, including (but not limited to):
Where we:
we may use and process your Personal Information to send you information about products and services we believe are suited to you and your interests or we may invite you to attend special events.
At any time, you may opt out of receiving direct marketing communications from us. Unless you opt out, your consent to receive direct marketing communications from us and to the handling of your Personal Information as detailed above will continue. You can opt out by following the unsubscribe instructions included in the relevant marketing communication, or by contacting us in writing at hello@handle.work.
6. Who we may need to disclose your Personal Information to
We may disclose your Personal Information to the following service providers:
We will only disclose any Personal Information you have provided to any entity outside of the Handle corporate group if it is necessary and appropriate to facilitate the purpose for which your Personal Information was collected pursuant to this Privacy Policy. We engage third-party vendors to help deliver our services, including Workplace Platforms and security platforms (each a “Service Provider”).
We use Vanta Inc. (www.vanta.com) (“Vanta”), a third-party compliance and security management platform, to maintain an up-to-date list of our vendors. For more information about our current vendors, please see https://trust.handle.work, or contact us at security@handle.work.
When entering into a transaction with us you expressly and freely consent to your Personal Information being disclosed or transferred to any of the above Service Providers. We will take steps reasonably necessary to ensure your Personal Information is treated securely and in accordance with this Privacy Policy. We use reasonable endeavours to ensure that each Recipient receiving your Personal Information is bound by the relevant Privacy Laws (including the standard contractual clauses approved by the European Commission). The standard contractual clauses are available on the European Commission’s website at https://ec.europa.eu/info/law/law-topic/data-protection_en.
7. How we store and protect your Personal Information
We all reasonably necessary measures to protect the information we collect through our Services which are stored electronically. We take reasonable steps to protect your Personal Information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your Personal Information.
However, we cannot guarantee the absolute security of any Personal Information transmitted over the internet and therefore you disclose information and Personal Information to us at your own risk. We will not be liable for any unauthorised access, modification or disclosure, or misuse of your Personal Information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law.
If we no longer need your Personal Information for any of the purposes set out in this Privacy Policy, or as otherwise required by the relevant Privacy Laws, we will take such steps as are reasonable in the circumstances to destroy your Personal Information or to de-identify it.
Your Personal Information may be stored and processed in countries outside of your location, including in jurisdictions that may have different privacy and data protection standards. We use Vanta, to maintain an up-to-date record of the countries where that Personal Information is stored and processed. If you would like more information about these locations, please see https://trust.handle.work, or contact us at security@handle.work.
8. How long do we store your information for?
We retain user data as long as an account is active. If an account has been inactive for 24 months, we will endeavor to delete that user data from our platform.
You can streamline this deletion process by requesting that your account be deleted, in-app, via our contact form or by emailing hello@handle.work. Once we receive a deletion request, we aim to delete user data within 30 days.
9. What is our legal basis?
Under the GDPR, we must have a legal basis to process Personal Information collected from individuals residing in the European Union. We rely on several legal bases to process your Personal Information, including:
10. Cross-border disclosure of Personal Information
We may disclose your Personal Information to third-party recipients located in or outside of the jurisdiction in which Personal Information is provided in order to provide our Services to you. As at the date of this Privacy Policy, such third-party recipients are located in USA, Australia and other countries whose laws may not be recognised by the EU Commission as providing an adequate level of protection to Personal Information. It is possible that additional third parties from other countries may be recipients in the future.
In order to protect your information, we take care where possible to work with subcontractors and service providers who we believe maintain an acceptable standard of data security compliance.
When entering into a transaction with us you consent to your Personal Information being disclosed or transferred to such third-party recipients and you acknowledge and agree that we have no obligation to take such steps as are reasonable in the circumstances to ensure that the information that is transferred or disclosed to the third-party recipients will be treated in a manner that is consistent with the relevant Privacy Laws. You also agree that insofar as the law allows, we have no liability to you or anyone else for any breach by a third-party recipient of the relevant Privacy Laws.
11. Direct marketing communications
Where we:
we may use and process your Personal Information to send you information about our Services as well as other products and services we believe may be suited to you and your interests or we may invite you to attend special events.
At any time, you may opt out of receiving direct marketing communications from us. Unless you opt out, your consent to receive direct marketing communications from us and to the handling of your Personal Information as detailed above will continue. You can opt out by following the unsubscribe instructions included in the relevant marketing communication, or by contacting us in writing at hello@handle.work.
12. Cookies
We use cookies, web beacons and similar technologies (collectively “Cookies”) on our Website. By accessing or using this Website, you agree that we can store and access Cookies in accordance with this Privacy Policy. You will be able to accept or reject the collection of Cookies by us.
Cookies are small files that can be stored on and accessed from a user’s device when the user accesses a website. They enable authorised web servers to recognise you across different websites, services, devices and browsing sessions.
We may use Cookies to enable users to access and use our Website and Services, including to:
You can delete and refuse to accept browser Cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of the Website.
Unless you have adjusted your browser setting so that it will refuse Cookies, our system will issue Cookies when you direct your browser to our Website.
13. Choices regarding Your Privacy
You may be provided with choices with how we collect and process your information, including:
14. Notices specific to certain jurisdictions
We are dedicated to ensuring that individuals in certain jurisdictions have access to their privacy rights as provided by the Privacy Laws of your jurisdiction. We have set out details below dependent on your location.
Australia
You have the right to both ask:
If you ask, we must within a reasonable timeframe give you access to your Personal Information and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.
We will notify you in writing and explain our reasons if we refuse to give you access to, or correct, your Personal Information.
European Economic Area
For the purposes of the GDPR, we are a ‘data controller’ of your Personal Information. Under the GDPR, an individual residing in the European Union has enhanced privacy rights, including the right to:
Should we decline you access to your Personal Information, we will provide a written explanation setting out our reasons for doing so. These rights are limited in some situations – for example, we can demonstrate that we have a legal requirement to process your Personal Information. In some instances, this means that we may retain some data even if you withdraw your consent.
We may charge a reasonable fee that is not excessive to cover the charges of retrieving your Personal Information from our customer account database. We will not charge you for making the request.
If you believe that we hold Personal Information about you that is not accurate, complete or up to date, then you may request that your Personal Information be amended. We will respond to your request to correct your Personal Information within a reasonable timeframe, and you will not be charged a fee for correcting your Personal Information.
If we no longer need your Personal Information for any of the purposes set out in this Privacy Policy, or as otherwise required by the relevant Privacy Laws, we will take such steps as are reasonable in the circumstances to destroy your Personal Information or to de-identify it.
California
For the purposes of the California Consumer Privacy Act (as amended by the California Privacy Rights Act (“CPRA”), we do not sell your Personal Information for any commercial purposes.
Under the CCPA, Californian residents are given the right to know what type of Personal Information has been collected by us about them, and if this Personal Information has been disclosed for purposes set out in this Privacy Policy in the last 12 months.
We set out below the categories of information we collect (utilising terms as defined in the CCPA).
Information we may collect and disclose:
Information we will not collect or disclose:
Californian residents also have specific rights provided by the CCPA set out below:
If you are a resident of California and wish to exercise any of your rights under the CCPA, please contact us at hello@handle.work. California residents maintain the right to exercise the rights given to them under the CCPA.
When you provide any information to us, we ask that you provide sufficient:
(a) information that allows us to reasonably verify you or are an authorised representative of that person; and
(b) detail such that we understand and can evaluate your request.
We will always endeavour to respond to you within a reasonable time period after receipt of a request. If we require additional time or have been delayed, we will communicate with you directly. All our communications will be via email and any disclosures we provide will only cover a 12-month period preceding your request. If applicable, any response from us may also provide a reason why we cannot comply with a request.
15. Access, Management or Deleting your Personal Information
Subject to some exceptions provided by the relevant Privacy Laws, you may request access to your Personal Information in our customer account database, or seek correction of it, by contacting us at hello@handle.work Should we decline you access to your Personal Information, we will provide a written explanation setting out our reasons for doing so.
We may charge a reasonable fee that is not excessive to cover the charges of retrieving your Personal Information from our customer account database. We will not charge you for making the request.
If you believe that we hold Personal Information about you that is not accurate, complete, or up to date, then you may request that your Personal Information be amended. We will respond to your request to correct your Personal Information within a reasonable timeframe, and you will not be charged a fee for correcting your Personal Information.
If we no longer need your Personal Information for any of the purposes set out in this Privacy Policy, or as otherwise required by the relevant Privacy Laws, we will take such steps as are reasonable in the circumstances to destroy your Personal Information or to de-identify it.
16. Third Party Sites and Services
Our Services may contain links to other third-party websites and services including social media networks. This Privacy Policy applies solely to information collected by us via our Services.
17. Contacting Us
If you require further information regarding our Privacy Policy or wish to make a privacy complaint, please contact us in writing at hello@handle.work.
18. Notices and Revisions
We reserve the right to modify this Privacy Policy in whole or in part from time to time without notice. Non-material changes and clarifications will take immediate effect, and material changes will take effect 30 days after the posting of the amended Privacy Policy on the Website.
19. Enforcement
We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personally identifiable information that cannot be resolved between us and the individual.
Last updated: February 17, 2025
Making
better
connections
© 2025 Handle. All rights reserved.
Privacy Policy
Handle AI Pty Ltd (formerly Cupcake AI Pty Ltd) (ACN 673 132 888) registered in Chatswood NSW 2067 (“Handle”, “we”, “us” or “our”) is committed to providing quality services to you and to respecting your privacy.
This privacy policy sets out how we collect, use, process, store, share and disclose your Personal Information (as defined in section 1 below) from the operation of our website at https://www.handle.work/ (“Website”), our product, being an AI assistant builder (“Platform”), our services, including support and solution enhancement services in respect of the Platform (each of the Website, Platform and services, together the “Services”) (“Privacy Policy”). Please note that if you are a Handle customer, when you signed up for any of our Services, you agreed to our terms and conditions by entering into an agreement with Handle, which includes obligations in this Privacy Policy.
We are committed to protecting your privacy and respecting and upholding your rights under the Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988 (Cth) and the General Data Protection Regulation (EU 2016/679) (the “GDPR”), and if applicable, the California Consumer Privacy Act (“CCPA”) and any other relevant laws pertaining to privacy of individuals in jurisdictions which our Services are available (collectively, “Privacy Laws”).
We are a data controller for the purposes of the GDPR, but in some circumstances may be a data processor. We ensure that we will take all necessary and reasonable steps to comply with the relevant Privacy Laws and to deal with inquiries or complaints from individuals about compliance with the relevant Privacy Laws.
By accessing and using our Services, you freely and expressly consent to the collection, use, processing, storage and disclosure of Personal Information by us as set out in this Privacy Policy.
1. Information collected by Handle
Personal information is any information relating, directly or indirectly, to an identified or identifiable natural person (“Personal Information”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
The type of Personal Information we collect from you includes, without limitation, the following:
2. How we collect your Personal Information
We will collect Personal Information only by lawful and fair means and never in an unreasonably intrusive way. Generally, we will collect your Personal Information:
If you use a pseudonym when dealing with us or you do not provide identifiable information to us, we may not be able to provide you with any or all of our services as requested.
We require individuals to provide accurate, up to date and complete Personal Information at the time it is collected
3. We do not collect sensitive personal information
We will not collect sensitive Personal Information or special categories of Personal Information (as defined under the relevant Privacy Laws) from you. We ask that you do not send us, or do not disclose, any sensitive personally identifiable information (such as information related to racial or ethnic origin, sex life or sexual orientation, political opinions, religious or other beliefs, genetic or biometric data, health criminal background or trade union membership) on or through our Services. If you do provide any sensitive Personal Information, we will require that you provide express consent to us collecting that information as part of you using our services.
4. Information about minors
Our Services are not intended for users under the age of 18. We acknowledge that the definition of a “minor” changes between jurisdictions, however, we do not knowingly seek or collect Personal Information from any children below the age of 18 years. Any Personal Information found to have been provided by a user under the age of 18 will be removed as soon as possible and we will cease the use of that Personal Information and deactivate any related account.
5. How your Personal Information is used
We use, process and disclose your Personal Information for the purposes for which the information is collected, or for a directly related purpose, including (but not limited to):
Where we:
we may use and process your Personal Information to send you information about products and services we believe are suited to you and your interests or we may invite you to attend special events.
At any time, you may opt out of receiving direct marketing communications from us. Unless you opt out, your consent to receive direct marketing communications from us and to the handling of your Personal Information as detailed above will continue. You can opt out by following the unsubscribe instructions included in the relevant marketing communication, or by contacting us in writing at hello@handle.work.
6. Who we may need to disclose your Personal Information to
We may disclose your Personal Information to the following service providers:
We will only disclose any Personal Information you have provided to any entity outside of the Handle corporate group if it is necessary and appropriate to facilitate the purpose for which your Personal Information was collected pursuant to this Privacy Policy. We engage third-party vendors to help deliver our services, including Workplace Platforms and security platforms (each a “Service Provider”).
We use Vanta Inc. (www.vanta.com) (“Vanta”), a third-party compliance and security management platform, to maintain an up-to-date list of our vendors. For more information about our current vendors, please see https://trust.handle.work, or contact us at security@handle.work.
When entering into a transaction with us you expressly and freely consent to your Personal Information being disclosed or transferred to any of the above Service Providers. We will take steps reasonably necessary to ensure your Personal Information is treated securely and in accordance with this Privacy Policy. We use reasonable endeavours to ensure that each Recipient receiving your Personal Information is bound by the relevant Privacy Laws (including the standard contractual clauses approved by the European Commission). The standard contractual clauses are available on the European Commission’s website at https://ec.europa.eu/info/law/law-topic/data-protection_en.
7. How we store and protect your Personal Information
We all reasonably necessary measures to protect the information we collect through our Services which are stored electronically. We take reasonable steps to protect your Personal Information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your Personal Information.
However, we cannot guarantee the absolute security of any Personal Information transmitted over the internet and therefore you disclose information and Personal Information to us at your own risk. We will not be liable for any unauthorised access, modification or disclosure, or misuse of your Personal Information and we are not responsible for any damages or liabilities relating to any such incidents to the fullest extent permitted by law.
If we no longer need your Personal Information for any of the purposes set out in this Privacy Policy, or as otherwise required by the relevant Privacy Laws, we will take such steps as are reasonable in the circumstances to destroy your Personal Information or to de-identify it.
Your Personal Information may be stored and processed in countries outside of your location, including in jurisdictions that may have different privacy and data protection standards. We use Vanta, to maintain an up-to-date record of the countries where that Personal Information is stored and processed. If you would like more information about these locations, please see https://trust.handle.work, or contact us at security@handle.work.
8. How long do we store your information for?
We retain user data as long as an account is active. If an account has been inactive for 24 months, we will endeavor to delete that user data from our platform.
You can streamline this deletion process by requesting that your account be deleted, in-app, via our contact form or by emailing hello@handle.work. Once we receive a deletion request, we aim to delete user data within 30 days.
9. What is our legal basis?
Under the GDPR, we must have a legal basis to process Personal Information collected from individuals residing in the European Union. We rely on several legal bases to process your Personal Information, including:
10. Cross-border disclosure of Personal Information
We may disclose your Personal Information to third-party recipients located in or outside of the jurisdiction in which Personal Information is provided in order to provide our Services to you. As at the date of this Privacy Policy, such third-party recipients are located in USA, Australia and other countries whose laws may not be recognised by the EU Commission as providing an adequate level of protection to Personal Information. It is possible that additional third parties from other countries may be recipients in the future.
In order to protect your information, we take care where possible to work with subcontractors and service providers who we believe maintain an acceptable standard of data security compliance.
When entering into a transaction with us you consent to your Personal Information being disclosed or transferred to such third-party recipients and you acknowledge and agree that we have no obligation to take such steps as are reasonable in the circumstances to ensure that the information that is transferred or disclosed to the third-party recipients will be treated in a manner that is consistent with the relevant Privacy Laws. You also agree that insofar as the law allows, we have no liability to you or anyone else for any breach by a third-party recipient of the relevant Privacy Laws.
11. Direct marketing communications
Where we:
we may use and process your Personal Information to send you information about our Services as well as other products and services we believe may be suited to you and your interests or we may invite you to attend special events.
At any time, you may opt out of receiving direct marketing communications from us. Unless you opt out, your consent to receive direct marketing communications from us and to the handling of your Personal Information as detailed above will continue. You can opt out by following the unsubscribe instructions included in the relevant marketing communication, or by contacting us in writing at hello@handle.work.
12. Cookies
We use cookies, web beacons and similar technologies (collectively “Cookies”) on our Website. By accessing or using this Website, you agree that we can store and access Cookies in accordance with this Privacy Policy. You will be able to accept or reject the collection of Cookies by us.
Cookies are small files that can be stored on and accessed from a user’s device when the user accesses a website. They enable authorised web servers to recognise you across different websites, services, devices and browsing sessions.
We may use Cookies to enable users to access and use our Website and Services, including to:
You can delete and refuse to accept browser Cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of the Website.
Unless you have adjusted your browser setting so that it will refuse Cookies, our system will issue Cookies when you direct your browser to our Website.
13. Choices regarding Your Privacy
You may be provided with choices with how we collect and process your information, including:
14. Notices specific to certain jurisdictions
We are dedicated to ensuring that individuals in certain jurisdictions have access to their privacy rights as provided by the Privacy Laws of your jurisdiction. We have set out details below dependent on your location.
Australia
You have the right to both ask:
If you ask, we must within a reasonable timeframe give you access to your Personal Information and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.
We will notify you in writing and explain our reasons if we refuse to give you access to, or correct, your Personal Information.
European Economic Area
For the purposes of the GDPR, we are a ‘data controller’ of your Personal Information. Under the GDPR, an individual residing in the European Union has enhanced privacy rights, including the right to:
Should we decline you access to your Personal Information, we will provide a written explanation setting out our reasons for doing so. These rights are limited in some situations – for example, we can demonstrate that we have a legal requirement to process your Personal Information. In some instances, this means that we may retain some data even if you withdraw your consent.
We may charge a reasonable fee that is not excessive to cover the charges of retrieving your Personal Information from our customer account database. We will not charge you for making the request.
If you believe that we hold Personal Information about you that is not accurate, complete or up to date, then you may request that your Personal Information be amended. We will respond to your request to correct your Personal Information within a reasonable timeframe, and you will not be charged a fee for correcting your Personal Information.
If we no longer need your Personal Information for any of the purposes set out in this Privacy Policy, or as otherwise required by the relevant Privacy Laws, we will take such steps as are reasonable in the circumstances to destroy your Personal Information or to de-identify it.
California
For the purposes of the California Consumer Privacy Act (as amended by the California Privacy Rights Act (“CPRA”), we do not sell your Personal Information for any commercial purposes.
Under the CCPA, Californian residents are given the right to know what type of Personal Information has been collected by us about them, and if this Personal Information has been disclosed for purposes set out in this Privacy Policy in the last 12 months.
We set out below the categories of information we collect (utilising terms as defined in the CCPA).
Information we may collect and disclose:
Information we will not collect or disclose:
Californian residents also have specific rights provided by the CCPA set out below:
If you are a resident of California and wish to exercise any of your rights under the CCPA, please contact us at hello@handle.work. California residents maintain the right to exercise the rights given to them under the CCPA.
When you provide any information to us, we ask that you provide sufficient:
(a) information that allows us to reasonably verify you or are an authorised representative of that person; and
(b) detail such that we understand and can evaluate your request.
We will always endeavour to respond to you within a reasonable time period after receipt of a request. If we require additional time or have been delayed, we will communicate with you directly. All our communications will be via email and any disclosures we provide will only cover a 12-month period preceding your request. If applicable, any response from us may also provide a reason why we cannot comply with a request.
15. Access, Management or Deleting your Personal Information
Subject to some exceptions provided by the relevant Privacy Laws, you may request access to your Personal Information in our customer account database, or seek correction of it, by contacting us at hello@handle.work Should we decline you access to your Personal Information, we will provide a written explanation setting out our reasons for doing so.
We may charge a reasonable fee that is not excessive to cover the charges of retrieving your Personal Information from our customer account database. We will not charge you for making the request.
If you believe that we hold Personal Information about you that is not accurate, complete, or up to date, then you may request that your Personal Information be amended. We will respond to your request to correct your Personal Information within a reasonable timeframe, and you will not be charged a fee for correcting your Personal Information.
If we no longer need your Personal Information for any of the purposes set out in this Privacy Policy, or as otherwise required by the relevant Privacy Laws, we will take such steps as are reasonable in the circumstances to destroy your Personal Information or to de-identify it.
16. Third Party Sites and Services
Our Services may contain links to other third-party websites and services including social media networks. This Privacy Policy applies solely to information collected by us via our Services.
17. Contacting Us
If you require further information regarding our Privacy Policy or wish to make a privacy complaint, please contact us in writing at hello@handle.work.
18. Notices and Revisions
We reserve the right to modify this Privacy Policy in whole or in part from time to time without notice. Non-material changes and clarifications will take immediate effect, and material changes will take effect 30 days after the posting of the amended Privacy Policy on the Website.
19. Enforcement
We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personally identifiable information that cannot be resolved between us and the individual.
Last updated: February 17, 2025
Making
better
connections
© 2025 Handle. All rights reserved.