Bank-grade security — funds are never held by Settle, and we never store raw secrets.

SSettle

How it works For creditors For DR companies For partners About

Book a demo →

Security & trust

We protect your data — and we never hold your money.

Debt is sensitive. So Settle is built to keep the absolute minimum, encrypt what it keeps, and hand the riskiest data to vetted, regulated providers — not to a database we sit on.

Funds never touch Settle

Settlement money is held in trust by a licensed escrow / banking partner and released straight to the creditor. Settle never custodies, holds, or moves your money on its own books.

No raw secrets stored

We never warehouse your full SSN, bank account or routing number, card number, or bank login. Those live only with the regulated providers that need them — we keep a token, not the secret.

Encrypted & minimized

The data we do keep — to do the job you asked for — is encrypted at rest (AES-256-GCM) and in transit (TLS), access-controlled, and every read/write is logged. We collect the minimum, not the maximum.

You stay in control

You authorize every offer and every payment. Consent is recorded and revocable; you can request your data or its deletion. Text STOP to opt out of messages at any time.

What we never store

Full Social Security number. We keep only the last 4, encrypted, for matching — never the full 9 digits.

Bank account & routing numbers. Bank links and transfers run through Plaid; we hold a token, never the numbers.

Card numbers. Subscription billing is tokenized by our payment processor; the card never reaches Settle.

Bank login credentials. You log in to your bank with Plaid, not with us — we never see your password.

Government-ID images & biometrics. Identity checks are run by a verification provider; we keep the result, not the documents.

What we keep — and how

Your contact & identity (name, address, email, phone) — to operate your account, access-controlled and audited.

SSN last-4 & date of birth — encrypted at rest (AES-256-GCM), used only for identity matching and credit pulls you authorize.

Your debts & offers (creditor, balance, masked account, the offer and its terms) — the core of the service, encrypted/masked.

Your consents & authorizations — an append-only record of what you agreed to and when, so it's always provable.

Tokens, not secrets — for anything sensitive (bank, card, ID), we store a provider reference and a display last-4, never the underlying value.

For creditors, DR firms & partners

Built for vendor due diligence.

We operate under GLBA safeguards, FCRA permissible-purpose and dispute handling, and TSR-compliant fee practices (a flat software subscription — never a percentage of your debt). Cards are out of our PCI scope (tokenized by the processor). Our SOC 2 program and independent penetration testing are in progress ahead of general availability.

Technical security whitepaper — architecture, data tiers, tokenization, retention, subprocessors.

Security questionnaires & DPAs — we'll complete your review and sign a data-processing agreement.

Read the whitepaper → security@settle.software

The binding terms are in our customer and partner agreements, privacy policy, and data-processing addendum. Last updated June 2026.

Settle Technologies, Inc. operates a settlement network that connects consumers directly with their creditors. Settle is not a lender, law firm, credit-repair organization, or debt-relief / debt-settlement company, and does not provide legal, tax, or financial advice. Consumers initiate every offer; creditors set their own acceptance terms. Funds are held by a licensed escrow / banking partner — never by Settle. Settlement outcomes vary and are not guaranteed.