Security & Privacy at Settle
We take the security of your data seriously. All customer data is processed and stored in the United States, never leaves our infrastructure, and is never used to train models — ours or any third party’s. This page summarizes how we handle data, our core security practices, and the subprocessors we use.
How We Handle Your Data
What we collect: account information, uploaded content, and usage data necessary to provide the service. What we do with it: deliver and improve our product, monitor system health, and prevent abuse. What we never do: sell your data, share it with advertisers, or use it to train machine learning models (ours or any third party’s). Where data lives: all customer data is processed and stored in the United States.
We are committed to transparency and limiting collection to the minimum necessary for reliable service.
Security Overview
Our infrastructure is built on industry-standard, secure cloud services and follows best practices for modern web applications. Hosted on Microsoft Azure (US region) with Postgres (encrypted at rest), all data in transit uses TLS 1.2+, and we have Google SSO, RBAC, and least-privilege internal access controls.
We enforce robust development practices including code reviews, secure SDLC, automated dependency scanning, and use WAF and rate limiting. Centralized logging and monitoring is handled via Sentry. We continually review and upgrade our security posture.
Our Subprocessors
Last updated: December 10, 2025
To provide Settle’s services, we work with a small set of trusted third-party vendors (“subprocessors”). Each partner is carefully vetted for security and privacy practices. This list is kept up to date — check back any time for the latest version.
See the table below for details on each subprocessor Settle uses, the data processed, region, and security policies.
Vendor: Microsoft Azure
Purpose: Cloud hosting, compute, storage, managed Postgres, Blob Storage (document upload/download), Cognitive Search (search indexing/retrieval), Azure OpenAI (LLM, embeddings, completions)
Data: Customer content, metadata, uploaded documents, indexed content, AI feature data
Region: US
Privacy & Security: https://www.microsoft.com/en-us/trust-center
Vendor: Vercel AI
Purpose: Orchestrates AI requests to Azure OpenAI
Data: Metadata, AI request logs
Region: US
Trust & Security: https://vercel.com/security
Vendor: Slack
Purpose: Notifications and bot messages
Data: Message content, metadata
Region: US
Security: https://slack.com/security
Vendor: PostHog
Purpose: Analytics and event tracking
Data: Usage data, pseudonymous IDs
Region: US
Privacy: https://posthog.com/privacy
Vendor: WorkOS
Purpose: Authentication and SSO
Data: Account info, SSO metadata
Region: US
Security: https://workos.com/security
Vendor: Sentry
Purpose: Error monitoring and reporting
Data: Telemetry, pseudonymous IDs, stack traces
Region: US
Security: https://sentry.io/security/
Vendor: Resend
Purpose: Transactional and notification email delivery
Data: Email addresses, notification content
Region: US
Security: https://resend.com/security
Vendor: Braintrust
Purpose: Model evaluation and benchmarking
Data: Model outputs, evaluation data
Region: US
Privacy: https://www.braintrustdata.com/privacy
Vendor: Cloudflare
Purpose: CDN, security, and edge services
Data: Network metadata, edge logs
Region: US
Trust & Safety: https://www.cloudflare.com/trust-hub/
Questions?
Have questions about security or privacy at Settle? Reach us at team@usesettle.com.
