Privacy Policy

Last updated: January 2026 · GDPR compliant

1. Who We Are

ItsHandy ("we") operates the dashboard at app.itshandy.co.uk. For GDPR purposes, we are the data controller. Contact: business@itshandy.co.uk

2. What Data We Collect

• Account information: Your name and email address when you sign up
• Authentication data: Bcrypt-hashed passwords (we never store plain passwords)
• Broker API credentials: API keys and secrets you choose to connect — these are encrypted using AES-256 (Fernet) before being stored in our database
• Usage data: Basic logs of authentication events for security purposes
• Newsletter preference: Whether you opted in to product updates

3. How We Store Your Data

• Your account data is stored in a secure SQLite database on our servers
• Broker API keys are encrypted with AES-256 (Fernet symmetric encryption) — they are never stored in plain text
• API keys are decrypted only at runtime when needed to execute trades — never logged, never transmitted to third parties
• Your data is never sold or shared with any third parties for marketing purposes

4. Stripe — Payment Data

Payment processing is handled entirely by Stripe (stripe.com/privacy). ItsHandy does not store your card number, CVV, or full payment details. We receive only a Stripe customer ID and subscription status.

5. Google OAuth

If you sign in with Google, we receive your email, name, and profile picture from Google. We do not receive your Google password. You can disconnect Google login by contacting us.

6. Cookies & Sessions

We use a single session cookie to keep you logged in. We do not use advertising cookies or tracking pixels. Sessions expire after 24 hours of inactivity.

7. Your GDPR Rights

Under GDPR, you have the right to:

• Access: Request a copy of all data we hold about you
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your account and all associated data
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing your data
• Restriction: Request we limit how we use your data

To exercise any of these rights, email business@itshandy.co.uk. We will respond within 30 days.

8. Data Retention

We retain your account data for as long as your account is active. If you request account deletion, we will erase your personal data within 30 days. Some anonymised logs may be retained for security purposes.

9. Contact

For any privacy questions or requests: business@itshandy.co.uk