Effective Date: May 2, 2026
Last Updated: May 2, 2026
Settlemate, Inc. (“Settlemate,” “we,” “our,” or “us”) values your privacy and is committed to protecting your personal data. This Privacy Policy (“Policy”) explains what information we collect, how we use it, who we share it with, what rights you have, and how you can exercise those rights.
This Policy applies to your use of our website at settlemate.io, our mobile applications, our email-processing service, our claim-discovery and refund-recovery tools, and any other digital property that links to this Policy (collectively, the “Services”). By using the Services, you acknowledge that you have read and understood this Policy and agree to our Terms of Service. If you do not agree, discontinue use of the Services immediately.
If you are a California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Montana, Oregon, Texas, Tennessee, Delaware, New Jersey, New Hampshire, Maryland, Minnesota, Rhode Island, Kentucky, or Nebraska resident, see Section 11 for state-specific rights.
For questions, contact us at support@settlemate.io.
In plain language:
This summary is informational only. The detailed sections below control. Settlemate acts as a Controller (a “Business” under the California Consumer Privacy Act) with respect to the personal information described in this Policy.
Account Registration
Profile and Demographics
Payment and Subscription Data
Identity and Verification Information
Communication Content
User Content
Email Inbox Data
Financial Account Linking (via Plaid)
Settlemate’s use and transfer of Gmail data adheres to the Google API Services User Data Policy, including the Limited Use requirements, and qualifies as “reporting and monitoring” under Google’s restricted scopes. Specifically:
When you interact with the Services, we log:
This data enables fraud detection, security monitoring, analytics, performance measurement, and product improvement.
Our HTML emails may include a tiny pixel that reports when an email is opened and which links are clicked. We use this data to gauge engagement and refine content. You may disable images in your email client to prevent pixel loading.
We may receive information about you from:
We do not purchase personal data from data brokers for marketing or profiling purposes. If our practices ever change, we will update this Policy and provide any notices required by law (including under California’s data broker laws).
Some of the information we collect may qualify as “sensitive personal information” under the California Privacy Rights Act and similar laws. The categories of sensitive personal information we may process are:
We use sensitive personal information only to: (a) deliver, support, and secure the Services; (b) prevent and investigate fraud and unauthorized access; © verify your identity when required by a third party for a claim or payout; and (d) comply with applicable law. We do not use sensitive personal information to infer characteristics about you. We do not sell or share sensitive personal information for cross-context behavioral advertising.
You may direct us to limit the use of your sensitive personal information by emailing support@settlemate.io with subject line “Privacy Request.” See Section 11.
We process your personal data to:
We use machine-learning models, OCR, rules-based systems, fraud-detection systems, and human review to (a) classify emails and receipts to identify potential claims, (b) match your information to settlement eligibility criteria, © extract data from receipts and similar materials, and (d) generate suggested or draft text for claim materials and communications.
AI-assisted outputs may be inaccurate, incomplete, or out of date; you are responsible for reviewing them before you sign or authorize any submission.
Settlemate does not use solely automated decision-making to make decisions producing legal or similarly significant effects on you without meaningful human involvement. Where required by law (including state laws addressing automated decision-making, the EU AI Act, and GDPR Article 22 if and when we operate in those jurisdictions), we will provide additional notice and any opt-out options required by law.
We do not use Google user data, your inbox content, or your Plaid-derived transaction metadata to train generalized or third-party AI models. For our own classification models that improve claim and refund detection, we train on aggregated, non-identifying features extracted from inbox and transaction data (such as patterns that indicate whether a message contains a refund amount or a settlement notice) rather than on raw content. This aggregated-features approach is permitted under Google’s Limited Use Policy provision for data “aggregated and used for internal operations” and is consistent with our minimum-necessary data principles.
We share personal data only under the circumstances below:
Settlement Administrators, Courts, and Claims Agents Submit claim packets you have authorized, verify eligibility, receive payout files, respond to deficiency requests. Communications sent on your behalf are sent from Settlemate-controlled email addresses.
Payment Processors (Stripe, Apple, Google, Plaid) Collect subscription fees, issue refunds, and disburse settlements and recoveries. Plaid is independently the system of record for financial-account data and is governed by its own privacy practices.
Infrastructure and Cloud Providers (AWS, Supabase, Vercel) Host servers, store databases, run application infrastructure under contracts that restrict use to providing those services.
Analytics and Product-Telemetry Providers Measure feature adoption and product performance. Providers include: Mixpanel, Mixpanel Session Replay (separate from base Mixpanel analytics), Google (Firebase Analytics), Google Ad Platforms, Adjust, Impact, Sentry, Radar (geolocation), and OneSignal.
Customer-Support and Communications Providers Manage support tickets, send transactional and (with consent) marketing communications. (Intercom)
Consent Management Platform (Cookiebot by Usercentrics) Display the cookie banner, capture and store your cookie consent choices, detect and honor Global Privacy Control (GPC) signals, and maintain audit-ready records of consent. Cookiebot processes a limited set of data (consent ID, timestamp, IP address truncated for region, browser type, and the categories you accepted or rejected) on our behalf under a contract that restricts use of that data to providing the consent-management service.
AI / Model Providers Provide model inference for claim classification, OCR, and document parsing under contracts that restrict use of inputs and outputs to providing those services. Through OpenRouter, we use models from: OpenAI, Anthropic, Google Gemini.
Identity-Verification and Fraud-Prevention Vendors Perform “Know Your Customer” checks and anti-fraud screening when required by law or by a third party.
Professional Advisors and Auditors Obtain legal, tax, accounting, or compliance guidance.
Successors in a Business Transaction Transfer assets in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our business, subject to confidentiality and (where applicable) notice to you.
Law Enforcement or Regulators Satisfy legal obligations, court orders, or protect vital interests.
With Your Explicit Direction For any purpose you authorize via granular consent within the Services.
Our Services may contain links to external sites, offer walls, partner promotions, settlement-administrator portals, app stores, or widgets not operated by Settlemate. We do not control, endorse, or assume responsibility for their content or privacy practices. Review the privacy policies of any third-party site you visit. Examples of third parties whose privacy practices govern your interactions with them:
We retain data only as long as necessary:
CategoryRetentionAccount data and inbox tokensDeleted or anonymized within three (3) months after you close your account or withdraw email consentInbox-derived claim dataWhile your inbox connection is active; deleted within 90 days after disconnection or deletion requestPlaid-derived transaction metadata (tokens, merchants, amounts)While your Plaid connection is active; deleted within 90 days after disconnection or deletion requestClaim records (submitted or in-progress)5 years from claim closure, for fraud prevention, support, and statutory recordkeepingAccounting and payout recordsRetained for five (5) years after the end of the fiscal year, to satisfy tax and bookkeeping lawsSubscription and consent recordsAt least three (3) years (per Cal. Bus. & Prof. Code §§17600 et seq. and similar laws); longer where requiredMarketing-consent logsTwo (2) years from the date you opt outSupport correspondence2 years from last interactionBackup archivesEncrypted, access-restricted, and purged on a rolling 35-day cycleAnonymized or aggregated dataStored indefinitely
When deletion is infeasible (for example, in encrypted database backups still within the rolling-cycle window), we isolate and secure the data from further processing until removal is possible.
We may retain information longer if required by law, to defend or pursue legal claims, to investigate suspected fraud or abuse, or to enforce our Terms.
Despite our efforts, no system is 100% secure. Use the Services at your own risk, maintain strong, unique passwords, and notify us promptly at support@settlemate.io of any suspected unauthorized access.
If we determine that a security incident has resulted in the unauthorized acquisition or access of your personal information, we will notify you and applicable regulators as required by law. We will provide notice without unreasonable delay, and in any event within the time required by the law applicable to your residence.
Settlemate and our service providers use cookies, SDKs, local storage, web beacons, and pixel tags on the settlemate.io website and within the in-app experience. We organize these technologies into the following categories:
Strictly Necessary. Required for the Services to function — including authentication, session management, security, fraud prevention, load balancing, and routing requests through our infrastructure. These cookies cannot be disabled through our Do Not Sell or Share My Personal Information link because the Services would not function without them.
Functional. Remember your preferences and choices, such as language selection, accessibility settings, and which guided flows you have already completed. Disabling these may degrade the user experience but does not prevent the Services from operating.
Analytics. Help us understand aggregate traffic patterns, feature usage, and performance — for example, to identify which claim-discovery features are most useful or where users encounter errors. We use these in service-provider mode (the analytics providers process the data on our behalf and do not use it for their own purposes), which means this analytics use is not a “sale” or “sharing” under the CCPA.
Advertising / Cross-Context Behavioral Advertising. As of the Effective Date of this Policy, Settlemate does not use advertising or cross-context-behavioral-advertising cookies, pixels, or tags on the settlemate.io domain or within the in-app experience (such as Meta Pixel, Google Ads remarketing, TikTok Pixel, or similar tools). If we change this in the future, we will update this Policy and the Do Not Sell or Share My Personal Information link, and we will obtain any required consent.
Our cookie banner provides Notice at Collection under California Civil Code § 1798.100(b) when you first arrive at settlemate.io. The banner identifies the categories of personal information collected through tracking technologies and links to this Policy.
We use Cookiebot by Usercentrics as our consent management platform to capture, record, and honor your cookie preferences. You can manage cookie preferences through our Do Not Sell or Share My Personal Information link, available from the cookie banner and from the “Cookie Preferences” link in the footer of every page on settlemate.io. The interface allows you to accept or reject each non-essential cookie category (Functional and Analytics) on a symmetrical-choice basis. Strictly Necessary cookies cannot be disabled through the interface because they are required for the Services to function.
Cookiebot maintains a record of your consent (including the categories accepted or rejected and the timestamp) for our compliance audit purposes. You may withdraw or change your consent at any time through the same interface.
You may also control cookies through your browser settings (Chrome, Safari, Firefox, Edge) and through your device’s privacy settings. Disabling certain cookies may affect how the Services function. You can also use industry opt-out tools at https://optout.aboutads.info/ or adjust mobile-OS ad-tracking settings.
We honor the Global Privacy Control (GPC) signal and other commonly recognized opt-out preference signals as valid requests to opt out of any “sale” or “sharing” of personal information for residents of states that recognize universal opt-out signals (as of the Effective Date, including California, Colorado, Connecticut, Delaware, Nebraska, New Jersey, New Hampshire, Oregon, Texas, with additional states adding the requirement on an ongoing basis).
When we detect a GPC signal from a California browser, our cookie banner will visibly confirm that the signal was recognized and honored, in accordance with California Code of Regulations title 11 § 7025©(6).
CCPA § 1798.135 requires businesses that “sell” or “share” personal information to provide a clear and conspicuous link titled “Do Not Sell or Share My Personal Information.” As of the Effective Date of this Policy, Settlemate does not sell or share personal information for cross-context behavioral advertising and therefore is not required to provide such a link. If we change this in the future, we will provide the required link and disclosures.
Settlemate is based in the United States and currently designs and offers the Services for U.S. residents. Personal information we process is currently stored and processed in the United States.
If you access the Services from outside the United States, you do so on your own initiative and consent to the transfer of your personal information to the United States, subject to appropriate safeguards (such as Standard Contractual Clauses) where required.
We do not currently offer the Services in the European Union, the United Kingdom, Canada, Australia, or New Zealand. Before we launch in those jurisdictions, we will publish additional notices and protections required by applicable law (including the EU and UK GDPR, the Canadian Personal Information Protection and Electronic Documents Act and applicable provincial laws, the Australian Privacy Act, and the New Zealand Privacy Act 2020).
You may exercise the following rights, subject to verification and limited exceptions in applicable law:
Access / Portability. Request a copy of the personal data we hold about you, in a portable, machine-readable format. For underlying financial-account data hosted by Plaid, you may also exercise rights directly with Plaid.
Rectification / Correction. Request correction of inaccurate or incomplete information.
Deletion. Permanently erase your account, inbox data, and Plaid-derived transaction metadata held by Settlemate (subject to legal holds, fraud prevention, and recordkeeping obligations). To delete data Plaid holds about you, you can also disconnect at https://my.plaid.com/.
Withdraw Consent. Disable inbox access, disconnect Plaid, and stop further automated analysis at any time through your account settings or by contacting support.
Opt Out of Sale or Sharing. Direct us not to “sell” or “share” your personal information for cross-context behavioral advertising. As of the Effective Date, Settlemate does not sell or share personal information for cross-context behavioral advertising.
Limit Use of Sensitive Personal Information. Direct us to limit the use or disclosure of sensitive personal information to specific purposes permitted by law.
Opt Out of Profiling / Automated Decisions. Where applicable. Settlemate does not use solely automated decision-making for decisions producing legal or similarly significant effects.
Marketing Opt-Out. Click “unsubscribe” in marketing emails or email support@settlemate.io.
Non-Discrimination. You will not receive discriminatory treatment for exercising your rights.
Appeal. If we deny your request, you may appeal by emailing support@settlemate.io with subject line “Privacy Request Appeal.” Where required (e.g., Colorado, Connecticut, Virginia, Texas), we will respond to appeals within the time your state’s law specifies.
To submit a request: Email support@settlemate.io with subject line “Privacy Request” and tell us what you’d like to do. We will:
You may also designate an authorized agent to submit requests on your behalf. Authorized agents must provide written authorization from you, and we may verify your identity directly.
In addition to the rights above, California residents have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
Subject to your state’s law, you have the rights listed above, including the right to opt out of “targeted advertising,” “sale” of personal data, and certain “profiling,” and (in most states) the right to appeal a denial of a privacy request. Specific procedures, applicability thresholds, and exceptions vary by state; we honor the rights as your state’s law requires.
New Jersey residents have rights under the New Jersey Data Privacy Act, including the rights described above and the right to opt out of profiling that produces decisions resulting in the provision or denial of financial services, housing, education, employment, healthcare services, or essential goods.
We honor the Global Privacy Control (GPC) signal sent by your browser as a valid request to opt out of “sale” and “sharing” for residents of states that recognize universal opt-out signals.
To protect your information, we will take reasonable steps to verify your identity before responding to a substantive request — typically by confirming you can access the email address associated with your account or by matching information you provide with information already in our records. For sensitive requests, we may require additional verification.
If you believe your personal information has been collected, used, shared, or processed in violation of this Privacy Policy or applicable law, you must include all of the following in any pre-dispute notice you send under our Terms of Service in addition to the items required by Section 28 of the Terms of Service:
This requirement is intended to enable a meaningful investigation of any alleged violation. It does not limit any rights you have under applicable law to access, correct, delete, or otherwise control your personal information through the procedures described in Section 11.
The Services are not directed to individuals under 18 years of age, and we do not knowingly collect personal information from anyone under 13 in compliance with the Children’s Online Privacy Protection Act. If we learn that we have collected information from a child under 13, we will delete it. If you believe a minor has provided data, email support@settlemate.io and we will delete it promptly.
State laws in Connecticut, Maryland, New Jersey, Florida, and other states provide additional protections for users under 18. We honor those protections where they apply.
We may revise this Policy from time to time. The updated version will be posted with a new “Last Updated” date. Material changes will be highlighted via email or in-app notification at least 7 days before they take effect (or longer where law requires). Continued use of the Services after the effective date constitutes acceptance of the revised Policy.
If you have questions, concerns, or complaints about privacy at Settlemate, contact us at:
Settlemate, Inc.
8 The Green St. STE B
Dover, DE 19901, USA
Email: support@settlemate.io
For privacy-specific inquiries, please use subject line “Privacy Request”.
We aim to acknowledge privacy inquiries within 10 business days and respond substantively within 45 days, in accordance with applicable law.
