Book a demo

Trust & Security

Security & Privacy at Settle.

We take the security of your data seriously. All customer data is processed and stored in the United States within our vetted infrastructure and subprocessors, and is never used to train models — ours or any third party’s. This page summarizes how we handle data, our core security practices, and the subprocessors we use.

Data handling

How we handle your data

What we collect: account information, uploaded content, and usage data necessary to provide the service. What we do with it: deliver and improve our product, monitor system health, and prevent abuse. What we never do: sell your data, share it with advertisers, or use it to train machine learning models (ours or any third party’s). Where data lives: all customer data is processed and stored in the United States.

We are committed to transparency and limiting collection to the minimum necessary for reliable service.

Security overview

Core security practices

Our infrastructure is built on industry-standard, secure cloud services and follows best practices for modern web applications. Hosted on Microsoft Azure (US region) with Postgres (encrypted at rest), all data in transit uses TLS 1.2+, and we have Google SSO, RBAC, and least-privilege internal access controls.

We enforce robust development practices including code reviews, secure SDLC, automated dependency scanning, and use WAF and rate limiting. Centralized logging and monitoring is handled via Sentry. We continually review and upgrade our security posture.

Our subprocessors

Trusted partners we use to provide Settle.

Last updated: March 26, 2026. To provide Settle’s services, we work with a small set of trusted third-party vendors ("subprocessors"). Each partner is carefully vetted for security and privacy practices. This list is kept up to date — check back any time for the latest version.

See the list below for details on each subprocessor Settle uses, the data processed, region, and security policies.

US

Microsoft Azure

Purpose
Cloud hosting, compute, storage, managed Postgres, Blob Storage (document upload/download), Cognitive Search (search indexing/retrieval), Azure OpenAI (LLM, embeddings, completions)
Data
Customer content, metadata, uploaded documents, indexed content, AI feature data
Privacy & Security
US

Vercel AI

Purpose
Orchestrates AI requests to Azure OpenAI
Data
Metadata, AI request logs
Trust & Security
US

Slack

Purpose
Notifications and bot messages
Data
Message content, metadata
Security
US

PostHog

Purpose
Analytics and event tracking
Data
Usage data, pseudonymous IDs
Privacy
US

WorkOS

Purpose
Authentication and SSO
Data
Account info, SSO metadata
Security
US

Sentry

Purpose
Error monitoring and reporting
Data
Telemetry, pseudonymous IDs, stack traces
Security
US

Resend

Purpose
Transactional and notification email delivery
Data
Email addresses, notification content
Security
US

Braintrust

Purpose
Model evaluation and benchmarking
Data
Model outputs, evaluation data
Privacy
US

Cloudflare

Purpose
CDN, security, and edge services
Data
Network metadata, edge logs
Trust & Safety
US

Customer.io

Purpose
Customer messaging and lifecycle email automation
Data
Email addresses, user attributes, behavioral event data, message content
Trust & Safety
US

OpenAI

Purpose
AI-powered text generation and document storage
Data
Prompts, responses, and related application data (may include user-provided content)
Trust & Safety

Questions?

Have questions about security or privacy at Settle?

team@usesettle.com