Legal

Privacy Policy

Effective April 1, 2026 · Last updated April 1, 2026

GraceSettle LLC (“GraceSettle,” “we,” “us,” or “our”) provides after-loss estate administration services. We understand the deeply personal and sensitive nature of the information you entrust to us. This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and your rights regarding that information.

By using our website, application, or services (collectively, the “Service”), you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information About the Deceased

To administer after-death filings on your behalf, we collect:

  • Full legal name
  • Date of birth and date of death
  • Last four digits of Social Security Number
  • Last known address (street, city, county, state, ZIP code)
  • Marital status at time of death
  • Surviving spouse name (if applicable)
  • A copy of the death certificate (uploaded as a PDF or image)

1.2 Information About Heirs and Beneficiaries

  • Full legal name and relationship to the deceased
  • Date of birth (used to determine minor status)

1.3 Your Contact Information (Family User)

  • Full name and relationship to the deceased
  • Email address and phone number
  • Mailing address

1.4 Estate and Financial Information

  • Whether a will exists and whether probate has been filed
  • Names of financial institutions, insurance providers, utility companies, and subscription services associated with the deceased

1.5 Payment Information

Credit card and billing details are collected and processed directly by our payment processor, Stripe, Inc. We do not store full credit card numbers on our servers. We receive only a tokenized reference and the last four digits for receipt purposes.

1.6 Automatically Collected Information

  • Device and browser information (user agent, screen resolution)
  • IP address and approximate geolocation
  • Pages visited, time on site, and referral source
  • Cookies and similar technologies (see Section 7 below)

2. How We Use Your Information

We use the information we collect to:

  • Provide our core service: file government notifications (SSA, IRS, DMV), submit benefits claims, close or transfer accounts, generate legal documents, and correspond with institutions on your behalf.
  • Communicate with you: send case updates, dashboard access links, document-ready notifications, and respond to your messages.
  • Process payments for your selected service tier.
  • Improve the Service: analyze aggregate, de-identified usage patterns to improve our workflow and user experience.
  • Comply with legal obligations: respond to lawful requests from courts, regulators, and law enforcement.

We will never sell your personal information to third parties for marketing or advertising purposes.

3. Third-Party Service Providers

We share the minimum information necessary with the following categories of service providers, each bound by contractual data protection obligations:

ProviderPurposeData Shared
Supabase (PostgreSQL)Secure database hostingAll case data (encrypted at rest)
StripePayment processingBilling email, payment method, case reference
ClerkAuthentication (admin and partner portals)Email, name, role
ResendTransactional email deliveryRecipient email, name, case status updates
TwilioSMS notificationsPhone number, case update text
Amazon Web Services (S3, Textract)Document storage and OCR processingDeath certificate images, extracted text
OpenSignElectronic signature collectionDocument content requiring signature, signer name and email
LobCertified mail deliveryRecipient and return addresses, letter content
Anthropic (Claude AI)Automated case processing and document generationCase details necessary for task execution (see Section 4)

We also share information with government agencies, financial institutions, and other entities only as necessary to carry out the specific filings and closures you have authorized.

4. Use of Artificial Intelligence

GraceSettle uses AI-powered agents to coordinate government filings, benefits discovery, account closures, and document generation. These agents process case data (deceased name, dates, addresses, account information) to produce filings and correspondence.

  • AI agent outputs are reviewed by our team before any filing is submitted or correspondence sent on your behalf.
  • We do not use your personal data to train AI models. Your case data is processed in real-time and is not retained by our AI provider beyond the duration of the request.
  • Our AI provider (Anthropic) processes data under a Data Processing Agreement that prohibits using customer data for model training.

5. Data Retention

We retain your case data for the following periods:

  • Active cases: data is retained for the duration of the engagement plus seven (7) years to comply with IRS and state record-keeping requirements related to estate filings.
  • Death certificates: stored securely for the duration of the case, then deleted within 90 days of case closure unless you request earlier deletion.
  • Payment records: retained for seven (7) years per tax and accounting requirements.
  • Account and marketing data: retained until you request deletion.

You may request early deletion of your data at any time by contacting privacy@gracesettle.com. We will comply within 30 days, except where retention is required by law.

6. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+) and encryption at rest for all stored data
  • Cryptographically signed (HMAC-SHA256) access tokens with 24-hour expiration
  • Row-level security on all database tables
  • Content Security Policy headers, clickjacking protection, and strict referrer policies
  • Webhook signature verification for all inbound integrations
  • Multi-factor authentication required for all administrative access

For more detail, see our Security page.

7. Cookies and Similar Technologies

We use the following cookies:

  • Essential cookies: authentication session tokens required for the Service to function. These cannot be disabled.
  • Analytics cookies: aggregate, anonymous usage data to improve the Service. You may opt out by disabling cookies in your browser settings.

We do not use advertising or tracking cookies.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your personal information, subject to legal retention requirements
  • Export your data in a portable format
  • Object to processing for purposes other than service delivery

Texas Data Privacy and Security Act (TDPSA): Texas residents have specific rights under the TDPSA, including the right to access, correct, delete, and obtain a copy of their personal data, as well as the right to opt out of the sale of personal data (which we do not do) and targeted advertising. To exercise these rights, contact us at privacy@gracesettle.com.

We will respond to all verifiable requests within 45 days.

9. Children’s Privacy

Our Service is not directed at individuals under the age of 18. We collect minor heir information (name, date of birth, relationship) only as provided by an adult family member for the purpose of estate administration. We do not knowingly collect personal information directly from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a prominent notice on our website at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

GraceSettle LLC
Attn: Privacy
Austin, TX
privacy@gracesettle.com