SettleArc Recover

Privacy Policy

Effective date: February 12, 2026

This policy describes what data SettleArc processes, why it is processed, which third-party service categories are involved, and what rights you have.

1. Scope

This Privacy Policy explains how SettleArc collects, uses, discloses, and protects information when you use the SettleArc Recover web application, website pages, and related APIs (the "Services").

2. Information We Collect

  • Account and identity data, including your email address and authentication session data managed through our authentication provider.
  • Profile and branding data, including company name, sender name, signature, and reply-to email.
  • Operational data you provide, including invoice details, client contact details, follow-up drafts, templates, queue/sent status, and recovery events.
  • Integration data when you connect external systems, including account identifiers and OAuth tokens needed to sync invoice data.
  • Message delivery metadata from our email provider (for example, provider message IDs and error responses).
  • Model-processing inputs/outputs when AI drafting or rewriting is used (invoice/follow-up context sent to our AI model provider).

3. How We Use Information

  • Provide, maintain, and improve the services.
  • Authenticate users and secure accounts.
  • Process payments and manage subscriptions.
  • Communicate service updates and support responses.
  • Monitor performance, reliability, and abuse prevention.
  • Generate and rewrite follow-up drafts based on your instructions.
  • Sync overdue invoices from connected accounting platforms.

4. Service Providers and Subprocessors

We use third-party infrastructure and tooling providers to operate the Services, including providers for authentication and database hosting, accounting integrations, AI-assisted drafting, email delivery, application hosting/deployment, and billing/payments (if and when enabled).

5. Cookies and Similar Technologies

We use essential cookies needed to run login and integration flows. We do not currently use advertising cookies.

  • Authentication/session cookies to keep you signed in.
  • A short-lived OAuth state cookie used for CSRF protection during integration connect flow; this cookie has a 10-minute max age.

6. Data Sharing

We share data with service providers only as needed to operate the Services. We may also disclose information if required by law, legal process, or to protect rights, safety, and platform integrity. We do not sell personal information for monetary consideration.

7. Data Retention

We retain account and operational records while your account is active and as needed for legitimate business and legal purposes. Specific windows in the current implementation include:

  • OAuth state cookies expire after 10 minutes if not used.
  • Manually queued follow-ups can be scheduled up to 168 hours (7 days) in advance.
  • Integration connection tokens are retained until you disconnect the integration or delete your account.

8. Security

We use reasonable administrative, technical, and organizational safeguards to protect information. This includes access controls and row-level security boundaries in our application database. No method of transmission or storage is completely secure.

9. Legal Bases and Regional Rights

Depending on your location, we process personal data under one or more of: contract performance, legitimate interests, legal obligations, and consent where required.

If you are in the EEA, UK, or similar jurisdictions, you may have rights to access, correction, deletion, portability, objection, and restriction. If you are in U.S. states with privacy laws (such as California, Colorado, Connecticut, Utah, and Virginia), you may have rights to know, access, delete, and correct personal data, and to appeal certain decisions.

10. International Transfers

Your information may be processed in countries other than your own, where data protection laws may differ.

11. Children's Privacy

The services are not directed to children under 13, and we do not knowingly collect personal information from children under 13.

12. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by an updated effective date.

13. Contact

For privacy questions or requests, contact privacy@settlearc.com.

14. Related Terms

Your use of the services is also governed by our End User License Agreement (EULA).