Privacy Policy — SettleIQ

SettleIQ is built specifically for personal injury attorneys. We understand that case documents contain your clients' most sensitive information — medical records, financial details, and litigation strategy. This policy explains exactly how we handle that data.

1. What We Collect

When you use SettleIQ, we collect the following categories of data:

Case documents — PDFs, images, and other files you upload (medical bills, police reports, depositions, etc.)
Chat conversations — Messages between you and SettleIQ's AI personas within each case
Usage metadata — Timestamps, page views, feature usage, and error logs for platform improvement and debugging
Account information — Your email address, name, and firm name provided at registration
Financial inputs — Medical specials, wages, and settlement figures you enter into calculators (stored per-case, per-organization)

We do not collect Social Security numbers, credit card information, or any data beyond what is necessary to provide the service.

2. How We Use Your Data

Your data is used exclusively to provide the SettleIQ service to you and your organization:

Document retrieval and analysis within your active cases (RAG pipeline)
Generating AI-assisted chat responses using your uploaded case documents as context
Running settlement calculations and financial projections
Storing your case history for reference and continuity

We never use your data to train AI models. Your case documents, chat conversations, and client data are your attorney-client privileged materials. They are processed to answer your queries and then retained in your secure organization storage. They are not used to improve SettleIQ, not shared with third parties for model training, and not used for any purpose other than delivering the service you requested.

3. Organization Isolation

SettleIQ uses a strict multi-tenant architecture. Each law firm's data is completely isolated from every other firm's data at the database level.

Every database query is filtered by organization_id — there is no query that can return data across organizations
Your cases, documents, chat conversations, and financial data are never visible to users from other firms
Requests that attempt cross-organization access are rejected with HTTP 403 Forbidden
Even SettleIQ administrators cannot read your case content — they can only view account metadata for support purposes

This isolation is enforced at the application layer and verified through automated testing.

4. AI Provider Disclosure

SettleIQ uses Google Gemini for AI processing:

Chat and analysis — Google Gemini 2.5 Flash processes your prompts and case context to generate responses
Document search — Google Gemini embedding-001 converts document text into search vectors stored in your organization's database

When you send a message or upload a document, the relevant text is sent to Google's API for processing. Per Google's API Terms of Service, data sent via API calls is not used to train or improve Google's AI models. Google processes your data as a data processor on our behalf, subject to their data processing agreement.

We do not use any other third-party AI providers. We do not send your data to OpenAI, Anthropic, or any other model provider.

5. Data Retention

Active cases — Retained for the duration of your subscription
Closed cases — Auto-archived 90 days after you mark a case as closed
Archived data — Permanently deleted by our automated shredder process after the 90-day archive period
Account data — Retained until you request deletion or your account is terminated
Data deletion — You can request deletion of your data at any time by contacting privacy@settle-iq.com

6. Encryption

Data in transit — All connections use TLS 1.2 or higher. There is no unencrypted HTTP access to your data.
Data at rest — Case documents stored in Cloudflare R2 object storage are encrypted using AES-256. Database contents are encrypted at rest.
Authentication tokens — Session tokens are stored in httpOnly cookies, not accessible to JavaScript, reducing XSS risk.

7. ABA Rule 1.6 Compliance

SettleIQ is designed specifically to meet the "reasonable efforts" standard under ABA Model Rule 1.6(c), which requires attorneys to make reasonable efforts to prevent unauthorized disclosure of client information.

Our implemented safeguards include:

Encryption — TLS 1.2+ in transit, AES-256 at rest
Organization isolation — Strict data silo enforcement at the database and application layers
Access controls — Role-based permissions within your firm (owner, member roles on each case)
Audit logging — All user actions are logged with timestamps, user identity, and affected resources
Authentication hardening — Account lockout after failed login attempts, httpOnly session cookies
Vendor security — Google's API data processing agreement and Cloudflare's security infrastructure

We recommend that you consult your state bar's ethics guidance on cloud-based client data storage when evaluating any practice management software, including SettleIQ. Most state bars have issued guidance consistent with ABA Formal Opinion 477R (2017), which permits cloud storage when reasonable security measures are in place.

8. Your Rights

You have the following rights with respect to your data:

Access — Request a copy of data we hold about your account and organization
Export — Export your case documents and conversation history
Correction — Update incorrect account information
Deletion — Request deletion of your data. We will complete deletion within 30 days.

To exercise any of these rights, contact privacy@settle-iq.com.

9. Changes to This Policy

If we make material changes to this privacy policy, we will notify all registered users by email at least 14 days before the changes take effect. Non-material changes (such as clarifications that do not reduce your rights) may be made without notice. The "Last updated" date at the top of this page reflects the most recent version.

Continued use of SettleIQ after the effective date of a revised policy constitutes acceptance of the updated terms.

Questions? Contact us at privacy@settle-iq.com.