Security & Privacy at Settle
We take the security of your data seriously. All customer data is processed and stored in the United States, never leaves our infrastructure, and is never used to train models — ours or any third party’s.
This page summarizes how we handle data, our core security practices, and the subprocessors we use.
How We Handle Your Data
- What we collect: account information, uploaded content, and usage data necessary to provide the service.
- What we do with it: deliver and improve our product, monitor system health, and prevent abuse.
- What we never do: sell your data, share it with advertisers, or use it to train machine learning models (ours or any third party’s).
- Where data lives: all customer data is processed and stored in the United States.
Security Overview
Our infrastructure is built on industry-standard, secure cloud services and follows best practices for modern web applications.
- Infrastructure: Hosted on Microsoft Azure (US region), data stored in Azure-managed Postgres with encryption at rest.
- Encryption: TLS 1.2+ for all data in transit.
- Access Controls: Google SSO, role-based access controls (RBAC), and least-privilege internal access.
- Development Practices: Code reviews, secure SDLC, automated dependency scanning, WAF, and rate limiting.
- Monitoring: Centralized logging and alerting via Sentry.
Our Subprocessors
To provide Settle’s services, we work with a small set of trusted third-party vendors (“subprocessors”). Each partner is carefully vetted for security and privacy practices. This list is kept up to date — check back any time for the latest version.
| Vendor | Purpose | Data Processed | Region | Privacy / Security Info |
|---|---|---|---|---|
| Microsoft Azure | Cloud hosting, compute, storage, managed Postgres, Blob Storage (document upload/download), Cognitive Search (search indexing/retrieval), Azure OpenAI (LLM, embeddings, completions) | Customer content, metadata, uploaded documents, indexed content, AI feature data | US | Privacy & Security |
| Vercel AI | Orchestrates AI requests to Azure OpenAI | Metadata, AI request logs | US | Trust & Security |
| Slack | Notifications and bot messages | Message content, metadata | US | Security |
| PostHog | Analytics and event tracking | Usage data, pseudonymous IDs | US | Privacy |
| WorkOS | Authentication and SSO | Account info, SSO metadata | US | Security |
| Sentry | Error monitoring and reporting | Telemetry, pseudonymous IDs, stack traces | US | Security |
| Resend | Transactional and notification email delivery | Email addresses, notification content | US | Security |
| Braintrust | Model evaluation and benchmarking | Model outputs, evaluation data | US | Privacy |
| Cloudflare | CDN, security, and edge services | Network metadata, edge logs | US | Trust & Safety |
Questions?
Have questions about security or privacy at Settle? Reach us at [email protected].