Get started

Privacy Policy

Last updated April 23, 2026. How we collect, use, and protect your information when you use Handinger.

1 - Who we are

Ramensoft S.L. (“Handinger,” “we,” “our,” or “us”) operates Handinger, an agent infrastructure platform that gives AI agents the tools they need to act on the web (search, fetch, browser, screenshots, files, images, email, scheduler, MCP). We are the data controller for the personal data described in this policy.

2 - Information we collect

  • Account data: email address to create and secure your account and communicate updates.
  • Usage data: information about the usage of the service, for generating customer-facing metrics and usage billing.
  • Payment data: handled by Stripe, a PCI-compliant provider; we store only a customer-token reference.
  • Cookies / local storage: session token, CSRF token, and analytics cookies set by PostHog and Google Tag Manager to maintain login and measure site performance.

3 - How we use your data

  • Deliver, maintain, and improve the API.
  • Detect fraud or misuse (rate limiting, abuse patterns).
  • Provide customer support and product announcements.
  • Produce aggregated, non-identifiable statistics.
  • Comply with legal obligations (tax, accounting, court orders).

4 - Legal bases (GDPR)

  • Contract: processing your API requests and payments.
  • Legitimate interest: preventing fraud, improving features.
  • Consent: marketing emails (opt-in only).
  • Legal obligation: comply with legal obligations (tax, accounting, court orders).

5 - Sharing & transfers

  • Service providers: hosting (Cloudflare), product analytics (PostHog), tag management (Google Tag Manager), email (Mailgun), payments (Stripe), AI model routing (OpenRouter), and social sign-in providers you choose to use (GitHub, Google, LinkedIn).
  • AI processing: when you run an agent, the URLs, prompts, and intermediate tool output you submit are sent to OpenRouter and the underlying model providers it routes to in order to fulfill the request. This may involve transfers outside the EEA.
  • Compliance: if required by law or valid legal process. Data may be transferred outside the EEA under Standard Contractual Clauses or equivalent safeguards.

6 - Data retention

  • Account data: until you delete the account.
  • Usage logs: 30 days (raw) → 12 months (aggregated).
  • Financial records: 7 years (tax law).
  • Backups: 30 days.

7 - Security

We apply TLS 1.3 in transit, disk-level encryption at rest, role-based access. No method is 100% secure; you use the service at your own risk.

8 - Your rights

Under GDPR/UK GDPR/CCPA you can access, correct, export, or delete your personal data. Email privacy@handinger.com with your request; we respond within 30 days.

9 - Children

Handinger is not directed to children under 16 and we do not knowingly collect their data.

10 - Changes

Material changes will be announced at least 7 days in advance via email or dashboard banner.

11 - Contact

Ramensoft S.L. Carrer de la Riba 24, 3. 08221 Terrassa, Spain. privacy@handinger.com