Settle

Trust at Settle

Built for the trust money requires.

Settle is built for businesses that handle money seriously. Tenant isolation, encrypted infrastructure, passwordless auth, sanctioned-jurisdiction screening, Stripe-hosted payments. Commitments, not features.

See the commitments
Tenant isolationEncryptionPasswordless authFraud preflightSanctions screeningStripe-hosted

The promise

Settle is built on commitments that ship the day you sign up. Every claim below maps to code that runs on every request, not a checkbox in a SOC 2 binder you never see.

Tenant isolation

Your data never touches another tenant's.

Every database read, update, and delete carries a tenant filter at the query level. Defense in depth, not just a check at the handler. An employee accessing one tenant's data through any code path will be physically unable to see another tenant's rows.

  • Every database query carries your account as a filter. There is no path that returns another customer's rows.
  • Shared records (an invoice between you and a vendor) show each side only their own view, never both at once.
  • Settle staff don't access your data in the normal course of running the product. If you request support that requires it, we'll ask first.

Tenant A

Invoice INV-1042

Client: Acme Studios

Payment $2,750

No crossing

Tenant B

Invoice INV-2057

Client: Müller GmbH

Payment €3,200

Enforced at the database, not just the API

Commitments

Six commitments that run on every request.

Sanctions screening

Sanctioned jurisdictions blocked at the door.

Settle screens Invoice Me submissions and account signups against comprehensively sanctioned countries by country code, email top-level domain, and phone prefix. Submissions from blocked jurisdictions do not reach your inbox.

Payments

Stripe-hosted. Never on our servers.

Settle never touches your or your clients' card numbers or bank account details. All payments flow through Stripe-hosted surfaces. Settle stores references and metadata, not payment instruments.

Encryption

In transit and at rest, end to end.

All connections use TLS. All data at rest is encrypted on AWS-managed infrastructure. OAuth tokens for connected services are encrypted at the column level with a versioned key envelope.

Authentication

Passwordless by default.

Settle uses magic-link sign-in. No passwords stored. No password-reset surface to exploit. Sessions are short-lived and tied to a single device.

Fraud preflight

Bad actors stop before they reach you.

Inbound vendor submissions and public-facing forms run through Settle's fraud preflight: disposable email detection, identity heuristics, and cross-tenant abuse signals. Invoices that look fraudulent never land in your inbox.

AI usage

Your data is not training data.

When Settle uses AI to draft invoices or follow-ups, your data is sent to AI providers only to generate the output. Our contracts forbid those providers from training their models on your data.

Regulatory posture

Where Settle stands legally.

Wrenbase LLC (formerly Settle Labs LLC) is a US LLC operating from California. The compliance posture below applies to every Settle account from day one.

  • Sanctioned-jurisdiction screening

    On inbound submissions and account signups.

  • GDPR and UK GDPR

    For EU and UK residents.

  • CCPA, CPRA, and US state privacy laws

    Defensible to the strictest US standard.

  • PCI DSS SAQ-A

    Via Stripe-hosted payment surfaces.

  • Privacy laws follow the user

    Settle honors the privacy law of the jurisdiction where each user lives, not where Settle is incorporated.

  • Strictest standard applies

    Where multiple regimes overlap, the most protective wins.

Audit log

On the record

Sent invoice INV-1042

Today 2:15 PM

You

Acme Studios · $2,750

Drafted INV-1042

Today 2:14 PM

Revenue agent

Recurring schedule · monthly

Marked INV-1038 paid

Yesterday 4:32 PM

You

Check · $1,800

Sent reminder

Yesterday 11:08 AM

Settle

INV-1037 · friendly nudge

Accepted QU-038

Mar 15

Client

Acme · $2,750

Audit trail

Every money-moving action, on the record.

Invoice drafts, sends, payments, reminders, and agent actions are timestamped and attributed to the actor (you, your team, or an agent acting on your behalf). When a customer disputes something three months later, the receipt is already there.

Common questions

The things security teams ask.

How does Settle keep my data separate from other customers?
Every record in Settle is scoped to your account. There is no path that returns another customer's information. When you and a vendor share an invoice, each side sees only their own view, never both at once.
Where are my payments processed?
Payments go through Stripe. Settle never sees or stores card numbers or bank account details. We hold references to a payment, not the payment instrument itself.
Does Settle staff have access to my data?
Settle staff don't access your data in the normal course of running the product. If you need help and that help requires access, we'll ask you first.
How does sign-in work? Is there a password I need to manage?
No password. We email you a sign-in link. Tap it, you're in. Nothing to remember, nothing to reset, nothing to leak.
Is my data encrypted?
Yes. Everything in transit is encrypted. Everything at rest is encrypted. The connections you make to other services like Google Drive or Calendar are encrypted too.
What gets recorded in the audit trail?
Every action that moves money or changes a record. Invoices sent, payments received, vendors approved, settings changed. Each event has who did it, what happened, and when. Exportable by request.
If our records lived in a spreadsheet, would we have any of this?
Not really. Spreadsheets don't track who edited what, don't keep history of past versions you can trust, and don't have access controls beyond who you share the file with. Once we're talking about money, that gap matters. Settle keeps the record straight on its own.
Which privacy laws does Settle follow?
Settle honors the privacy law of the jurisdiction where each user lives, not where Settle is incorporated. That includes GDPR in the EU and UK, CCPA in California, LGPD in Brazil, PIPEDA in Canada, and equivalents elsewhere.
Who is the legal entity behind Settle?
Wrenbase LLC (formerly Settle Labs LLC), a US LLC operating from California. The entity name changed by California amendment effective May 29, 2026; the company, ownership, and operations are unchanged.

Documents and references

Full transparency. Every document linked.

Privacy Policy

How Settle collects, uses, and protects personal information.

Terms of Service

The contract that governs your use of Settle.

Cookie Policy

What cookies Settle uses and how to control them.

Subprocessors

Third-party providers that process data on Settle's behalf.

Security disclosures, compliance questions, DPA requests

A human at Settle answers.

[email protected]