Privacy Policy

Israeli Privacy Protection Law (1981)

As an Israeli company, we comply with the Israeli Privacy Protection Law, 1981, and regulations issued thereunder. This law governs the collection, use, and protection of personal information in Israel.

General Data Protection Regulation (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal data is also protected by the General Data Protection Regulation (GDPR) and applicable national data protection laws.

California Consumer Privacy Act (CCPA)

If you are a California resident, your personal information is also protected by the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the State of Israel. Any disputes arising from this Privacy Policy will be subject to the exclusive jurisdiction of the competent courts in Tel Aviv-Jaffa, Israel. However, if you are located in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your local data protection authority.

Regulatory Authorities

You have the right to file a complaint with the relevant data protection authority:

• Israel: Privacy Protection Authority (PPA) - https://www.gov.il/en/departments/ppa
• EU: Your local data protection authority (see list at https://edpb.europa.eu/about-edpb/board/members_en)
• UK: Information Commissioner's Office (ICO) - https://ico.org.uk
• California: California Privacy Protection Agency (CPPA) - https://cppa.ca.gov

Consent

When you provide explicit consent, such as when you opt-in to receive marketing communications or agree to our Privacy Policy. You may withdraw your consent at any time by contacting us or using the opt-out mechanisms provided.

Contract Performance

To perform our contract with you, including: processing your service requests, matching you with professionals, facilitating bookings, processing payments, and providing customer support.

Legitimate Interest

For our legitimate business interests, including: improving our services, preventing fraud, ensuring security, analyzing usage patterns, and maintaining service quality. We balance these interests against your privacy rights.

Legal Obligation

To comply with legal obligations, including: tax reporting, responding to legal requests, maintaining records as required by law, and complying with court orders.

Withdrawing Consent

You may withdraw your consent for processing based on consent at any time by: sending us an email at support@handi.com, replying 'STOP' or 'REMOVE' to any marketing message, or using the opt-out link in marketing communications. Withdrawing consent does not affect the lawfulness of processing that occurred before withdrawal.

Personal Information

When you use Handi, we may collect: name, phone number (WhatsApp), address, email address (if provided), type of service requested, payment details (through secure payment providers), and your WhatsApp correspondence with our agents and professionals.

Usage Data

We collect information about your interactions with our service: service requests, booking history, preferences and ratings, response times, usage frequency, cancellation history, and feedback provided.

Technical Information

When you use our service through WhatsApp, we may collect: device identifier, IP address, browser type, access times, WhatsApp message metadata (timestamps, delivery status), and connection information.

WhatsApp Business API Data

When you communicate with us through WhatsApp, Meta (WhatsApp's parent company) processes your messages and may collect: phone numbers, message content, delivery and read receipts, device information, and connection information. This data is subject to Meta's Privacy Policy (https://www.whatsapp.com/legal/privacy-policy). We receive and store your messages and related metadata to provide our service. We do not control Meta's data collection practices.

Location Information

We collect location information that you provide (such as your address or city) to match you with nearby professionals. We do not automatically collect precise GPS location data without your explicit consent.

Automated Decision-Making and Profiling

We use automated systems, including AI agents, to: match you with relevant professionals based on your preferences and location, analyze service requests to provide appropriate responses, detect fraudulent activity, and personalize your experience. These automated processes help us provide efficient service but do not result in decisions that significantly affect you without human review. You have the right to object to automated decision-making by contacting us.

With Professionals

We share necessary information (name, location, service details, contact information) with verified professionals to provide your requested service. Professionals are contractually obligated to use this information only for service delivery and to protect your privacy.

WhatsApp and Meta

When you use WhatsApp to communicate with us, Meta (WhatsApp's parent company) processes your messages, phone number, device information, and usage data according to their Privacy Policy (https://www.whatsapp.com/legal/privacy-policy). We use WhatsApp Business API to facilitate communications. Meta acts as a data processor for message delivery and may also process data for their own purposes as a data controller. We do not control Meta's data processing practices.

With Service Providers

We share information with trusted third-party service providers who help us operate our service. These providers are contractually bound to protect your data and use it only for specified purposes:

• Payment processors (e.g., Stripe, PayPal) - to process payments securely. We do not store full credit card details.
• Cloud infrastructure providers (e.g., AWS, Google Cloud) - to host our services and store data securely.
• Analytics providers (e.g., Google Analytics) - to understand usage patterns and improve our service. Data is anonymized where possible.
• Customer support systems - to provide assistance and manage inquiries.
• AI service providers - to power our AI agents and matching algorithms.
• Email service providers - to send transactional and service-related communications.

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you of any such change in ownership or control.

Legal Requirements and Law Enforcement

We may disclose information if required by law or to: comply with legal process (subpoenas, court orders), respond to government requests, protect our rights and property, investigate fraud or security issues, protect the safety of our users, or enforce our Terms of Service.

With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

Data Processing Agreements

All third-party service providers are required to sign data processing agreements that: limit their use of data to specified purposes, require appropriate security measures, prohibit unauthorized disclosure, and comply with applicable data protection laws.

Sub-Processors

Our service providers may use sub-processors. We maintain a list of major sub-processors and ensure they meet the same data protection standards. You can request information about sub-processors by contacting us.

Our Commitment

We are committed to promptly notifying you and relevant authorities of any data breach that poses a risk to your rights and freedoms.

Notification Timeline

We will notify: regulatory authorities within 72 hours of becoming aware of a breach (as required by GDPR for EEA users), affected users without undue delay (typically within 72 hours), and law enforcement if criminal activity is suspected.

What We Will Tell You

Our breach notification will include: the nature of the breach, the types of data affected, the likely consequences, the measures we are taking to address the breach, and steps you can take to protect yourself.

How We Will Notify You

We will notify you via: WhatsApp message (if your account is active), email (if provided), prominent notice on our website, or other appropriate means depending on the severity of the breach.

Prevention Measures

While no system is 100% secure, we continuously work to prevent breaches through: regular security updates, employee training, access controls, monitoring systems, and incident response planning.

Right of Access

You have the right to request a copy of the personal information we hold about you, including: what data we have, why we have it, who we share it with, and how long we keep it. We will provide this information within 30 days (or as required by applicable law).

Right to Rectification (Correction)

You have the right to correct inaccurate or incomplete personal information. You can update your information through your account settings or by contacting us. We will correct the information within 30 days.

Right to Erasure (Deletion)

You have the right to request deletion of your personal information when: it is no longer necessary for the original purpose, you withdraw consent, you object to processing, or it was unlawfully processed. We may retain certain information if required by law or for legitimate business purposes.

Right to Restrict Processing

You have the right to restrict our processing of your personal information when: you contest its accuracy, processing is unlawful, we no longer need it, or you object to processing. During restriction, we will only process your data with your consent or for legal claims.

Right to Object to Processing

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we demonstrate compelling legitimate grounds that override your interests.

Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another service provider. This applies to data you provided based on consent or contract performance.

Right to Withdraw Consent

When processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

How to Exercise Your Rights

To exercise any of these rights, contact us at support@handi.com with: your name and phone number, a clear description of the right you wish to exercise, and any relevant details. We will respond within 30 days (or as required by applicable law).

Identity Verification

For security purposes, we may need to verify your identity before processing your request. We may ask for additional information to confirm you are the owner of the data.

Fees

Exercising your rights is generally free. However, we may charge a reasonable fee if your request is manifestly unfounded, excessive, or repetitive, or if you request additional copies.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights:

• Israel: Privacy Protection Authority - https://www.gov.il/en/departments/ppa
• EU: Your local data protection authority - https://edpb.europa.eu/about-edpb/board/members_en
• UK: Information Commissioner's Office - https://ico.org.uk
• California: California Privacy Protection Agency - https://cppa.ca.gov

Active Accounts

We retain your personal information while your account is active and for 3 years after your last interaction with our service, unless you request earlier deletion.

Inactive Accounts

If your account is inactive for more than 3 years, we will delete or anonymize your personal information, except where retention is required by law.

Legal Retention Requirements

We may retain certain information for longer periods when required by law, including: financial records (7 years for tax purposes), transaction records (as required by payment processors), and information subject to legal proceedings (until resolution plus applicable statute of limitations).

Deletion Procedures

When you request deletion or when retention periods expire, we will: delete your personal information from our active systems within 30 days, delete from backup systems within 90 days (subject to technical limitations), and retain only anonymized or aggregated data that cannot identify you.

Backup Data

Data stored in backup systems may be retained for up to 90 days after deletion from active systems. After this period, backups are permanently deleted or overwritten.

Transfer Locations

We may transfer your data to: Israel (our primary operations), United States (cloud infrastructure providers), European Union (if using EU-based services), and other countries where our service providers operate.

Safeguards for International Transfers

When transferring data outside the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to countries without adequacy decisions
• Adequacy decisions recognizing that certain countries provide adequate data protection
• Certifications and codes of conduct ensuring adequate protection
• Binding corporate rules or other legally recognized transfer mechanisms

WhatsApp/Meta Data Transfers

When you use WhatsApp to communicate with us, Meta processes your data globally. Meta's data processing is governed by their Privacy Policy and may involve transfers to countries including the United States. We do not control Meta's data transfer practices. For more information, please review Meta's Privacy Policy at https://www.whatsapp.com/legal/privacy-policy.

Your Rights Regarding Transfers

If you are located in the EEA, UK, or Switzerland, you have the right to obtain information about the safeguards we use for international transfers. Contact us at support@handi.com for details.

WhatsApp-Specific Tracking

When you use WhatsApp to communicate with us, Meta may use tracking technologies as described in their Privacy Policy. We do not control Meta's tracking practices.

Website Cookies

Our website uses cookies for: essential functionality, language preferences, analytics, and security. You can control cookies through your browser settings.

Cookie Policy

For complete information about our cookie practices, including types of cookies, purposes, and how to manage them, please review our Cookie Policy.

Exceptions

We may process limited health-related information if you voluntarily provide it in connection with a service request (e.g., accessibility needs). Such information is processed only with your explicit consent and used solely for the purpose you specified.

Financial Information

We do not store full credit card details. Payment information is processed securely through certified payment processors who comply with PCI DSS standards.

Age Verification

Our service is intended for users 18 years and older. We verify age through: user self-declaration during registration, and we reserve the right to request additional verification if needed.

Material Changes

We will notify you of material changes (significant changes that affect your rights or how we use your data) by: sending a WhatsApp message to your registered number, posting a prominent notice on our website, sending an email (if provided), or other appropriate means. Material changes include: new purposes for data processing, new categories of data collected, new third-party sharing arrangements, or significant changes to your rights.

Non-Material Changes

Non-material changes (such as clarifications, formatting updates, or minor corrections) will be reflected in the updated policy with a revised 'Last Updated' date. We encourage you to review this policy periodically.

Notification Timeline

We will provide at least 30 days' notice before material changes take effect, unless changes are required by law or to address security issues, in which case we will notify you as soon as possible.

Continued Use

Your continued use of our service after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree with the changes, you may stop using our service and request deletion of your data.

Version History

The current version of this Privacy Policy was last updated in October 2025. Previous versions are available upon request.