We know your to-dos, email and calendar are very personal. We built Handle specifically to keep your data yours. Whether it’s a meeting agenda or love note, top secret work project or “honey do” list, Handle never accesses your personal data.
But how can you know for sure? Take a look at our architecture to see how Handle was made for privacy. Forgive us as we get a bit technical—here’s how we did it.
How Handle mobile app accesses your data
With Handle, your email stays in Gmail, your calendar stays in Google Calendar, and your to-dos live in on your iOS device or in your Dropbox account. We do not store any of your personal data or your passwords on Handle servers. We merely present your data to you in the Handle mobile app. All of the data sent to and from our app and servers around the world is sent using industry-standard SSL encryption.
The Handle app stores a local copy of some of your email, calendar events, and to-dos on your mobile device to allow you offline access, and of course, so you can do things like check your calendar and reply to emails. We don’t access data stored on your mobile device without your permission. This kind of an application architecture is called a distributed system, which means that the data is stored as close to you as possible. It has a lot of benefits, like scalability, but the best benefit of all is that none of your private data gets stored on Handle servers.
Hey, wait a minute, what about servers? The Handle server does only two things: (1) maintains a list of accounts to make your new devices easier to setup, and (2) helps authenticate your devices so they can access your Google accounts. The authentication system allows us to show you your data without capturing or storing your passwords (or 2 factor authentication tokens). This is done through an industry-standard process called OAuth. Your OAuth token is stored locally on your mobile device, so we can’t do anything behind your back. In order to access your emails using those tokens, Google requires us to request something called “Offline Access” to your data. We only do that so that your token will be reusable over time, and so you won’t have to be constantly typing in your credentials.
To-Do Data Storage in Dropbox
For your to-dos, we communicate to Dropbox via the Dropbox sync API. We can’t access your Dropbox files. And because Dropbox is so cool, your Handle to-dos don’t count against your storage quota (bonus!).
Why not use Google Drive or any other cloud storage? We’d love to! But we had to start somewhere. Google Drive only has file storage, and it doesn’t yet have a sync API. Dropbox does. Dropbox also has many users and a free option, so for simplicity, we chose Dropbox for now. We’re actively looking into other services based on what our users request, and we plan to support more in the future.
How the Handlebar accesses your data
The Handlebar—our Chrome extension for the desktop—connects to the same place in Dropbox as the Handle mobile app. Everything runs in your browser. The Handlebar checks our web server to make sure it’s running the latest version of the Handlebar software, but ZERO data goes back to desktop.handle.com (that’s the server’s URL). The Handlebar communicates via the Gmail APIs and Google Calendar APIs to display mail summaries within a to-do and upcoming calendar events. Again, all of this runs inside your browser, without sending your private data to our servers.
What permissions do the Handle app and Handlebar request?
The Handle app and Handlebar request access to your devices’ locations purely to enable location-based reminders when you enter or leave places that you have specified. We do not look at these locations without your permission. Because the Handlebar runs inside your Gmail window, the Chrome web store says we have to ask permission to “read and change all your data on the websites you visit.” We only use this to link an email with a to-do when you create one, not for anything nefarious.
So what data do we collect?
Well, one thing we do collect is basic data on your usage of the Handle app and the Handlebar. We use that to help provide you with a more customized experience, some customized emails, and it allows our product and support teams to help when you have problems. There are specific ways that you can send us more information, like diagnostics and logs, that may have some personally identifiable information in them, but we only use that data to help us to debug and fix issues and problems with the app - and that data only comes to us if you explicitly send it.
We specifically architected Handle to keep your data yours. Even as we add more features and expand to support more services, we’re committed to your privacy. We want you to feel safe connecting your work and personal data knowing we’ll keep our noses out of it.