Legal
Handler24 Ltd · UK Registered · ICO & UK GDPR Compliant
1. Introduction
These Terms & Conditions ("Terms") govern your use of Handler24 Ltd's client engagement and automation services ("Service", "Platform"). By creating an account, purchasing a subscription, or using the Service, you agree to these Terms.
Important: If you do not agree to these Terms, you must not use the Service.
Company: Handler24 Ltd
Website: https://handler24.com
Contact Email: [email protected]
2. Definitions
- "Company", "we", "our", "us"
- Handler24 Ltd
- "Client", "you", "your"
- The business using the Service
- "End-User"
- An individual you communicate with through the Platform
- "Personal Data"
- Information relating to an identified or identifiable person
- "Controller"
- The Client
- "Processor"
- Handler24 Ltd
- "Sub-processor"
- Third parties engaged by us to support the Service
- "AI Agent"
- Automated messaging workflows delivered through WhatsApp, email, or other channels
- "Data Breach"
- A security incident resulting in loss, disclosure, or unauthorised processing of Personal Data
3. Service Description
Handler24 provides automation tools that assist qualified business professionals with:
- Client inquiry management and follow-up
- Appointment scheduling and confirmations
- Professional information responses
- Automated WhatsApp and email conversation flows
- CRM-linked communication processes
- Message routing, classification, and contextual response generation
Supported Client Types
- Real Estate Agents: Property inquiries, showings, investment information
- Consultants: Service inquiries, project proposals, client follow-ups
- Sales Teams: Lead follow-up, proposal management, sales pipeline management
- SME Owners: Customer inquiries, service information, appointment booking
3.1 How Our AI Agent Works
Our AI Agent operates using a prompt-based system that routes through Make.com:
Handler24-Created, Client-Specific Prompts
- Handler24 creates and curates specialised prompts tailored to your profession and industry
- Prompts are customised during onboarding based on your business type
- You do not upload or create prompts — they are provided by us and tailored to your needs
- Prompts are delivered via API and cannot be modified or accessed directly by you
Email Processing & Summarisation
- Incoming emails are processed via Make.com API in real-time
- An LLM-generated summarisation prompt creates a concise summary of each email
- Summaries capture: sender contact information, email subject, topic, and key points
- Each new email in a conversation thread updates and refines the existing summary
- Summaries are stored in Airtable for conversation history and context
- Handler24 does not store full email content beyond initial processing
Client-Approved Knowledge Base
- You upload and approve a knowledge base during onboarding
- Your knowledge base is stored in Airtable under Handler24's account
- You retain full control over what is included and may update, modify, or remove entries at any time
- Knowledge base data is transmitted via secure API connection with industry-standard encryption
Safety & Validation Check
- A validation prompt automatically checks each AI-generated response for potentially damaging, inaccurate, or harmful information
- If issues are identified, it will alert you and may suggest edits or draft alternative text
- This validation process is designed to reduce errors and harmful outputs, but cannot eliminate all risks
- You remain the final arbiter of all messages
What We Do NOT Do: Store full email content · Train AI systems using your data · Use your data to benefit other clients · Make autonomous decisions without your oversight · Perform outbound cold outreach · Send unsolicited marketing or spam · Provide medical advice · Guarantee conversions or sales
3.2 AI-Generated Content Disclaimers and Limitations
Email Summarisation Limitations
- Email summaries are generated by LLM-based prompts via Make.com API
- Summaries may omit details, context, or nuance from the original email
- LLM summarisation may misinterpret email intent, tone, or technical details
- Email summaries are not substitutes for reading original communications
Limitation on Accuracy
- AI-generated responses are based on email summaries and your knowledge base
- We do not guarantee the accuracy, completeness, currency, or suitability of AI suggestions
- The AI may generate inaccurate information or outdated advice
- You are solely responsible for verifying all AI-generated content before sending
No Professional Advice: Handler24 does not provide financial, legal, medical, tax, investment, or professional advice. AI-generated suggestions are not a substitute for professional consultation.
Data Processing Commitment: We do not use, train, or refine any machine learning models on your data. We process your data only to deliver the communication services you request. Your data is never used to improve our AI for other clients.
4. Client Responsibilities
Eligibility & Professional Standards
- Handler24 is designed for qualified business professionals
- Eligible client types include: Real Estate Agents, Consultants, Sales Teams, and SME Owners
- For licensed professionals, you confirm that you maintain valid professional licensing
- For non-licensed professionals, you confirm that you operate a legitimate business
- You agree to maintain compliance with all relevant professional standards
You agree to:
- Provide only lawful and GDPR-compliant contact data
- Ensure you have a lawful basis to message your contacts
- Not use the Platform for spam, harassment, unsolicited marketing, or illegal activity
- Maintain security of your own login credentials and account
- Inform us immediately if you suspect interference, data loss, or unauthorised access
- Ensure your integration with third-party CRMs and tools complies with their terms
- Comply with all applicable marketing, privacy, and anti-spam laws including GDPR, PECR, CAN-SPAM, CASL, and UAE regulations
- Comply with fair dealing and anti-discrimination laws
- Not use the Service to send false, misleading, defamatory, or harmful content
- Verify the accuracy of all professional information before sending
Important: You retain full responsibility for messages sent on your behalf and their legal compliance.
5. Subscription & Payment
Billing & Renewal
- Subscriptions are billed monthly in advance
- Subscriptions renew automatically on the same date each month unless cancelled
- Fees are payable upfront via our third-party payment provider
- We may adjust pricing with 30 days' advance notice
Service Level Agreement (SLA)
- Handler24 commits to maintaining 99% monthly uptime for the Service
- Uptime is measured as the percentage of hours in a calendar month during which the Service is available
- Downtime excludes: scheduled maintenance with 24 hours' notice, client-side issues, and third-party provider outages
Service Credits
If Handler24 fails to meet the 99% uptime commitment:
- 95% to 98.9% uptime: 10% of that month's fees
- 90% to 94.9% uptime: 25% of that month's fees
- Below 90% uptime: 50% of that month's fees
Cancellation & Refunds
- You may cancel your subscription at any time
- Cancellations take effect at the end of your current billing cycle
- No refunds are issued for partial months or unused service credits
- Upon cancellation, your data is deleted immediately per Section 11.10
6. Acceptable Use
You must not use the Platform to:
- Send unsolicited marketing without consent or lawful basis
- Transmit harmful, offensive, or defamatory content
- Circumvent WhatsApp, email, CRM provider, or other third-party platform rules
- Attempt to reverse-engineer, decompile, or hack the Service
- Host or distribute malware, ransomware, or illegal data
- Engage in harassment, fraud, or illegal activity
Enforcement: We may suspend or terminate accounts that violate these Terms. Repeated violations may result in permanent account closure without refund.
7. Insurance & Support
7.1 Handler24 Cyber Security Insurance
- Handler24 maintains cyber security insurance to protect against data breaches, business interruption, and related risks
- This insurance supports our ability to respond to and recover from security incidents
- Details of coverage are available upon request
Professional Responsibility & Insurance
As a qualified business professional, you should maintain professional liability insurance appropriate to your industry. You are responsible for ensuring your professional insurance covers automated communications and AI-assisted messaging.
7.2 Support and Availability
- Support: Provided via email at [email protected]
- Response target: 24 business hours
- Handler24 aims for high availability but does not guarantee uninterrupted service
- Scheduled maintenance may be notified in advance when possible
8. Intellectual Property
The Platform, code, workflows, algorithms, and documentation remain the property of Handler24 Ltd.
You retain ownership of:
- Your customer data
- Your CRM records
- Your uploaded content
- Your message history
- Your templates and automation configurations
9. Liability
To the fullest extent permitted by law:
- We exclude liability for indirect, incidental, or consequential loss
- Our total liability is limited to the fees paid in the previous 12 months
- We are not responsible for losses caused by third-party systems (WhatsApp, Twilio, Meta, Google, HubSpot, Make.com, Airtable, or others) unless we are negligent in selecting or managing them
Exceptions (higher liability applies):
- Gross negligence or wilful misconduct on our part
- Our breach of confidentiality obligations
- Our material failure to comply with data protection obligations under Section 10
9.1 Sub-processor Dependency
Handler24 currently depends on Make.com to deliver the Service. You acknowledge that:
- Service interruptions caused by Make.com outages are not Handler24's responsibility
- Handler24 is not liable for data loss or service failures caused by Make.com failures
- Handler24 maintains a migration plan to transition to proprietary server infrastructure
9.2 Service Modification
Handler24 reserves the right to modify, update, deprecate, or discontinue features with 30 days' notice. If changes materially harm your use of the Service, you may terminate without penalty and receive a pro-rata refund.
9.3 Client Indemnification
You agree to indemnify, defend, and hold harmless Handler24 Ltd from any claims, damages, liabilities, costs, and expenses arising from your use of the Service in violation of these Terms or applicable law.
10. Data Processing Agreement (Article 28 GDPR)
This section forms part of the Terms & Conditions and may also be provided as a standalone document upon request.
10.1 Roles
- Client = Data Controller
- Handler24 Ltd = Data Processor
We only process Personal Data under your documented instructions and as described in these Terms.
10.2 Purpose of Processing
We process Personal Data solely to:
- Route messages through Make.com workflows using specialised prompts
- Apply your approved prompts and knowledge base to generate contextual responses
- Deliver automated lead communication and follow-up
- Send WhatsApp and email messages on your behalf
- Maintain message context and conversation history
- Synchronise CRM fields you have configured
- Record message logs for accountability and error resolution
- Generate basic activity reports for your account
10.3 Types of Personal Data Processed
- Name, email address, phone number
- Message content
- Appointment details and scheduling preferences
- Lead qualification notes and scoring
- CRM data fields supplied by the Client
- Interaction history and timestamps
Special Category Data: No special category data is required or intentionally processed. If you transmit special category data (health, biometric, racial, political affiliation), we will delete it immediately and notify you.
10.4 Data Retention
- Email summaries NOT retained — Handler24 does not store email summaries
- Full email content NOT retained (processed via API, summarised, and permanently deleted)
- Message logs retained for 21 days
- Knowledge base data retained for as long as your account is active
- Account data deleted immediately upon cancellation request
- Activity logs retained for 90 days for security auditing
10.5 International Transfers
All processing occurs in the UK or EU. No international transfers of Personal Data occur without your prior written authorisation. If we engage a sub-processor outside UK/EU, we will implement Standard Contractual Clauses (SCCs) and notify you in advance.
10.6 Security Measures
- AES-256 encryption of data in transit (TLS/HTTPS)
- Encryption of sensitive data at rest
- Strict role-based access control (RBAC)
- Limited staff access only when operationally necessary
- Full audit logging of staff access to Personal Data
- Secure API communication with authentication
- Regular security monitoring and intrusion detection
- Separation of Client data environments
10.7 Sub-processors
We use vetted sub-processors essential to service delivery. We will notify you of any new or replacement sub-processor at least 30 days in advance. You may object within 14 days or terminate your subscription without penalty.
10.8 Data Subject Rights
We will support you in responding to data subject requests including: Access, Rectification, Erasure, Restriction of processing, Data portability, and Objection to processing. We will respond within 5 business days.
10.9 Personal Data Breach Notification
Upon discovering a Personal Data Breach, we will:
- Notify you within 24 hours of discovery
- Provide initial details including nature of breach, affected individuals, and measures taken
- Provide a full incident report within 7 calendar days
10.10 Return or Deletion of Data
Upon termination:
- All Personal Data is deleted from our live systems immediately
- Backup copies are retained for maximum 30 days for technical recovery purposes
- We will provide written confirmation of deletion upon request
10.11 No Processing Beyond Instructions
We do not: Train machine learning or AI systems on your data · Use your data for analytics that benefit other clients · Enrich your data with third-party sources · Cross-share data between client accounts · Sell or license your data · Use your data for profiling across clients
11. Termination
We may terminate the agreement for:
- Non-payment (after 14 days' notice and 7 days to cure)
- Material breach of Terms (after 30 days' notice and opportunity to cure)
- Misuse of the Platform in violation of Section 6
- Your request
Upon termination, data is handled per Section 10.10. You may terminate at any time by providing 7 days' notice or immediately in writing.
12. Governing Law & Jurisdiction
Governing Law: These Terms are governed by English law and the laws of the United Kingdom.
Jurisdiction: Both parties agree to exclusive jurisdiction of the courts of England and Wales.
Alternative Dispute Resolution: Either party may propose good-faith negotiation before pursuing legal action. Mediation shall take place in London, UK, unless both parties agree otherwise.
13. Contact
For legal, privacy, or data protection matters:
- Email: [email protected]
- Website: https://handler24.com/contact
- Response target: 5 business days
Questions About These Terms?
Our team is here to clarify any aspect of our Terms & Conditions.
Contact Us1. Introduction & Who We Are
Handler24 Ltd is a UK-registered technology company. We build and operate an AI-powered lead response system that helps businesses respond to inbound enquiries faster and more consistently than any human team could manage alone.
This Privacy Policy explains, in plain language, what data we collect, why we collect it, what we do with it, and — critically — what we do not do with it. We have written this for business owners, not lawyers. If something is unclear, email us and we will explain it.
We operate under:
- UK GDPR (General Data Protection Regulation as retained in UK law)
- Data Protection Act 2018
- ICO (Information Commissioner's Office) requirements
In plain terms: We are a service business. Your data helps us run your service. It is not our product, and we have no commercial reason to misuse it.
2. What Data We Collect and Why
2.1 When you sign up or contact us
We collect only what is necessary to set up and run your account:
- Your name and business name
- Email address and phone number
- Billing details — collected and processed by our payment provider only (we never see or store your card number)
- Communications you send us (emails, messages)
2.2 When you use the Handler24 platform
To deliver the service, Handler24 processes inbound lead messages on your behalf. This includes:
- Names, email addresses, and phone numbers of your leads
- The content of inbound and outbound messages
- Conversation history and timestamps
- Appointment or scheduling data
- Lead qualification notes generated by our system
Important: We process this data as your Data Processor — under your instructions, for your business. We do not own it, analyse it for our own benefit, sell it, or use it to train AI models. Your leads are your leads. Full stop.
2.3 Automatically (website visitors)
When you visit handler24.com, we collect standard analytics data:
- IP address and approximate location
- Browser type and device
- Pages visited and time on site
This is aggregated and anonymised. We do not run advertising trackers or sell this data.
3. How We Process Your Leads (and Your Clients' Data)
3.1 The role distinction
Under UK GDPR, there are two roles: Data Controller and Data Processor.
- You (the Client) are the Data Controller — you decide what data is collected from your leads and why.
- Handler24 is the Data Processor — we process that data only as you instruct us to, to deliver the service you have contracted.
This formal legal distinction means Handler24 cannot use your lead data for any purpose other than running your service. We are bound by a Data Processing Agreement (DPA) to honour this.
3.2 What actually happens to a lead message
When a lead contacts you via email, SMS, or WhatsApp, here is exactly what Handler24 does:
- The message is received and processed through our automated workflow (Make.com)
- The content is analysed by Claude AI (Anthropic) to understand the enquiry
- A relevant, personalised response is generated using your knowledge base
- The response is validated for accuracy and safety before sending
- No message content or summary is retained by Handler24 after processing is complete
- The full message content is not retained by Handler24 after processing
Your Airtable base is yours — we set it up on your account using your credentials. If you cancel, your data stays in your Airtable. We do not take it with us.
4. Third-Party Tools We Use
Handler24 is built on best-in-class infrastructure. We do not build our own servers or AI models — we connect proven tools securely. Below is every third party involved in processing data, and why.
| Tool / Provider | What It Does | Their Privacy Policy |
|---|---|---|
| Anthropic (Claude AI) | Analyses lead messages and generates responses | anthropic.com/legal/data-processing-addendum |
| Make.com | Runs our automation workflows | make.com/data-processing-agreement.pdf |
| Airtable | Stores your knowledge base — on your account | airtable.com/legal/dpa |
| Twilio | Sends and receives SMS and WhatsApp messages | twilio.com/legal/data-protection-addendum |
| Google (Gmail API) | Reads inbound emails and sends responses via your Gmail | workspace.google.com/terms/dpa_terms.html |
| Payment Processor | Handles subscription billing (we never see card details) | Provided at checkout |
All sub-processors provide GDPR/UK GDPR-compliant Data Processing Agreements accessible through their standard service terms. We will notify you by email at least 30 days before adding any new sub-processor. You may object within 30 days or terminate without penalty if we cannot resolve your data protection concern.
5. Your Setup: What Access We Need and Why It's Safe
5.1 Gmail (Google OAuth)
Why we need it: To read inbound lead emails and send responses on your behalf.
How it works: We use Google's official OAuth 2.0 protocol. You authorise access through Google's own secure login screen — you never give us your password. Google issues a secure token that can be revoked by you at any time in your Google Account settings.
We request the minimum permissions required. We cannot access your other Google services, personal files, or any account outside the specific Gmail inbox you connect. You can revoke access at any time at: myaccount.google.com/permissions
5.2 Airtable
Why we need it: To store your business knowledge base (pricing, FAQs, project details). Critically, this Airtable base is created on your account — not ours. You own the Airtable base. If you cancel Handler24, all your data remains in your Airtable account. We lose access; you keep the data.
5.3 Twilio (SMS / WhatsApp)
Why we need it: To send and receive lead messages via SMS or WhatsApp if you have activated those channels. Twilio is a regulated, enterprise-grade communications platform used by companies like Airbnb, Uber, and the NHS. All messages are transmitted over encrypted channels. Your Twilio account credentials are stored using secure environment variables — never in plain text.
You can disconnect any channel at any time by notifying us or revoking API access. Disconnecting does not delete your historical data unless you also request that.
6. Data Ownership — Yours, Not Ours
This is unambiguous:
- Your lead data belongs to you.
- Your conversation history belongs to you.
- Your Airtable knowledge base belongs to you.
- Your Gmail account belongs to you.
Handler24 has no claim, right, or interest in any of the above. We process data as a service provider, not as a data owner.
We do not: Sell your data to any third party · Use your lead data for AI training purposes · Share your data with other Handler24 clients · Retain data beyond the periods specified in Section 7 · Use your data for our own marketing or analytics
7. Data Retention & Deletion
| What | How Long | Notes |
|---|---|---|
| Email summaries | Not retained | Handler24 does not store email summaries |
| Full email content | Not retained | Processed in real-time via API; not stored by Handler24 |
| Message logs | 21 days | Unless client requests different retention |
| Account data | Deleted on cancellation | Promptly upon request; billing records kept 7 years (tax law) |
| Website analytics | 90 days | Aggregated, anonymised; auto-deleted |
| Security / activity logs | 90 days | Used for breach investigation only |
| Backup copies | Max 30 days after primary deletion | Encrypted; access restricted |
On cancellation: Your Airtable data remains in your account. Handler24 removes its access credentials within 48 hours. You can request early deletion of your data at any time by emailing [email protected]. We will action this within 21 days.
8. Your Rights (UK GDPR)
You have the following rights under UK GDPR and the Data Protection Act 2018.
| Right | What It Means | Our Response Time |
|---|---|---|
| Access | Request a copy of all data we hold on you | 30 calendar days |
| Rectification | Ask us to correct inaccurate data | 5 business days |
| Erasure | Ask us to delete your data (subject to legal obligations) | 21 days |
| Restriction | Limit how we use your data while a complaint is investigated | Acknowledged within 5 days |
| Portability | Receive your data in a structured, machine-readable format (CSV, JSON) | 30 calendar days |
| Object | Object to processing based on legitimate interest | 30 calendar days |
To exercise any right: email [email protected] with your name, email address, and the specific request.
If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) — Wycliffe House, Water Lane, Wilmslow SK9 5AF. Phone: 0303 123 1113 · ico.org.uk
9. Security Measures
We take security seriously — your clients' data passing through our system reflects directly on your business, and we treat it accordingly.
Our technical measures include:
- AES-256 encryption of data in transit (HTTPS / TLS 1.2+)
- Encryption of sensitive credentials at rest
- Role-based access control — staff only access what their role requires
- Multi-factor authentication (MFA) on all admin accounts
- Complete separation of data between client environments
- Regular security monitoring and anomaly detection
- Incident response procedures and ICO breach notification within 72 hours if required
- Comprehensive audit logging of all data access events
Your responsibilities:
- Protect your own Gmail, Airtable, and Twilio credentials
- Enable MFA on your Google account
- Notify us immediately if you suspect unauthorised access to your connected accounts
10. Limitation of Liability
Handler24 is a data processor acting under your instructions. Our liability for data processing is limited to direct losses caused by our proven failure to comply with our obligations under this policy or our Data Processing Agreement.
We are not liable for:
- Losses arising from your own use or misuse of data collected through the platform
- Failures of third-party sub-processors where we have complied with our obligations to vet and contract them
- Losses arising from your failure to secure your own credentials or accounts
- AI-generated response errors where the content has been validated by our Validator module and falls within normal operational tolerance
Handler24 uses an independent AI validation layer on every generated response. However, AI is not infallible. We strongly recommend that clients review any response that will be sent to a high-value or regulated lead before it is dispatched, if possible.
11. Changes to This Policy
We may update this policy to reflect changes in law, our services, or sub-processors. We will:
- Post the updated policy on our website with a revised Effective Date
- Email you at least 30 days before any material change takes effect
- Give you the right to terminate without penalty if a material change affects your use of the service
Continuing to use Handler24 after a change notification and 30-day period constitutes acceptance of the updated policy.
12. Contact & Complaints
For any data protection query, access request, or complaint:
- Email: [email protected]
- Website: handler24.com/contact
- Response target: 5 business days
We aim to resolve all complaints promptly and fairly. If you are not satisfied with our response, you have the right to escalate to the ICO at ico.org.uk.
13. AI Regulation & Emerging Law
AI regulation is evolving rapidly. H