Privacy & Data Practices

How SettleCase.ai handles your data

We built SettleCase.ai on a simple principle: your yield engine needs case metrics, not client identities. This page explains exactly what we store, what we block, and why — in plain language.

The Core Principle

SettleCase.ai never stores client names, dates of birth, addresses, phone numbers, social security numbers, or medical provider names. Every data ingestion path — CSV upload, JSON import, and CRM API sync — runs PHI detection and strips protected fields before a single row reaches our database. This is enforced server-side, not just in the UI.

What We Store vs. What We Block

When you import settlement history or connect a CRM, here is exactly what reaches our database and what does not.

✓ Stored in Your Yield Engine
Injury type (normalized category)
Special damages total ($)
Medical bills amount ($)
Lost wages amount ($)
Future medical projections ($)
Demand amount ($)
Settlement amount ($)
Yield rate (settlement ÷ demand)
Multiplier (settlement ÷ specials)
Insurer name (company)
Adjuster name (insurer employee)
State / jurisdiction
Liability clarity flag
Days to settlement
Treatment gap flag (yes/no)
Surgical case flag (yes/no)
Litigated flag (yes/no)
✗ Blocked — Never Stored
Client name / plaintiff name
Date of birth
Social security number
Home address
Phone number
Email address
Medical provider names
Doctor / physician names
Hospital / clinic names
Raw CRM case ID or matter number
Client ID or patient ID
Employer name
Diagnosis details

How Each Ingestion Path Works

📄 CSV Upload
PHI Detection Active
Every CSV is scanned before ingestion. Column headers are checked against a 30+ keyword PHI blocklist (name, dob, ssn, address, phone, email, provider, doctor, hospital, etc.). PHI columns are excluded from the field map entirely — they never appear in the column-to-database mapping. A downloadable audit receipt is generated after every import confirming which columns were stored and which were dropped. Client names, if present, are one-way SHA-256 hashed to an anonymous claim reference (e.g. Claim-A4F8C2D1) and the original name is discarded.
⚡ CRM API Sync (Filevine, Clio, SmartAdvocate)
Server-Side Blocklist
When syncing from a connected CRM, our worker uses an explicit field mapping that only extracts the safe fields listed above. A secondary blocklist (CRM_PHI_NEVER_STORE) is applied post-extraction to delete any PHI keys that may have been included in an API response. CRM case IDs are one-way hashed for deduplication. The hash cannot be reversed to identify a case or client.
📋 Active Case Import (Demand Queue)
Names Anonymized
Active cases are identified in the system by claim reference, not client name. If your CSV includes a claim number column, that is used as-is. If only a client name is present, it is hashed to an anonymous claim reference and the original name is permanently discarded before storage. The claim reference maps back to the case in your CRM — not in SettleCase.ai.
📝 New Case Form (Demand Letter Generation)
Session Only
When you create a new demand, the client name field is used only to generate the demand letter text during that session. The name is passed to the letter generation API but is not written to our D1 database. Letters are returned to your browser and never stored server-side.

Anonymization Audit Trail

Every import — CSV, JSON, or CRM sync — writes a record to our anon_audit table in your firm's database partition. This record logs the timestamp, data source, list of fields received, list of PHI fields that were dropped, and list of fields actually stored. You can request an export of your audit log at any time by contacting us.

CSV imports also generate a downloadable plain-text audit receipt at the time of import, which you can save for your records.

Infrastructure & Security

SettleCase.ai runs entirely on Cloudflare's global edge infrastructure.

Cloudflare Workers + D1
All compute runs on Cloudflare Workers. All data is stored in Cloudflare D1 (SQLite at the edge). Data at rest is encrypted by Cloudflare's infrastructure. Data in transit is encrypted via HTTPS enforced at the Cloudflare edge.
Authentication
Passwords are hashed using PBKDF2 with a unique salt per account. Session tokens are time-limited JWTs. We never store plaintext passwords.
AI / LLM Usage
When generating demand letter reasoning or AI counter strategy, we use OpenRouter to access large language models. Only anonymized case metrics — injury type, dollar amounts, insurer, jurisdiction — are included in these prompts. Client names and personal information are never sent to external AI services.
HIPAA Status
SettleCase.ai is designed to avoid handling Protected Health Information (PHI) as defined under HIPAA. By stripping client identifiers and medical provider names at ingestion, we operate on anonymized case metrics that do not constitute PHI. We recommend not uploading raw medical records or documents containing patient identifiers to SettleCase.ai. If your use case requires full PHI handling, contact us to discuss our roadmap for BAA-covered infrastructure.

ABA Model Rule 1.6 — Attorney Obligations

ABA Model Rule 1.6 requires attorneys to make reasonable efforts to prevent unauthorized disclosure of client information. SettleCase.ai is designed to support compliance with this rule by:

We are not your legal counsel and cannot render a formal compliance opinion. We recommend consulting your state bar's cloud computing guidance and your firm's privacy counsel when evaluating any SaaS platform.

Questions

If you have questions about our data practices, want to request your audit log, or need to discuss a specific compliance requirement, contact us at privacy@settlecase.ai or through your account manager at Mass Tort Ad Agency.

SettleCase.ai · Settlement Yield Intelligence · By Mass Tort Ad Agency
Dashboard · Import · Integrations · Data Practices