Skip to main content

Privacy Policy

Last updated April 23, 2026.

1. Who we are

Settled is operated by Steven Mulhern, an independent developer building Settled as a solo product. For purposes of data protection law, Settled is the data controller for information you give us while using allsettled.app. You can reach us at support@allsettled.app.

2. What we collect

  • Account data: your name, email address, and a hashed password you create at signup.
  • Contract and request content: the statement of work you upload and the client message you ask us to check against it. We store these so you can revisit analyses later.
  • Analysis results: the verdict, reasoning, and email draft we generate for each request.
  • Billing data: if you subscribe or buy a lifetime deal, Stripe handles the payment and gives us a customer ID and subscription status. We never see your card details.
  • Usage data: basic server logs (IP, timestamp, route) to keep the service running, and, if you consent, anonymous product analytics.

3. Why we collect it

To provide the service you signed up for: analyze contracts, draft responses, bill you correctly, send password resets and important account emails, fix bugs, and prevent abuse. We do not sell your data. We do not use your content to train third-party models.

4. Third parties we use

Settled could not run without a small set of service providers. Each processes data only for the purpose listed.

  • Neon — hosts the Postgres database that stores your account and analyses.
  • Vercel — hosts and serves the application; processes server logs.
  • Vercel Blob — stores uploaded contract files.
  • Anthropic — runs the Claude models that analyze your contract and draft email responses. Content sent to Anthropic is processed under their API terms and is not used for training.
  • Stripe — handles billing, subscriptions, and payment data. We never see your card number.
  • Resend — delivers transactional email (password resets, account notices).
  • PostHog — product analytics. Loaded only if you accept the cookie banner.
  • Sentry — error monitoring, so we see crashes and can fix them.

5. How long we keep it

  • Account and analyses: kept while your account is active. Deleted within 30 days of account deletion.
  • Billing records: kept for seven years to meet tax and accounting requirements.
  • Server logs: rotated within 30 days.
  • Analytics events: retained per PostHog defaults; you can opt out via the cookie banner.

6. Your rights

You can request a copy of your data, correct it, or delete your account at any time by emailing support@allsettled.app. We reply within seven days.

7. Cookies

We use a small number of cookies that are necessary for the service to work: session cookies for signed-in users and security tokens for form submissions. Optional analytics cookies (PostHog) load only after you accept the cookie banner and can be revoked at any time from that banner.

8. Security

Data is encrypted in transit (TLS) and at rest (Neon and Vercel Blob encryption-at-rest). Passwords are hashed and salted; we never store them in plain text. No system is perfectly secure; if we discover a breach that affects you, we will notify affected accounts by email without undue delay.

9. Changes

We may update this Privacy Policy over time. Material changes will be posted here with an updated “last updated” date; if the change is significant, we will email active accounts.

10. Contact

Questions, data requests, or concerns? Email support@allsettled.app.