Contents
1. Introduction
This Privacy Policy describes how GroupSettle ("GroupSettle," "we," "our," or "us") collects, uses, shares, and protects information in connection with MassARB, our mass arbitration claims administration service available at massarb.groupsettle.com (the "Platform").
The Platform is a business-to-business service. Our direct customers are law firms ("Clients") that engage us to administer mass arbitration and similar settlement matters. In connection with those matters, we also process information about the individuals those firms represent ("Claimants").
This Policy applies to both groups. Where the treatment differs, we say so.
2. Who We Are and Our Role
For Claimant Data we process on behalf of a Client, we act as a service provider (under California law) or processor (under most other privacy frameworks). The Client is the controller of that data. We process Claimant Data only on the Client's documented instructions and only to perform the services described in the engagement.
For information we collect directly from law firm representatives, prospective customers, and website visitors, we act as a controller. This includes contact information submitted through the demo request form, support communications, and website analytics.
3. Information We Collect
3.1 Information from Law Firm Representatives and Prospects
When you request a demo, contact us, or otherwise interact with the Platform as a representative of a law firm, we collect:
- Name, work email, work phone number, and law firm name;
- Approximate matter or claimant volume information you choose to share;
- Communications between you and our team;
- Technical information about your device and use of the Platform (see Section 6).
3.2 Claimant Data
For each Matter, the Client provides us with information about Claimants. The categories typically include:
| Category | Examples | Source |
|---|---|---|
| Identifiers | Name, mailing address, email, phone number, Claimant or matter reference number | Client intake records |
| Claim information | Settlement allocation, payment amount, claim category, signed release and closing statement, date of execution | Client and Claimant signing actions |
| Identity verification information | Last four digits of SSN where required by the matter, government-issued ID number where required, date of birth | Claimant or Client |
| Payment information | Bank routing and account number for e-check, mailing address for physical check, tax ID information for IRS Form 1099 | Claimant entered through portal |
| Communications and audit data | SMS and email delivery receipts, portal session timestamps, IP address, device type, signature audit trail | Platform-collected |
3.3 Technical Information
We collect technical information automatically when anyone visits the Platform, including IP address, browser type, device identifiers, referring URL, and timestamps. This information supports security, performance, and abuse prevention.
4. How We Use Information
We use the information described above for the following purposes:
- Service delivery. Configuring custom claimant portals, sending notice and outreach communications by SMS and email, collecting electronic signatures on releases and closing statements, verifying Claimant identity, disbursing settlement funds, and generating tax reporting and audit packages.
- Account and customer management. Responding to inquiries, providing support, billing, and contract management for law firm Clients.
- Service improvement and security. Maintaining Platform availability, troubleshooting issues, detecting and preventing fraud or abuse, and improving the Platform.
- Legal compliance. Responding to lawful requests from courts, regulators, and government authorities; enforcing our Terms of Service; defending legal claims.
We do not use Claimant Data for our own marketing, for advertising, or to train artificial intelligence models offered to third parties. We do not sell personal information.
5. How We Share Information
We share information only in the limited ways described below.
5.1 With the Client (Law Firm)
Claimant Data and matter activity are accessible to the Client through the administrator dashboard and reporting interfaces. This is the core purpose of the engagement.
5.2 With Service Providers
We use a small set of vetted service providers to operate the Platform, including cloud hosting, telecommunications carriers (for SMS and voice transmission), banks and disbursement processors (for e-check and check issuance), tax filing services (for IRS Form 1099 and state filings), and security and monitoring tools. These providers process information on our instructions under written contracts that restrict their use of the information.
Our communications infrastructure is operated by Send It By Text, an affiliated company. Send It By Text processes Claimant Data only as our service provider in support of the Platform.
5.3 For Legal Reasons
We may share information when required by law, subpoena, court order, or other lawful process; when necessary to enforce our Terms of Service or protect the rights, property, or safety of GroupSettle, our Clients, Claimants, or others; or in connection with the investigation of fraud, security, or technical issues. Where the request relates to Claimant Data, we will notify and consult with the affected Client unless prohibited by law.
5.4 In a Business Transfer
If GroupSettle is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction. We will require successors to honor this Policy or provide notice of any material change.
6. Cookies and Tracking
The Platform uses a small number of cookies and similar technologies that are strictly necessary for security and basic functionality, plus first-party analytics cookies used to understand site usage in aggregate. We do not use third-party advertising or cross-site tracking cookies. Your browser settings can be configured to refuse cookies; refusing strictly necessary cookies may impair the function of the demo request form.
7. Data Security
We implement administrative, technical, and physical safeguards designed to protect information against unauthorized access, alteration, disclosure, or destruction. These include:
- Encryption in transit (TLS 1.2 or higher) and at rest (AES-256) for all Claimant Data;
- Role-based access controls and least-privilege principles for staff;
- Audit logging of access to Claimant Data;
- Independent security testing of the Platform;
- Vendor due diligence for service providers that handle Claimant Data.
No system is perfectly secure. If we become aware of a security incident affecting your information, we will notify affected Clients without undue delay and cooperate in any required notification to Claimants and regulators.
8. Data Retention
We retain Claimant Data for as long as necessary to perform the services for the relevant Matter and to satisfy applicable legal, tax, audit, and regulatory requirements. After matter close, retention follows the schedule below unless the Client's written instructions or applicable law require a different period:
- Signed releases, closing statements, and audit trail: seven (7) years from disbursement;
- IRS Form 1099 records and tax filings: seven (7) years from filing;
- General Claimant contact and identifier data: ninety (90) days after final disbursement, unless required for an active audit or escheatment process;
- Demo request and prospect contact data: up to two (2) years from last contact;
- Website technical logs: ninety (90) days.
Upon Client instruction at termination, we return or destroy Claimant Data on the schedule specified in the applicable Service Order, subject to retention required by law.
9. Your Rights
Depending on where you live and applicable law (including the California Consumer Privacy Act, the Virginia Consumer Data Protection Act, the Colorado Privacy Act, and the EU and UK General Data Protection Regulations), you may have rights including:
- Access: request a copy of personal information we hold about you;
- Correction: request correction of inaccurate information;
- Deletion: request deletion of personal information, subject to legal retention requirements;
- Portability: request a portable copy of certain information;
- Objection: object to certain processing;
- Withdrawal of consent: withdraw consent where processing relies on consent;
- Non-discrimination: not be subjected to discrimination for exercising rights.
If you are a Claimant, please direct privacy requests to the law firm that is administering your settlement. They are the controller of your information and can respond directly or instruct us to assist. If you cannot reach the firm, you may contact us at privacy@groupsettle.com and we will route your request appropriately.
If you are a law firm representative or prospect, contact us at privacy@groupsettle.com and we will respond within the timeframes required by applicable law.
You may also appeal a denied request as provided by applicable law.
10. Children's Privacy
The Platform is not directed to children under 13, and we do not knowingly collect information from children. If you believe a child has provided information through the Platform, contact us at privacy@groupsettle.com and we will take appropriate action.
11. International Data Transfers
The Platform is operated from the United States. If you access the Platform or are a Claimant in connection with a Matter that involves data subject to non-U.S. privacy law, your information may be transferred to and processed in the United States. Where transfers from the European Economic Area, the United Kingdom, or Switzerland are necessary, we rely on appropriate transfer mechanisms recognized under applicable law and provide additional safeguards on request.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date above reflects when changes were made. For material changes, we will provide reasonable advance notice through the Platform or by email to Clients before the changes take effect.
13. Contact Us
Questions, requests, or complaints about this Policy or our handling of information can be sent to:
GroupSettle
Privacy: privacy@groupsettle.com
Legal: legal@groupsettle.com
Web: massarb.groupsettle.com