Settle

Privacy Policy

Effective date: March 25, 2026

1. Introduction

Settle Labs LLC ("Settle," "we," "us," or "our") is committed to protecting your data. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our services at getsettle.ai and related applications (the "Service").

By using the Service, you consent to the practices described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: your name, email address, and company name
  • Invoice data: client names, client emails, client company information, invoice amounts, line items, payment terms, due dates, and notes
  • Contact and client information you create, upload, or import
  • Organization settings: business address, logo, tax information, and invoice defaults
  • Communications you send to us (support requests, feedback)

2.2 Information Collected Automatically

  • Device and browser type, operating system, and screen resolution
  • IP address and approximate geographic location based on IP address
  • Usage data: features used, pages visited, actions taken, and frequency of use
  • Log data: access times, error logs, and referring URLs
  • Cookies and similar technologies (see Section 8)

2.3 Information from Third Parties

  • Google OAuth: name, email address, and profile picture (when you sign in with Google)
  • Stripe and PayPal: payment status and transaction metadata related to invoice payments (we do not receive or store full payment card numbers)

2.4 Data Import Responsibility

You are responsible for ensuring you have the right to import and process any data you upload into Settle, including client contact information and invoice history.

3. Data Ownership

You retain ownership of all data you create, upload, or import into Settle. We process your data solely to provide the Service. We do not claim any ownership rights over your content, invoices, client information, or business data.

4. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Create and deliver invoices on your behalf
  • Send follow-up emails and reminders on your behalf
  • Generate AI-powered content and recommendations (see Section 4)
  • Calculate and display cash flow analytics, payment patterns, and alerts
  • Process subscription billing
  • Send service-related communications (account alerts, security notices, billing updates)
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not sell your personal information. We do not use your data for advertising purposes.

5. AI Processing

Settle uses third-party AI services to generate follow-up email content, workflow recommendations, and other suggestions. When you use AI-powered features, relevant data (such as invoice details, client names, and email context) may be sent to our AI providers for processing.

Our AI providers include:

  • Anthropic (Claude) for content generation
  • OpenAI for content generation

We do not use your data to train our own models. Our AI providers process data only to generate responses and do not use it to train their models under their API agreements. You can control which AI features are active through your account settings.

We do not access or review your invoice or client data except as necessary for support requests initiated by you.

6. Third-Party Services

We use trusted subprocessors to operate the Service. We share information with the following third-party service providers, each governed by their own privacy policies:

  • Stripe, Inc. — subscription billing and invoice payment processing
  • PayPal Holdings, Inc. — invoice payment processing
  • Google — OAuth authentication
  • Anthropic — AI content generation
  • OpenAI — AI content generation
  • Cloudflare — content delivery, file storage, and security
  • Email delivery provider — transactional email delivery (invoices, reminders, account notifications)

We only share the minimum information necessary for each provider to perform its function. We do not sell or rent your information to any third party.

7. Data Retention

  • Account data is retained while your account is active and for 90 days after deletion to allow data export
  • Invoice records may be retained for up to 7 years for financial record-keeping purposes, even after account deletion
  • Automated backups are retained for 30 days
  • Data sent to AI providers is processed in real time and is not retained by those providers beyond the processing session
  • You may request deletion of your data at any time by contacting privacy@getsettle.ai, subject to any legal retention requirements
  • Invoices already sent to clients may remain accessible via previously generated links, even after account deletion

8. Data Security

We take reasonable measures to protect your information, including:

  • Encryption in transit (TLS/HTTPS for all connections)
  • Encryption at rest for stored data
  • Passwordless authentication via magic links (no passwords are stored)
  • Role-based access controls within organizations
  • Regular security reviews and monitoring

We follow industry-standard security practices aligned with SOC 2 principles. No method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data.

9. Cookies

Settle uses cookies and similar technologies for the following purposes:

  • Authentication: session cookies to keep you signed in
  • Preferences: to remember your settings and display preferences
  • Analytics: to understand how the Service is used and identify areas for improvement

We do not use cookies for advertising or cross-site tracking. You can manage cookies through your browser settings. Disabling cookies may affect the functionality of the Service.

10. Your Rights

9.1 All Users

You may:

  • Access and export your data at any time through your account
  • Update or correct your personal information through your account settings
  • Delete your account and request deletion of your data
  • Opt out of marketing communications

9.2 California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Request deletion of your personal information
  • Opt out of the sale of your personal information (we do not sell personal information)
  • Not be discriminated against for exercising your privacy rights

To exercise your CCPA rights, contact us at privacy@getsettle.ai. We will respond within 45 days.

9.3 European Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the right to:

  • Access your personal data
  • Rectify inaccurate personal data
  • Request erasure of your personal data
  • Restrict or object to processing of your personal data
  • Data portability (receive your data in a structured, commonly used format)
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with your local data protection authority

Our legal basis for processing your data is: (a) performance of a contract (providing the Service), (b) legitimate interests (improving the Service, preventing fraud), and (c) consent (for marketing communications and optional AI features).

Data is primarily stored and processed in the United States. By using the Service, you consent to the transfer of your data to the United States. We rely on Standard Contractual Clauses and the EU-US Data Privacy Framework for lawful data transfers.

Settle acts as a data processor for invoice and client data you manage through the Service. You act as the data controller and are responsible for the lawfulness of the data you process using Settle.

11. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected information from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, contact us at privacy@getsettle.ai.

12. What We Do Not Do

We do not:

  • Sell your data
  • Use your data for advertising
  • Train AI models on your data
  • Share your data beyond what is required to operate the Service
  • Access your invoice or client data unless you ask us for support

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-product notification. The "Effective date" at the top of this page indicates when the policy was last updated.

14. Contact

If you have questions about this Privacy Policy or want to exercise your privacy rights, contact us at:

Settle Labs LLC
Email: privacy@getsettle.ai