Privacy Policy
Corter Digital Marketing LLC, operating as Handle My Objection ("we", "our", or "us"), is committed to protecting your privacy. This policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data.
What We Collect
We collect only the minimum data necessary to provide the service:
- Email address — used to create and identify your account
- Password — stored as a secure hash (we never store your plain-text password)
- Subscription status — whether you have an active subscription, managed via Stripe
- Session cookies — small data files stored in your browser to keep you logged in during a session. These are strictly necessary for the service to function and expire when you log out or close your browser.
What We Do NOT Collect
- Your call audio or recordings
- Your speech transcripts
- Any content of your sales calls
- Any analytics, tracking, or advertising data
Handle My Objection processes audio and transcription entirely in your browser. None of your call audio or transcript data is transmitted to our servers. We use no third-party analytics or advertising trackers.
How Your Anthropic API Key Is Handled
Your Anthropic API key is stored in your browser's local storage and is sent to our server only at the moment you trigger an objection analysis, solely to forward your request to Anthropic's API on your behalf. We do not store, log, or retain your API key at any point — it is used transiently in memory for that single request and immediately discarded. If you prefer to manage this risk yourself, you can inspect our server code.
Cookies and Local Storage
We use strictly necessary session cookies solely to authenticate your account while you are logged in. These cookies do not track you across websites and are not used for advertising. No consent is required for strictly necessary cookies; however, you may clear them at any time through your browser settings, which will log you out.
Your Anthropic API key and app preferences are stored in your browser's local storage, which never leaves your device and is not accessible to us.
Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:
- Contract performance (Article 6(1)(b) GDPR) — Processing your email address, password hash, and subscription status is necessary to create and maintain your account and deliver the service you subscribed to.
- Legal obligation (Article 6(1)(c) GDPR) — We may retain certain data as required by applicable law (e.g., financial records for tax purposes).
- Legitimate interests (Article 6(1)(f) GDPR) — We process data to maintain the security and integrity of the service and to prevent fraud, where those interests are not overridden by your rights.
How We Use Your Data
- To create and manage your account
- To process your subscription payment via Stripe
- To send account-related emails (password resets, billing notices, material policy changes)
- To verify your subscription status when you sign in
- To maintain the security and integrity of the service
We do not sell, rent, or share your personal data with third parties for marketing purposes.
Third-Party Services
Stripe — We use Stripe to process payments. When you subscribe, Stripe collects your payment information directly under their own privacy policy. We receive only a Stripe customer ID and subscription status. Stripe's privacy policy: stripe.com/privacy.
Anthropic — Handle My Objection uses your own Anthropic API key to analyze objections. When you trigger an analysis, your API key and the detected speech text are sent to our server, which forwards the request to Anthropic's API on your behalf. Your API key is never stored or logged. The speech text is not retained after the request completes. Anthropic's privacy policy: anthropic.com/privacy.
We do not use any analytics platforms, advertising networks, or other third-party trackers.
Data Storage and Location
Account data (email, password hash, Stripe customer ID) is stored on servers located in the United States (Railway). If you are located outside the United States, your data will be transferred to and processed in the United States. By using the service, you consent to this transfer.
Your API key and app preferences are stored only in your browser's local storage and never leave your device.
Data Retention
We retain your account data for as long as your account is active. If you request account deletion, we will delete your personal data within 30 days, except where we are required to retain it by law (e.g., billing records). Contact us at the address below to request deletion.
Security
Passwords are hashed using PBKDF2 with a unique salt per user. We use HTTPS in production to encrypt data in transit. We do not store payment card information — payments are handled entirely by Stripe. Access to account data is restricted to authorized personnel only.
Children's Privacy (COPPA)
Handle My Objection is intended for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18, we will delete that information promptly. If you believe we may have information about a minor, please contact us immediately.
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — Request a copy of the personal data we hold about you.
- Correction — Request correction of inaccurate or incomplete data.
- Deletion (Right to be Forgotten) — Request deletion of your personal data, subject to legal retention requirements.
- Data Portability — Request your data in a structured, commonly used, machine-readable format (EEA/UK users).
- Restriction — Request that we restrict processing of your data in certain circumstances (EEA/UK users).
- Objection — Object to processing based on legitimate interests (EEA/UK users).
- Withdraw Consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at corterdigital@gmail.com. We will respond within 30 days. We may ask you to verify your identity before fulfilling a request.
EEA and UK Users — Supervisory Authority
If you are located in the EEA or United Kingdom and believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu. The UK supervisory authority is the Information Commissioner's Office (ICO) at ico.org.uk.
California Residents (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to Know — The right to request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete — The right to request deletion of your personal information, subject to certain exceptions.
- Right to Opt Out of Sale — We do not sell your personal information to third parties. No opt-out is necessary.
- Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.
To submit a CCPA request, email corterdigital@gmail.com with the subject line "CCPA Request." We will respond within 45 days.
Changes to This Policy
We may update this policy from time to time. If we make material changes, we will notify you by email and update the "Last updated" date above at least 14 days before changes take effect. Continued use of the service after changes take effect constitutes acceptance of the updated policy.
Contact
Questions or requests about this policy? Email us at corterdigital@gmail.com.