Trust Center

How Setell earns your trust.

Setell handles sensitive business data — customer emails, quotes, invoices, and financial integrations. The pages below describe exactly how that data is protected, processed, and shared.

Documents

Privacy, security & legal

The canonical references for how Setell handles customer data. Each page is reviewed at least annually and version-stamped at the top.

What data we collect, why we collect it, how we use it, and your rights under GDPR and CCPA.

Read the policy →

Security

How we protect customer data — encryption, access controls, infrastructure, monitoring, and incident response.

Read the policy →

Data Processing Addendum

The standard terms under which Setell processes personal data on behalf of customers, including GDPR Article 28 obligations.

Read the DPA →

Sub-Processors

The service providers Setell uses to operate its platform. Each is bound by a signed Data Processing Addendum.

View the list →

The legal terms governing your use of Setell.

Read the terms →

Compliance Posture

Where Setell stands

An honest snapshot of Setell's compliance status. Anything marked “In Progress” or “On Roadmap” is not yet a current attestation; we describe it here so customers and assessors can see the trajectory.

GDPR

Compliant

Full compliance with the General Data Protection Regulation, including documented Data Subject rights, Data Processing Addenda with sub-processors, and Standard Contractual Clauses for international transfers.

CCPA / CPRA

Compliant

Full compliance with the California Consumer Privacy Act and California Privacy Rights Act, including consumer rights, data disclosure requirements, and opt-out mechanisms.

CASA Tier 2

In Progress

Setell is undergoing the Google Cloud Application Security Assessment (CASA) Tier 2 verification, including independent lab assessment. Letter of Validation expected Q3 2026.

Google OAuth Verification

Verified

Setell has completed Google's OAuth verification, confirming compliance with the Google API Services User Data Policy, including the Limited Use requirements.

SOC 2 Type II

On Roadmap

SOC 2 Type II audit is on Setell's compliance roadmap, targeted for 2027. Setell's primary infrastructure providers (AWS, Neon, Stripe) are already SOC 2 Type II certified.

PCI DSS

N/A (Stripe)

Setell does not store, process, or transmit credit card data directly. All payment processing is handled by Stripe, which is PCI DSS Level 1 certified.

Contact

Get in touch

For privacy, security, vendor due diligence, or compliance questions, reach out using the addresses below. We respond to privacy and security inquiries within 72 hours.

Security concerns & vulnerability reportssecurity@setell.ai

Privacy & data rightsprivacy@setell.ai

Sub-processor change updatessubprocessor-updates@setell.ai

General inquirieshello@setell.ai

Trust center last updated: May 19, 2026.