Security & Trust

Attorneys doing due diligence before putting client data in any cloud tool need clear, factual answers about security controls. This page provides the technical details — not marketing language — about how SettleIQ protects your data.

1. Encryption

Data in transit:

• All connections use TLS 1.2 or higher — there is no unencrypted HTTP access path
• TLS certificates are managed via Cloudflare (automatic renewal, OCSP stapling)
• HSTS headers enforce HTTPS on all subsequent connections after first visit
• Database connections between the application and PostgreSQL use SSL encryption

Data at rest:

• Case documents are stored in Cloudflare R2 object storage with AES-256 encryption at rest
• The PostgreSQL database is hosted on Railway with encrypted storage volumes
• Document embeddings (search vectors) are stored in the same encrypted PostgreSQL instance

2. Organization Isolation

SettleIQ uses a strict multi-tenant architecture. Every law firm's data is isolated at the database level, not just the application level.

• Every database query includes an organization_id filter — there are no cross-organization queries in the codebase
• Requests that attempt to access another organization's data receive HTTP 403 Forbidden
• Document vector search is scoped to your organization's documents only
• Case membership is verified per-request, not just at login time
• Organization isolation is enforced in automated tests that run on every code change

3. Authentication & Access Control

• JWT-based authentication — Session tokens use HS256 signed JWTs with a 24-hour expiry
• httpOnly cookies — Tokens are stored in httpOnly cookies, not in localStorage. This means JavaScript running in the page cannot read the token, eliminating the most common XSS token-theft vector.
• Brute-force protection — Accounts are locked after 5 consecutive failed login attempts. Lockout requires admin unlock or password reset.
• Rate limiting — Login endpoint is rate-limited to 5 attempts per minute per IP address, in addition to per-account lockout
• Secure cookie flags — Session cookies are set with Secure, HttpOnly, and SameSite=Lax flags
• Case-level access controls — Each case has owners and members with distinct permission levels. Users can only access cases they have been explicitly added to.

4. AI Provider

SettleIQ uses Google Gemini for all AI processing:

• Chat and analysis — Google Gemini 2.5 Flash (model: gemini-2.5-flash)
• Document search vectors — Google Gemini embedding-001 (3072-dimensional embeddings)

Per Google's API Terms of Service, data submitted via API calls is not used to train or improve Google's AI models. Google processes SettleIQ data as a data processor under their Data Processing Agreement.

SettleIQ does not use OpenAI, Anthropic, or any other AI provider. All AI processing goes through Google Gemini exclusively.

5. HIPAA Clarification

HIPAA applies to covered entities (healthcare providers, health plans, healthcare clearinghouses) and their business associates. Law firms handling medical records in the course of litigation are generally not HIPAA covered entities and are not subject to HIPAA's technical safeguard requirements.

Medical bills, treatment records, and other health information you upload to SettleIQ are handled as attorney work product and case evidence, governed by attorney-client privilege and your ethical duties under ABA Rule 1.6 — not by HIPAA.

We recommend consulting your state bar ethics guidance and, if you have questions about HIPAA applicability in your specific practice, consulting with a healthcare law specialist.

6. Data Retention & Deletion

• Active cases — Accessible during your active subscription
• Closed cases — Automatically archived 90 days after you mark a case closed
• Archived cases — Permanently deleted by our automated shredder process after the 90-day archive window
• On-demand deletion — You can request deletion of any data at any time by contacting privacy@settle-iq.com. We will complete deletion within 30 days.
• Post-termination — Data remains available for export for 30 days after account termination, then is permanently deleted

7. Incident Response

In the event of a security incident affecting your organization's data:

• We will notify affected organizations within 72 hours of discovering a confirmed breach
• Notification will include: what data was affected, when the incident occurred, what we are doing to address it, and recommended actions for you
• We maintain incident response procedures and test them periodically
• To report a suspected security issue: security@settle-iq.com

8. Audit Logging

SettleIQ maintains logs of significant user actions for security and compliance purposes:

• Login events (successful and failed), with timestamp and IP address
• Document uploads and downloads
• Case creation, state changes (open, active, closed, archived)
• Case member changes (invitations, role updates, removals)
• Admin actions (organization creation, user provisioning)

Audit logs are retained for compliance review and are not deleted by the 90-day case shredder. Logs contain user identity (user ID, email), action type, affected resource, and timestamp. Log contents are not accessible to end users through the UI but are available to your organization upon request for compliance purposes.

9. Infrastructure

• Hosting — Railway (US-based infrastructure)
• Document storage — Cloudflare R2 (S3-compatible, data stored in US)
• Database — PostgreSQL + pgvector on Railway
• Container — Docker, running as non-root user (settleiq)
• Dependency scanning — Automated weekly CVE scanning via GitHub Actions (pip-audit, npm audit, Trivy)
• Security headers — CSP, HSTS, X-Frame-Options, X-Content-Type-Options on all responses

Questions about security controls or to request a security review: security@settle-iq.com