The short version: We only collect what we need to settle your transaction. We never sell your data. All PHI stays inside our HIPAA-compliant boundary. You have the right to request deletion at any time.
1. Who We Are
Shteg AI, Inc. ("Shteg," "we," "us," or "our") operates the Shteg settlement platform at shteg.ai and all associated services. We provide atomic payment settlement infrastructure for healthcare, real estate, estates, business, courts, insurance, legal, and municipal industries.
Contact: privacy@shteg.ai | Shteg AI, Inc., United States
2. What We Collect
Information you provide
- Identity information: name, email, phone number, government ID (for KYC verification)
- Financial information: bank account details (via Plaid — we never store raw account numbers), settlement amounts, transaction history
- Professional information: NPI numbers, bar numbers, license numbers for regulated professionals
- Healthcare information: where required for healthcare settlement (PHI — governed by HIPAA)
- Property information: addresses, parcel IDs, deed information for real estate settlements
Information collected automatically
- IP address, browser type, device type, access timestamps
- Settlement transaction logs (required for audit and compliance)
- API request logs (retained for 90 days for security monitoring)
3. How We Use Your Data
- Settlement execution: To verify identity, confirm counterparties, and execute FedNow settlement
- Compliance: To meet HIPAA, AML/BSA, NACHA, and applicable state regulatory requirements
- Fraud prevention: OFAC screening, PEP scoring, lien checks, and idempotency validation
- Audit trail: Immutable SHA-256 settlement chain maintained for legal and regulatory purposes
- Service communications: Transaction confirmations, settlement updates, security alerts
We do not: sell your data, share it with advertisers, use it for behavioral profiling, or send it to third-party AI providers for training.
4. HIPAA — Protected Health Information (PHI)
For healthcare settlement transactions, Shteg functions as a HIPAA Business Associate. PHI is:
- Processed exclusively within Google Cloud's HIPAA-compliant environment
- Never shared with non-HIPAA-compliant third parties
- Encrypted with AES-256-GCM at rest and TLS 1.3 in transit
- Accessible only to parties with a legitimate treatment, payment, or operations purpose
A Business Associate Agreement (BAA) is available for covered entity partners. Contact compliance@shteg.ai.
5. Data Sharing
We share your data only with:
- Settlement counterparties: Information necessary to complete your specific transaction
- Financial partners: Plaid (bank verification), Modern Treasury (FedNow execution) — each bound by their own compliance programs
- Identity verification: Alloy (KYC/AML) — bound by confidentiality agreements
- Legal authorities: When required by court order, subpoena, or applicable law
- Google Cloud: Our infrastructure provider — all data stays within GCP boundary
6. Data Retention
Settlement records are retained for 7 years as required by BSA/AML regulations. PHI retention follows HIPAA guidelines (minimum 6 years). API logs are retained for 90 days. You may request deletion of non-regulatory data at any time.
7. Your Rights
- Access: Request a copy of what we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of non-regulatory data
- Portability: Receive your data in a machine-readable format
- Opt-out: Opt out of non-essential communications
California residents have additional rights under CCPA. To exercise any right, email privacy@shteg.ai.
8. Security
See our Security page for full technical details. In summary: AES-256-GCM encryption, TLS 1.3 in transit, GCP Cloud KMS key management, zero-trust architecture, and immutable audit logging.
9. Cookies
We use minimal session cookies for authentication and security. We do not use advertising cookies or third-party tracking. See our Cookie Policy.
10. Changes to This Policy
We will notify you of material changes via email and by updating the "Last updated" date above. Continued use of the platform after changes constitutes acceptance.
11. Contact
Questions about this policy: privacy@shteg.ai
Data subject requests: privacy@shteg.ai
Security disclosures: security@shteg.ai