Settled is operated by RicardoHQ LLC. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have over it. By using Settled, you agree to the practices described here.
1. Who This Applies To
This policy applies to two types of people:
- Vendors — service professionals who create accounts and use Settled to manage contracts.
- Clients — individuals who receive and sign contracts through Settled without creating an account.
2. Information We Collect
From Vendors
- Name and email address (via account registration or Google Sign-In)
- Business name, type, and phone number
- Business logo (uploaded voluntarily)
- Subscription and billing status (managed through Stripe — we do not store card numbers)
- Custom contract clauses and service configurations you create
From Clients (when signing a contract)
- Name, email address, and phone number (as provided in the contract)
- Signature (drawn or typed), stored as an image
- IP address, browser type (user agent), and signing timestamp — used to create a legally valid audit trail
- Consent confirmation (checkbox state)
Automatically Collected
- Contract lifecycle events: created, sent, viewed, signed (with actor and timestamp)
- Authentication cookies set by Supabase for session management
- Product analytics events via PostHog (page views, clicks, feature usage, session recordings). Recordings mask input fields by default and are retained for 30 days.
- On our iOS app only: Apple Push Notifications service (APNs) device token — used to send you push notifications when clients sign your contracts. You can revoke this at any time by disabling notifications in iOS Settings.
- Basic diagnostics (crash data, performance timing) — not linked to an identified individual
3. How We Use Your Information
- To provide and operate the Settled service
- To send contracts and signing links on behalf of vendors
- To send transactional emails (signed contract confirmation, expiry reminders, account notifications)
- To enforce subscription limits and process payments through Stripe
- To maintain an audit trail for legal validity of signed contracts
- To improve the service and diagnose technical issues
We do not sell your data. We do not use your data for advertising.
4. Third-Party Services
We share data with the following service providers only as needed to operate Settled:
- Supabase — database, authentication, and file storage (logos, contract data)
- Stripe — subscription billing and payment link generation. Stripe's privacy policy governs payment data.
- Resend — transactional email delivery (contract emails, notifications)
- Vercel — hosting and infrastructure
- PostHog — product analytics and session recording. Data is processed under PostHog's DPA and is not shared with advertising networks.
- Apple Push Notification service (APNs) — delivery of push notifications to iOS devices. Apple sees only an opaque device token and notification payload; it does not see your account identity.
- Google (Sign In with Google) and Apple (Sign in with Apple) — optional OAuth sign-in providers. If you choose one, the provider shares your email address (or a private relay alias) with us to create your account.
Each provider processes data only as necessary to provide their service. We do not share your data with any other third party without your explicit consent. We do not sell your personal information to anyone, ever.
5. Client Data and Vendor Responsibility
When vendors use Settled, they collect personal information from their clients (name, email, phone) and enter it into the platform. In this context:
- The vendor is the data controller — they determine what client data is collected and why.
- Settled (RicardoHQ LLC) acts as a data processor — we process that data only on the vendor's behalf and under their instruction.
Vendors are responsible for ensuring they have appropriate legal basis to share their clients' personal information with Settled (for example, by informing clients that their contract is managed through this platform).
6. Data Retention
- Vendor account data is retained as long as the account is active.
- Contracts and signatures are retained indefinitely to preserve legal records.
- If you close your account, you may request deletion of your data by contacting us. Signed contracts may be retained in anonymized form to comply with audit and legal requirements.
7. Your Rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data (subject to legal retention requirements)
- Opt out of marketing communications (there is an unsubscribe link in all non-transactional emails)
California residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of sale. We do not sell personal information.
To exercise any of these rights, email us at hello@settledapp.work.
8. Security
We use industry-standard security practices including row-level access controls (each vendor can only access their own data), encrypted connections (HTTPS), and authentication tokens with limited validity windows. No system is perfectly secure, but we take reasonable measures to protect your information.
9. Children
Settled is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify vendors by email or by posting a notice in the app. The "Effective" date at the top will always reflect the most recent version.