This page summarizes how we think about security for Handysuite. It is provided for transparency and does not create a contractual obligation beyond what is stated in our Terms of Service. We may update security practices as threats and technology evolve.
1. Security goals
We design the Services to protect confidentiality, integrity, and availability of customer data using commercially reasonable controls appropriate to the nature of the product. No system can be guaranteed secure; you should also follow good security practices on your side (Section 7).
2. Transport and infrastructure
Data in transit between your browser or app and our service providers is protected using industry-standard TLS (HTTPS). Our production workloads run on reputable cloud infrastructure with hardened configurations and access restrictions appropriate for a web-hosted product.
3. Authentication and access
Worker-facing features require authentication through our identity provider. Access to job data is enforced using server-side authorization rules so that Workers can access only data they are permitted to access. Client portal pages are intentionally accessible without a homeowner login; access is controlled by the unlisted link issued by the Worker. Anyone with the link may be able to view information the Worker exposed—Workers should treat links as sensitive.
4. Data handling and storage
Application data is stored in managed databases and object storage provided by our subprocessors. File downloads for portal viewers are generally issued as short-lived, server-generated links rather than exposing long-lived public URLs to private storage objects. We do not use client portal pages to collect homeowner passwords because homeowner accounts are not part of the product model.
5. Logging and monitoring
We maintain logs needed for security monitoring, troubleshooting, abuse prevention, and compliance. Logs may include technical metadata such as timestamps, IP addresses, request paths, and error signals. We retain logs for limited periods consistent with operational needs and legal obligations.
6. Incident response
If we become aware of a security incident affecting the Services, we will investigate and may take steps including containment, remediation, and notification to affected users or regulators where required by law. The existence of this statement does not guarantee any particular notification timeline or outcome.
7. Your responsibilities
To reduce risk for your business and clients, you should:
- Use strong, unique passwords and protect devices that access Worker accounts;
- Share client portal links only with intended recipients;
- Remove or avoid uploading highly sensitive information that is not necessary for the job;
- Keep your devices and operating systems updated; and
- Report suspected unauthorized access to us promptly.
8. Vulnerability reporting
If you believe you have found a security vulnerability in the Services, please email info@handysuite.pro with the subject line “Security disclosure.” Include a clear description, steps to reproduce, and any relevant timestamps or request IDs. Do not perform testing that could harm users, degrade the Services, or access data that is not yours. We do not guarantee a bug bounty or public acknowledgment; we review good-faith reports and respond when appropriate.
9. Compliance representations
Unless we have entered a separate written agreement with you (such as a Business Associate Agreement for regulated health data), we do not represent that the Services satisfy HIPAA, PCI-DSS, or other specialized regulatory frameworks. You are responsible for determining whether the Services meet your compliance obligations for your use case.
10. Contact
Security questions: info@handysuite.pro.