Highly secure. Private data.

Built to handle confidential data, SettleIndex is independently audited, we follow international standards for information security and client data is completely private.

Application security

Periodic penetration testing

The application is regularly audited for security by a CREST certified penetration testing provider. In the latest report, there were no outstanding security issues.

Single sign-on

Single sign-on is available for enterprise clients.

Multi-factor authentication

Multi-factor authentication is mandatory on all accounts. We operate email and password authentication, followed by a one-time security code sent via SMS. Users are unable to access accounts without both the password and the security code.

Mozilla Observatory

The application scores A+ on the Mozilla Observatory. View the report here.

Privacy by design

The application was built to handle sensitive and confidential information and we practice privacy by design. Users must take specific steps to share data with other users.

Restricted access to data

Employees and contractors have no access to client data.

Secure cloud infrastructure

SettleIndex is a cloud application hosted on infrastructure owned and operated by Amazon Web Services (AWS), providing the highest levels of physical and infrastructure security. AWS is utilised by the US and UK governments and is widely recognised.

Encrypted data

All user data is fully encrypted at rest using 256-bit Advanced Encryption Standard (AES-256). We follow industry best practices and widely accepted recommendations to minimise security risks.

Automated testing

Data security is a key part of our application development and under continuous review. We have automated tests in place whenever code is updated to ensure access control and visibility of data cannot be compromised by accident or oversight.

Third party sub-processors

As part of our application development, we utilise third-party software providers to give the best possible customer experience. When agreeing to the Terms of Use, a user is agreeing to the sharing of certain information with third-party sub-processors that are vital to our functionality. Client case data is never shared with these third parties.


Users of the application are monitored in an anonymised way for the purposes of improving the software. Individual actions within the application are not monitored, with the exception of recording sign in dates for audit and security purposes.

Data location

Data is stored in centres located in London, UK.


Terms of use

We use cookies in the provision of the application and associated support and analytics services. Please find our full Cookie Policy here: https://settleindex.com/cookies/.


Usage of the application is subject to the terms of use which can be found here: https://settleindex.com/terms/


Please find our full privacy policy and data protection policy here: https://settleindex.com/privacy/



SettleIndex is compliant with the EU’s General Data Protection Regulation (GDPR) with a privacy by design architecture and clear privacy policies for visitors and users.

Data protection officer

The Data Protection Officer (DPO) is Zac Best. The data controller is SettleIndex Ltd, and ac Best is the representative in the EEA. Contact details can be found below.

Data retention

In accordance with GDPR, data associated with any account can be permanently removed upon request. Data collected by clients with trial accounts is not subject to analysis.

Incident response

Incidents can be reported to security@settleindex.com