Privacy Policy
Last Updated: April 30, 2026Settled is committed to handling personal and case-related information with care, transparency, and clearly defined operational controls. This page explains what information we collect, how we use it, how AI is involved, how long we keep it, and what choices users have regarding their data.
Information We Collect
We collect different categories of information across our public marketing site and our authenticated platform.
Account Data
Identity and contact information needed to provide platform access — name, email address, organizational affiliation, role selection, and authentication metadata.
Case Information
Case-related materials submitted or generated through the platform — descriptions, summaries, timelines, decisions, proposals, and workflow state.
Uploaded Evidence
Files users upload to a case (documents, images, PDFs). We store files plus metadata such as filename, content type, file size, and lifecycle status. Evidence handling is described in detail in section 03.
Site Analytics Data
On the public marketing site only, we may collect anonymous usage signals — pages viewed, referring source, device or browser metadata, and aggregate engagement. We currently plan to use Google Analytics for this purpose.
Platform Usage Data
Inside the authenticated platform we collect operational signals — access logs, audit events, AI interaction traces (server-side), and system performance data. The platform does not run marketing trackers in v1.
Technical Data
Standard technical information needed to operate and secure the service — IP address, timestamps, user agent, and security-related event records.
How We Use Information
We use information only for legitimate service, operational, security, and legal purposes connected to the platform.
Service Delivery
To provide case workflows, platform access, document handling, and related dispute-resolution features.
AI-Assisted Intake
To help users describe and structure their case. AI usage is described in detail in section 04.
Security and Integrity
To detect misuse, protect accounts, maintain auditability, and support platform reliability.
Service Improvement
To improve service quality, performance, and usability using aggregated or otherwise appropriate operational signals.
Evidence Handling
Uploaded evidence is treated as the most sensitive category of data on the platform.
Where Evidence Is Stored
Uploaded files are stored in our controlled cloud infrastructure and attached to the originating case. Access is restricted to participants and authorized internal roles consistent with our role-based access controls.
What We Do Not Do With Evidence
Raw uploaded files are not sent to external AI providers by default. The contents of uploaded documents, images, and PDFs are not transmitted to third-party AI services for review or analysis in v1.
What AI May See About Evidence
The intake assistant may receive limited metadata about a user's attachments — counts, filenames, content types, file sizes, lifecycle status, and a deterministic kind classification (for example, invoice-like or receipt-like). It does not receive file contents.
Future Direction
We may add local document text extraction in a future release. Where this happens, processing is intended to remain inside our platform infrastructure, and only minimized, redacted, structured facts may be passed to external AI services. Any such change will be reflected in this policy before it ships.
AI Usage
AI is assistive only. It helps users structure and describe their case. It does not make decisions, determine outcomes, or provide legal advice.
What AI Does
Assists with intake conversations, helps users describe disputes, drafts summaries, and proposes structured fields for human review.
What AI Does Not Do
AI does not review uploaded evidence files. AI does not change case state. AI does not decide outcomes. AI does not provide legal advice. Any AI output is a suggestion that workflow logic or a human must adopt.
AI Inputs
AI receives user-typed text together with workflow signals and limited attachment metadata. Before being sent to an external AI provider, user text is processed through a sanitizer that masks recognizable personal patterns (such as names, emails, phone numbers, and identifiers).
AI Providers
We currently use one or more third-party AI providers under contractual safeguards intended to prevent training on customer content. Provider configuration may evolve over time.
Data Sharing and Service Providers
We do not sell personal data. We may share information only where needed to operate the service, support case workflows, comply with legal obligations, or work with service providers acting on our behalf under appropriate safeguards.
Hosting and Storage
Platform infrastructure, databases, and file storage are operated by enterprise cloud providers. These providers process data on our behalf under written terms.
AI Processing
Sanitized intake text and limited workflow metadata may be sent to external AI providers as described in section 04. Uploaded evidence files are not sent to AI providers in v1.
Email and Identity
Transactional email delivery and federated sign-in (where used) are handled by third-party providers under standard data processing terms.
Legal and Safety
We may disclose information where required by law, where necessary to protect the rights, property, or safety of users or the public, or to enforce these terms.
Data Retention
We retain information only for as long as needed for service delivery, legal obligations, dispute-resolution workflows, security review, and legitimate recordkeeping purposes.
Active Matters
Information related to active cases is retained for the duration of the case lifecycle and associated operational needs.
Archived Records
Certain records may be retained for a longer period where required for compliance, auditability, dispute history, or legal defense.
Account Closure
When an account is closed or a deletion request is honored, we remove or de-identify personal data subject to retention obligations described above.
Your Rights
Depending on jurisdiction and the nature of the data, users may have rights regarding access, correction, deletion, restriction, objection, or portability. Where applicable, you may also have a right to lodge a complaint with a supervisory authority.
Access
You may request information about the personal data associated with your account or participation.
Correction
You may ask us to update or correct inaccurate or incomplete information.
Deletion
You may request deletion where applicable, subject to legal, contractual, and operational retention requirements.
Other Rights
Where applicable in your jurisdiction, you may have rights to object to or restrict certain processing, to request data portability, and to withdraw consent for processing based on consent.
Data Security
We implement administrative, technical, and organizational controls designed to support confidentiality, integrity, and availability. These controls may include encryption in transit and at rest, role-based access restrictions, audit logging, and environment-level protections appropriate to the service. See our Security Protocol for more detail.
International Transfers
Where data is processed across jurisdictions, we use measures intended to support lawful transfers and appropriate protections consistent with applicable legal requirements. This may include reliance on contractual safeguards offered by our service providers.
Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in the service, operational practices, or legal requirements. Material changes will be communicated through appropriate product or account channels.
Have questions about data privacy?
Contact Privacy Officer