PromptSettle — Privacy Policy

Effective Date: April 20, 2026

Last Updated: April 20, 2026

1. Introduction

This Privacy Policy describes how PromptSettle LLC (“PromptSettle,” “we,” “us,” “our”) collects, uses, stores, and shares information when you use the PromptSettle website and service at promptsettle.com (“the Service”). By using the Service, you agree to the practices described in this policy.

PromptSettle is a document preparation and delivery tool that helps freelancers send demand communications to collect unpaid invoices. This policy covers all data collected in connection with that purpose.

2. Information We Collect

Information You Provide Directly

When you create an account and use the Service, you provide:

Account information:

• Full legal name
• Email address (provided by Google during sign-in)
• Business name (optional)
• Phone number (optional)
• State of residence

Case information (for each collection sequence you create):

• Debtor's name
• Debtor's email address
• Debtor's company name (if applicable)
• Debtor's state
• Debtor's mailing address (optional)
• Description of work performed
• Total amount owed
• Original payment due date
• Payment terms
• Whether a written contract exists
• Description of prior collection attempts (optional)
• Your preferred payment link or instructions (included in demand emails)

Email content:

• The AI-generated email text presented to you for review
• Any edits you make to that text before approval
• The final approved email content that is sent to the debtor

Information About Debtors (Third-Party Data)

When you use the Service, you provide personal information about a third party — the debtor. This includes their name, email address, company name, state, and mailing address. You represent that you have a legitimate basis for possessing and using this information (specifically, a good-faith claim that the debtor owes you money for services you performed).

We use debtor information solely to deliver the demand communications you direct us to send. We do not use debtor information for marketing, profiling, or any purpose unrelated to the specific case in which it was provided.

If a debtor contacts us to request information about what data we hold about them or to request deletion of their data, we will respond in accordance with applicable law. We may notify you if a debtor makes such a request regarding an active case.

Information Collected Automatically

Payment information: We use Stripe to process payments. We do not receive, store, or have access to your full credit card number. Stripe provides us with a transaction identifier and confirmation of payment. Stripe's handling of your payment information is governed by Stripe's Privacy Policy.

Usage data: We may collect standard web server logs including IP address, browser type, pages visited, and timestamps. This data is used for security, debugging, and service improvement.

Cookies: We use cookies and similar technologies to maintain your login session and remember your authentication state. We do not use cookies for advertising or cross-site tracking.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide the Service: generating demand email content, sending emails on your behalf, managing your cases, and delivering notifications to you.
• To process payments: completing your $19.99 payment via Stripe.
• To generate email content: your case information and the debtor's state data are sent to the Anthropic Claude API to generate the demand email sequence. See Section 5 for details.
• To communicate with you: sending account-related notifications, case status updates, bounce alerts, and sequence completion summaries.
• To maintain and improve the Service: debugging errors, monitoring performance, and improving the quality of generated content.
• To enforce our Terms of Service: detecting and preventing prohibited uses of the Service.
• To comply with legal obligations: responding to lawful requests for data and cooperating with legal proceedings when required.

We do not use your information for advertising. We do not sell your personal information. We do not use your information for marketing to third parties or for any purpose unrelated to the delivery of the Service.

4. Information Included in Demand Emails

When you approve a sequence, the demand emails sent to the debtor include:

• Your full name
• Your business name (if provided)
• Your email address
• Your phone number (if provided)
• Your payment link or instructions
• The debtor's name and company name
• The amount owed, due date, and description of work
• State-specific legal reference information (court names, filing fees, etc.)

This information is included because you directed us to send these communications on your behalf. The debtor will see this information in the emails they receive. By approving a sequence, you consent to the disclosure of this information to the debtor.

5. Third-Party Services

We share information with the following third-party services solely as necessary to operate the Service:

Stripe — Processes your $19.99 payment. Receives your payment method details directly. We receive only a transaction confirmation. Stripe Privacy Policy.

Postmark (ActiveCampaign) — Sends demand emails on your behalf. Postmark processes the email content, sender and recipient addresses, and delivery metadata. Postmark Privacy Policy.

Anthropic (Claude API) — Generates the demand email content. We send your case information (freelancer details, debtor details, invoice details) and state-specific reference data to the Anthropic API for content generation. Anthropic's API usage policies state that API inputs are not used to train their models. Anthropic Privacy Policy.

Google (OAuth) — Used for all account authentication. When you sign in with Google, Google provides us with your name and email address to create or access your account. We do not receive your Google password. Google Privacy Policy.

Supabase — Hosts our database and authentication system. Your account data and case data are stored in a Supabase-hosted PostgreSQL database with row-level security controls. Supabase Privacy Policy.

Vercel (or applicable hosting provider) — Hosts the web application and processes web requests. Access logs may include IP addresses and request metadata. Vercel Privacy Policy.

We do not sell your information to any third party. We do not share your information with any party not listed above, except as required by law (see Section 8).

6. Data Security

We implement the following security measures to protect your information:

• Row-level security: Database access controls ensure that authenticated users can only access their own account and case data. Administrative access is restricted to authorized personnel.
• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS.
• Authentication: Account access is managed through Google OAuth via Supabase Auth. We do not store passwords.
• Access controls: API keys, database credentials, and webhook secrets are stored as environment variables and are not exposed in client-side code.

No method of transmission over the internet or method of electronic storage is perfectly secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at info@promptsettle.com.

7. Data Retention

Active accounts: We retain your account information and case data for as long as your account is active.

Completed cases: Case data (including email content and debtor information) is retained after a sequence completes or is resolved so you can access your case history from your dashboard.

Deleted accounts: If you request account deletion, we will delete your account information and all associated case data within 30 days of your request. Some data may be retained in encrypted backups for up to 90 days after deletion, after which it is permanently removed.

Legal hold exception: Notwithstanding the above, we may retain data beyond the stated periods if required by law, if the data is subject to a pending legal proceeding or investigation, or if retention is necessary to enforce our Terms of Service or defend against legal claims. We will retain the minimum data necessary and for the minimum period required.

Server logs: Standard web server logs are retained for up to 90 days for security and debugging purposes, then deleted.

8. Legal Disclosures

We may disclose your information if required to do so by law, regulation, subpoena, court order, or governmental request. We may also disclose information if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a law enforcement request.

If we receive a legal request for your data, we will notify you unless we are legally prohibited from doing so or unless the request relates to an emergency involving potential harm to a person.

9. Data Breach Notification

In the event of a security breach that results in unauthorized access to your personal information, we will notify affected users by email within 72 hours of becoming aware of the breach, or as soon as reasonably practicable. We will also notify applicable regulatory authorities as required by state and federal law. Notification will include a description of the breach, the types of information involved, and steps you can take to protect yourself.

10. Your Rights and Choices

Access: You can view your account information and case data at any time by logging into your dashboard.

Correction: You can update your account information (name, email, business name, phone, state) from your account settings.

Deletion: You may request deletion of your account and all associated data by contacting us at info@promptsettle.com. We will process deletion requests within 30 days, subject to the legal hold exception described in Section 7.

Data export: You may request a copy of your case data in a portable format by contacting us at info@promptsettle.com.

Email notifications: The Service sends transactional notifications (case status updates, bounce alerts) that are integral to the Service's function. These cannot be opted out of while you have active cases. If you have no active cases, you may request to stop receiving communications from us.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business purposes for which we collected it, and the categories of third parties with whom we shared it.

Right to delete: You may request that we delete your personal information, subject to certain exceptions permitted by law.

Right to correct: You may request that we correct inaccurate personal information that we maintain about you.

Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights.

Categories of personal information we collect: Identifiers (name, email, phone, address); commercial information (payment records, case details); internet activity (server logs, cookies); professional information (business name, work descriptions).

Sale and sharing of personal information: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

To exercise any of these rights, contact us at info@promptsettle.com. We will verify your identity before processing your request.

12. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete that information promptly. If you believe a child has provided us with personal information, contact us at info@promptsettle.com.

13. International Users

The Service is operated from the United States and is intended for users located in the United States collecting debts from debtors located in the United States. If you access the Service from outside the United States, be aware that your information will be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country. By using the Service, you consent to this transfer.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after the updated policy takes effect constitutes your acceptance of the changes. If you do not agree to the changes, you must stop using the Service.

15. Contact

If you have questions about this Privacy Policy, wish to exercise any of your rights described above, or have concerns about how your data is handled, contact us at:

PromptSettle LLC
info@promptsettle.com