Privacy Policy
Last updated: April 9, 2026
Data Controller
MyHandler.ai is operated by Tery Emilson ("we", "us", "our"), based in Ontario, Canada. For questions about how your data is handled, contact us at: privacy@myhandler.ai
Our Commitment
MyHandler.ai is an AI gatekeeper — it reads your messages so you don't have to. That means our AI processes your email content, but no human ever sees your messages.
We believe privacy is built through architecture, not promises. Every design decision — from column-level encryption to zero data retention AI — exists to protect your information while delivering the intelligence you need.
What We Collect and Why
When messages arrive through your connected channels, our AI processes:
- Message content — stored encrypted (AES-256-GCM) for your inbox, AI classification, and draft generation. No human ever accesses your messages.
- Message metadata — sender, subject line, timestamps, channel of origin.
- Calendar data — event titles, times, attendees, and location (when you connect Microsoft or Google Calendar via OAuth).
- Contact information — sender identifiers, communication patterns, and relationship context derived from message history.
- Account information — your name, email address, timezone, and authentication credentials.
- Payment information — processed by Stripe. We do not store your credit card number — only your Stripe customer ID and subscription status.
- Voice call data — when using the AI voice receptionist, call audio is streamed through Twilio and processed by ElevenLabs for real-time conversation. Call transcripts are stored encrypted.
- Meeting transcripts — when using the meeting bot (via Recall.ai), meeting captions are captured and stored encrypted for AI analysis.
Legal Basis for Processing
We process your data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| AI classification and draft generation | Performance of contract (delivering the Service you signed up for) |
| Storing encrypted message content | Performance of contract |
| Generating vector embeddings for semantic search | Performance of contract |
| Building contact profiles and relationship context | Performance of contract |
| Billing and subscription management | Performance of contract |
| Security monitoring and abuse prevention | Legitimate interest (protecting the Service and users) |
| Audit logging | Legitimate interest (security and compliance) |
| Push notifications | Consent (you can disable notifications at any time) |
What We Store
- Message content — AES-256-GCM encrypted at rest. Used for your inbox display, AI classification, and draft generation.
- AI-generated summaries — short descriptions of message content, never the raw message itself.
- Episodic memories — AI-extracted insights about your contacts and communication patterns. Encrypted. Active until account deletion.
- Contact dossiers — relationship profiles compiled by AI. All personal data fields are encrypted.
- Calibration events — records of your feedback on AI classifications, used to improve accuracy. Active until account deletion.
- Draft corrections — when you substantially edit an AI draft, we store the diff to improve future drafts. Encrypted.
- Vector embeddings — mathematical representations of message summaries for semantic search. Not reversible to original content.
What We Never Store
- Credit card numbers or full payment credentials (Stripe handles these)
- Plaintext passwords
- Email attachments or file contents
- Browsing history or activity outside MyHandler
How AI Uses Your Data
Our AI processes your messages through three stages:
Classification
Message content and assembled context (your profile, contact history, calendar) are sent to our AI provider to determine importance level and category. Content is stored encrypted (AES-256-GCM) in our database and processed ephemerally by the AI provider.
Draft Generation
Message content and your voice profile are used to generate reply drafts in your writing style. Content is stored encrypted (AES-256-GCM) and processed ephemerally by the AI provider.
Embedding
AI-generated summaries (not raw messages) are converted to vector embeddings for semantic memory search. The vectors are mathematical and cannot be reversed to recover original content.
No human reviews your messages. All processing is automated.
AI Providers
Groq — Classification & Draft Generation (Default)
We enforce global Zero Data Retention (ZDR) with Groq via a custom header on every API call. Your message content is processed ephemerally and never stored on Groq's servers — not even for abuse monitoring. Your data is never used to train or improve AI models.
Anthropic Claude — Classification & Draft Generation (Optional)
When active, Anthropic receives the same data as Groq (message content and assembled context) for classification and draft generation. Anthropic does not use API data to train models. Anthropic may retain API inputs for up to 30 days for trust and safety purposes.
OpenAI — Vector Embeddings Only
OpenAI receives only short AI-generated message summaries — not full message content — for vector embedding generation. These summaries typically include the subject, extracted topics, and a brief content preview. OpenAI does not use API data to train or improve their models. OpenAI may retain API inputs for up to 30 days for abuse monitoring, after which they are deleted.
Encryption
We use AES-256-GCM column-level encryption for all sensitive data at rest. This includes:
- Message content, subjects, and body previews
- Contact details and relationship data
- Behavioral patterns and preferences
- OAuth tokens and authentication credentials
- Phone call transcripts and caller information
- Meeting transcripts, attendees, and action items
- Voice profile samples and writing style data
- Draft correction history
- Calendar event titles, attendees, and locations
- Financial event details
Sender identifiers use one-way SHA-256 hashing for database lookups, ensuring we can match contacts without storing their addresses in plaintext.
Note: Your login email address and display name are stored unencrypted in the user account table, as required by the authentication system for login and password recovery. All other personal data is encrypted at rest.
Data Retention
| Data Type | Retention |
|---|---|
| Message content (encrypted) | Active until account deletion |
| Message metadata | Active until account deletion |
| Episodic memories (encrypted) | Active until account deletion |
| Calibration events | Active until account deletion |
| Contact dossiers (encrypted) | Active until account deletion |
| Vector embeddings | 90 days (auto-expire via daily cleanup job) |
| Device tokens (push) | 60 days of inactivity (auto-cleanup) |
| Audit logs | Retained for compliance (no PII — anonymized) |
Account deletion triggers a complete and permanent wipe of all your data — messages, contacts, memories, calibration history, analytics, AI-generated content, subscriptions, and preferences. Only an anonymized audit log entry recording that a deletion occurred is retained.
Third-Party Services
We use the following third-party services to deliver MyHandler's functionality:
| Service | Purpose | Data Received |
|---|---|---|
| Groq | AI classification & draft generation | Message content + context. Zero Data Retention enforced — no storage, no training. |
| Anthropic | AI classification & draft generation (optional) | Message content + context when active. Not used for training. Up to 30-day trust & safety retention. |
| OpenAI | Vector embeddings only | AI-generated message summaries (not full content). Not used for training. Up to 30-day abuse monitoring. |
| Twilio | Voice calls & SMS | Call audio streams (relayed to ElevenLabs), SMS message text, caller/recipient phone numbers, call metadata. |
| ElevenLabs | AI voice receptionist | Real-time call audio, handler name, custom greeting, handler knowledge context, and contact context for known callers. |
| Stripe | Payment processing | Your name, email, and payment details. Stripe is PCI-DSS certified. We do not store card numbers. |
| Firebase (FCM) | Push notifications (Android) | Device tokens, notification title and summary (max 200 characters), item ID. No message content in push payloads. |
| Recall.ai | Meeting bot for transcript capture | Meeting URL and bot display name. Transcripts are downloaded and stored encrypted on our servers. |
| Postmark | Transactional email delivery | Recipient email address and email content for system notifications and verification emails. |
| Microsoft / Google | OAuth for email & calendar | Scoped access tokens. Microsoft scopes: Mail.Read, Mail.Send, Calendars.ReadWrite, User.Read. Google scopes: calendar.events, openid, email. |
| Microsoft Azure | Cloud hosting (US regions) | All data is hosted on Azure infrastructure in the United States. Data is encrypted at rest and in transit. |
International Data Transfers
MyHandler.ai is operated from Ontario, Canada. Your data is hosted on Microsoft Azure in the United States and processed by AI providers based in the United States (Groq, OpenAI, Anthropic).
For users in the European Economic Area (EEA), the United Kingdom, or other jurisdictions with data transfer restrictions:
- Canada has an adequacy decision from the European Commission for transfers under GDPR.
- Transfers to the United States are covered by our sub-processors' participation in the EU-US Data Privacy Framework (DPF) and/or Standard Contractual Clauses (SCCs) where applicable.
- We ensure that all sub-processors maintain appropriate safeguards for cross-border data transfers.
Channel Data Isolation
MyHandler supports multiple communication channels (email, WhatsApp, Slack, Discord, and more). We enforce strict data isolation between channels:
- Data from one channel is never mixed into another channel's AI context without explicit rules.
- AI responses match channel conventions — no email signatures in WhatsApp, no casual tone in formal emails.
- Channels are assigned sensitivity tiers: HIGH (email, WhatsApp, phone, calendar, SMS), MEDIUM (Slack, Teams, Instagram, Google Chat), LOW (Discord, GitHub, GitLab, Linear, Jira, Telegram).
- Memories from high-sensitivity channels are never surfaced in low-sensitivity channel responses.
- Cross-channel contact data is shared only for the same verified contact identity.
Cookies & Local Storage
MyHandler uses minimal cookies and browser storage:
- Authentication tokens — JWT stored in memory and refresh tokens in secure storage. Essential for login.
- No tracking cookies — we do not use any third-party analytics, advertising, or tracking cookies.
- No third-party pixels — no Facebook Pixel, Google Analytics, or similar tracking tools.
Your Rights
Depending on your jurisdiction, you have the right to:
- Access — request a copy of all data we hold about you.
- Correction — update or correct your personal information.
- Deletion — permanently delete your account and all associated data. This is immediate and irreversible.
- Export / Portability — receive your data in a portable format.
- Restriction — limit how we process your data while keeping your account active.
- Objection — object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds.
- Withdraw Consent — where processing is based on consent (e.g., push notifications), you can withdraw consent at any time without affecting prior processing.
- Lodge a Complaint — you have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.
To exercise any of these rights, contact us at privacy@myhandler.ai. We will respond within 30 days (or sooner where required by law).
Data Breach Notification
In the event of a data breach that affects your personal data, we will:
- Notify affected users without undue delay and no later than 72 hours after becoming aware of the breach (where required by law).
- Notify the relevant supervisory authority within 72 hours where required by GDPR or applicable law.
- Provide details of the breach, the data affected, and the steps we are taking to mitigate it.
California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:
- Right to Know — you may request the categories and specific pieces of personal information we have collected about you.
- Right to Delete — you may request deletion of your personal information. Account deletion removes all your data as described above.
- Right to Opt-Out of Sale/Sharing — we do not sell or share your personal information as defined by the CCPA/CPRA. We have never sold user data.
- Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA/CPRA rights.
Categories of personal information we collect:
- Identifiers (name, email address, phone number)
- Commercial information (subscription tier, billing history)
- Internet or electronic network activity (message metadata, channel connections)
- Communications content (message bodies, stored encrypted)
- Inferences (AI classifications, relationship assessments, behavioral patterns)
Children's Privacy
MyHandler is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we discover that we have collected data from a person under 18, we will delete it immediately.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you at least 30 days in advance via email and/or an in-app notification. Continued use of MyHandler after the effective date constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or how we handle your data, contact us at:
Tery Emilson, operating as MyHandler.ai
Ontario, Canada
privacy@myhandler.ai