Privacy Policy
Last updated: June 2, 2026
Data Controller
MyHandler.ai is operated by Tery Emilson ("we", "us", "our"), based in Ontario, Canada. For questions about how your data is handled, contact us at: privacy@myhandler.ai
Our Commitment
MyHandler.ai is an AI gatekeeper — it reads your messages so you don't have to. That means our AI processes your email content, but no human ever sees your messages.
We believe privacy is built through architecture, not promises. Every design decision — from column-level encryption to zero data retention AI — exists to protect your information while delivering the intelligence you need.
What We Collect and Why
When messages arrive through your connected channels, our AI processes:
- Message content — stored encrypted (AES-256-GCM) to relay to your devices and to generate a draft when you ask. Importance classification runs on your device, not on our servers. No human ever accesses your messages.
- Message metadata — sender, subject line, timestamps, channel of origin.
- Calendar data — event titles, times, attendees, and location (when you connect Microsoft or Google Calendar).
- Contact information — sender identifiers, communication patterns, and relationship context derived from message history.
- Account information — your name, email address, timezone, and authentication credentials.
- Payment information — processed by Stripe. We do not store your credit card number — only your Stripe customer ID and subscription status.
- Meeting transcripts — meeting transcripts are captured and stored encrypted for AI analysis.
Legal Basis for Processing
We process your data under the following legal bases:
| Processing Activity | Legal Basis |
|---|---|
| On-device classification and on-demand draft generation | Performance of contract (delivering the Service you signed up for) |
| Storing encrypted message content | Performance of contract |
| Generating vector embeddings for semantic search | Performance of contract |
| Building contact profiles and relationship context | Performance of contract |
| Billing and subscription management | Performance of contract |
| Security monitoring and abuse prevention | Legitimate interest (protecting the Service and users) |
| Audit logging | Legitimate interest (security and compliance) |
| Push notifications | Consent (you can disable notifications at any time) |
What We Store
- Message content — AES-256-GCM encrypted at rest. Held only long enough to relay it to your devices and to generate a draft if you ask, then deleted from our servers once your desktop app has synced it.
- AI-generated summaries — short descriptions of message content, never the raw message itself.
- Episodic memories — AI-extracted insights about your contacts and communication patterns. Encrypted. Active until account deletion.
- Contact dossiers — relationship profiles compiled by AI. All personal data fields are encrypted.
- Calibration events — records of your feedback on AI classifications, used to improve accuracy. Active until account deletion.
- Vector embeddings — mathematical representations of message summaries for semantic search. Not reversible to original content.
MyHandler Desktop — On-Device Screen & File Intelligence
The MyHandler Desktop app for Windows builds your ambient memory locally, on your own device. Here is what it captures and where that data lives:
- On-screen text — to surface what you would otherwise forget, the desktop app reads the text visible in your active windows using Windows accessibility APIs. We never capture screenshots or images of your screen — only extracted text.
- Indexed files — when you opt in and choose specific folders, the desktop app indexes the text of supported documents so you can search and recall them. Indexing stays off until you turn it on and pick the folders yourself.
- Stored on your device only — screen text and the file index live in an encrypted local database (SQLite/SQLCipher, AES-256) on your computer, with the key held in the Windows Credential Manager. This content is never uploaded to our servers.
- A local copy of your synced data — the desktop app also keeps an encrypted local copy of your synced messages, calendar, contacts, and meeting transcripts in that same on-device database, so it keeps working even when Cloud AI is turned off.
- Redacted at the source — passwords, card numbers, API keys, and similar secrets are stripped before anything is stored. The app automatically skips password fields, private or incognito windows, and any apps or websites you exclude.
- You stay in control — you can pause capture at any time and add apps or domains to your exclusion list.
- Cloud AI is opt-in — if you turn on Cloud AI in Desktop settings, short, already-redacted text snippets may be sent to our AI provider (Groq, under Zero Data Retention) to answer your requests. With Cloud AI off, screen and file processing stays entirely on your device.
What We Don't Store on Our Servers
We have built MyHandler to keep sensitive data off our servers wherever possible. As a rule, we don't store:
- Credit card numbers or full payment credentials (Stripe handles these)
- Plaintext passwords
- Raw screenshots or images of your screen
- The text of files you index, or your on-screen activity — these stay in the encrypted vault on your device (see above)
How AI Processes Your Data
MyHandler splits AI work between our servers and the MyHandler Desktop app on your device.
On our servers (cloud)
Incoming messages from your connected channels are stored encrypted (AES-256-GCM) and relayed to your desktop app. The server does not classify, summarize, or embed your messages. When you ask MyHandler to draft a reply to a specific message, that message and the context needed to write it are sent to our AI provider (Groq under Zero Data Retention, or Anthropic if you select it) and a draft is returned — only when you request it. For some server-side features, such as meeting memory and web recall, short AI-generated summaries are converted to vector embeddings via OpenAI; the vectors are mathematical and cannot be reversed to the original text.
On your device (MyHandler Desktop)
Your desktop app decides what is important and builds its memory locally, using on-device models by default. When you ask a question in Chat, or a scheduled task or watch runs, the app gathers relevant snippets from your local data (messages, screen text, documents, calendar, contacts) to answer. If you enable Cloud AI, those snippets are first scrubbed of detected secrets — passwords, card numbers, API keys, and similar — and sent to our AI provider (Groq under Zero Data Retention). With Cloud AI off, everything runs on your device and nothing is sent.
No human reviews your messages. All processing is automated.
AI Providers
Groq — Classification & Draft Generation (Default)
We enforce global Zero Data Retention (ZDR) with Groq via a custom header on every API call. Your message content is processed ephemerally and never stored on Groq's servers — not even for abuse monitoring. Your data is never used to train or improve AI models.
Anthropic Claude — Classification & Draft Generation (Optional)
When active, Anthropic receives the same data as Groq (message content and assembled context) for classification and draft generation. Anthropic does not use API data to train models. Anthropic may retain API inputs for up to 30 days for trust and safety purposes.
Encryption
We use AES-256-GCM column-level encryption for all sensitive data at rest. This includes, but is not limited to:
- Message content, subjects, and body previews
- Contact details and relationship data
- Behavioral patterns and preferences
- OAuth tokens and authentication credentials
- Phone call transcripts and caller information
- Meeting transcripts, attendees, and action items
- Voice profile samples and writing style data
- Draft correction history
- Calendar event titles, attendees, and locations
- Financial event details
Sender identifiers use one-way SHA-256 hashing for database lookups, ensuring we can match contacts without storing their addresses in plaintext.
Note: Your login email address and display name are stored unencrypted in the user account table, as required by the authentication system for login and password recovery. All other personal data is encrypted at rest.
Data Retention
| Data Type | Retention |
|---|---|
| Message content (encrypted) | Deleted from our servers shortly after your desktop app confirms it has synced the message (typically within ~15 minutes). Your device then holds the only lasting copy. |
| Message metadata | Deleted from our servers after desktop sync, alongside the message content. |
| Episodic memories (encrypted) | Active until account deletion |
| Calibration events | Active until account deletion |
| Contact dossiers (encrypted) | Active until account deletion |
| Vector embeddings | 90 days (auto-expire via daily cleanup job) |
| Device tokens (push) | 60 days of inactivity (auto-cleanup) |
| Audit logs | Retained for compliance (no PII — anonymized) |
Account deletion triggers a complete and permanent wipe of all your data — messages, contacts, memories, calibration history, analytics, AI-generated content, subscriptions, and preferences. Only an anonymized audit log entry recording that a deletion occurred is retained.
Third-Party Services
We use the following third-party services to deliver MyHandler's functionality:
| Service | Purpose | Data Received |
|---|---|---|
| Groq | AI classification & draft generation | Message content + context. Zero Data Retention enforced — no storage, no training. |
| Anthropic | AI classification & draft generation (optional) | Message content + context when active. Not used for training. Up to 30-day trust & safety retention. |
| OpenAI | Vector embeddings only | AI-generated message summaries (not full content). Not used for training. Up to 30-day abuse monitoring. |
| Twilio | SMS & phone number | SMS message text, caller/recipient phone numbers, call metadata. Inbound calls are answered with a static message — no call audio is recorded or processed. |
| Stripe | Payment processing | Your name, email, and payment details. Stripe is PCI-DSS certified. We do not store card numbers. |
| Firebase (FCM) | Push notifications (Android) | Device tokens, notification title and summary (max 200 characters), item ID. No message content in push payloads. |
| Recall.ai | Meeting bot for transcript capture | Meeting URL and bot display name. Transcripts are downloaded and stored encrypted on our servers. |
| Postmark | Transactional email delivery | Recipient email address and email content for system notifications and verification emails. |
| Microsoft / Google | OAuth for email & calendar | Scoped access tokens. Microsoft scopes: Mail.Read, Mail.Send, Calendars.ReadWrite, User.Read. Google scopes: calendar.events, openid, email. |
| Microsoft Azure | Cloud hosting (US regions) | All data is hosted on Azure infrastructure in the United States. Data is encrypted at rest and in transit. |
International Data Transfers
MyHandler.ai is operated from Ontario, Canada. Your data is hosted on Microsoft Azure in the United States and processed by AI providers based in the United States (Groq, OpenAI, Anthropic).
Data captured and stored by the MyHandler Desktop app — on-screen text, indexed files, and your local memory — stays on your device and is not part of these transfers. If you opt into Cloud AI, only scrubbed text snippets are sent to our US-based AI provider (Groq) under Zero Data Retention.
For users in the European Economic Area (EEA), the United Kingdom, or other jurisdictions with data transfer restrictions:
- Canada has an adequacy decision from the European Commission for transfers under GDPR.
- Transfers to the United States are covered by our sub-processors' participation in the EU-US Data Privacy Framework (DPF) and/or Standard Contractual Clauses (SCCs) where applicable.
- We ensure that all sub-processors maintain appropriate safeguards for cross-border data transfers.
Cookies & Local Storage
MyHandler uses minimal cookies and browser storage:
- Authentication tokens — JWT stored in memory and refresh tokens in secure storage. Essential for login.
- No advertising or ad-tracking — no advertising cookies, no Facebook Pixel, and no cross-site ad-targeting tools.
- Consent-based analytics — we use Google Analytics 4 to measure site usage. It runs in Consent Mode, denied by default, only activates if you opt in, and is disabled when Global Privacy Control is detected.
You can review or change your choices any time via the "Manage Cookies" link in the footer. See our Cookie Policy for the full list.
Your Rights
Depending on your jurisdiction, you have the right to:
- Access — request a copy of all data we hold about you.
- Correction — update or correct your personal information.
- Deletion — permanently delete your account and all associated data. This is immediate and irreversible.
- Export / Portability — receive your data in a portable format.
- Restriction — limit how we process your data while keeping your account active.
- Objection — object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds.
- Withdraw Consent — where processing is based on consent (e.g., push notifications), you can withdraw consent at any time without affecting prior processing.
- Lodge a Complaint — you have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.
To exercise any of these rights, contact us at privacy@myhandler.ai. We will respond within 30 days (or sooner where required by law).
Data Breach Notification
In the event of a data breach that affects your personal data, we will:
- Notify affected users without undue delay and no later than 72 hours after becoming aware of the breach (where required by law).
- Notify the relevant supervisory authority within 72 hours where required by GDPR or applicable law.
- Provide details of the breach, the data affected, and the steps we are taking to mitigate it.
California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:
- Right to Know — you may request the categories and specific pieces of personal information we have collected about you.
- Right to Delete — you may request deletion of your personal information. Account deletion removes all your data as described above.
- Right to Opt-Out of Sale/Sharing — we do not sell or share your personal information as defined by the CCPA/CPRA. We have never sold user data.
- Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA/CPRA rights.
Categories of personal information we collect:
- Identifiers (name, email address, phone number)
- Commercial information (subscription tier, billing history)
- Internet or electronic network activity (message metadata, channel connections)
- Communications content (message bodies, stored encrypted)
- Inferences (AI classifications, relationship assessments, behavioral patterns)
Children's Privacy
MyHandler is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we discover that we have collected data from a person under 18, we will delete it immediately.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email and/or an in-app notification. The "Last updated" date at the top of this policy reflects when the most recent changes took effect. Continued use of MyHandler after the effective date constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or how we handle your data, contact us at:
Tery Emilson, operating as MyHandler.ai
Ontario, Canada
privacy@myhandler.ai