1. Information We Collect
We collect the following data when you use Settle:
- Account data: Bank account number, bank name, country, account holder name (verified via your bank)
- Contact data: Phone number (for OTP authentication), email address (optional)
- Transaction data: Payment amounts, settlement amounts, timestamps, transaction status
- Wallet data: Blockchain wallet addresses generated for receiving payments
- Usage data: Pages visited, features used, device type, IP address
2. How We Use Your Data
- Verify your bank account ownership and process settlements
- Send OTP codes for secure authentication
- Process crypto-to-fiat conversions and bank payouts
- Comply with anti-money laundering (AML) and know-your-customer (KYC) regulations
- Communicate service updates and transaction confirmations
- Detect and prevent fraud, abuse, and unauthorized access
3. KYC & Verification Tiers
For transactions under $10,000 USD equivalent, Settle requires bank account verification only. Your bank verifies your identity when you open your account, and we leverage this existing verification. For higher amounts, additional documentation may be requested.
4. Data Sharing
We share your data only with:
- Payment processors: OnSwitch (settlement infrastructure), Paystack (bank verification)
- SMS providers: Twilio, Termii (OTP delivery only)
- Database provider: Supabase (encrypted, hosted infrastructure)
- Law enforcement: When required by law or to prevent financial crime
We do not sell your personal data to advertisers or third parties.
5. Data Retention
We retain your account and transaction data for as long as your account is active, plus 5 years after closure to comply with financial record-keeping regulations. OTP codes are deleted immediately after verification or expiry.
6. Data Security
We protect your data with:
- OTP codes hashed (SHA-256) before storage
- HTTPS encryption on all connections
- Row-level security on database tables
- Rate limiting on all API endpoints
- HMAC signature verification on webhook callbacks
7. Your Rights
You have the right to:
- Access your personal data via your dashboard
- Correct inaccurate data (update phone, bank accounts in settings)
- Delete your account and associated data
- Export your transaction history
- Withdraw consent for optional communications
To exercise these rights, contact privacy@settle.app.
8. Cookies & Local Storage
Settle uses a session cookie (settle_session) for authentication and localStorage for caching user preferences. We do not use third-party tracking cookies.
9. Changes to This Policy
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last updated" date.