Privacy Policy

How we collect, use, share, retain, and protect personal information about our customers, the parties named in cases, and the field process servers who work through our platform.

Last reviewed
2026-05-20
Editorial owner
Compliance & Legal

Draft — pending counsel review

This page is published in good faith and reflects our intended practices, but the final binding version is in legal review. Customers signing an MSA should request the latest executed copy from legal@servdlegal.ai.

1. Who we are

Servd is operated by ServeAxis Technology LLC (“Servd,” “we,” “us”). We provide a software platform that helps law firms, pro se litigants, and process servers manage the service-of-process workflow. Contact us at privacy@servdlegal.ai.

2. Data we collect

About customers (firms + consumers)

  • Account: name, business name, email, phone, billing address, role.
  • Case data you submit: court name, case number, party names + addresses, uploaded complaints / summons / subpoenas / supporting documents.
  • Payment: handled by Square; we store only the last four digits + brand.
  • Communications: messages between you and our AI, our staff, and assigned servers.
  • Product telemetry: pages viewed, features used, error reports — collected via Sentry and PostHog with PII masking on by default.

About parties named in cases (defendants, deponents, etc.)

  • Identity + contact details our customer provided: name, addresses, phone, employer.
  • Service attempt evidence: GPS-stamped photos, voice transcripts, attempt outcome, declarant's observations.
  • Skip-trace results, when our customer requested skip trace.

About process servers (independent contractors)

  • Onboarding: name, address, phone, government ID, process server license, bond, E&O insurance, auto insurance, bank account for payouts.
  • Background-check results via Checkr.
  • Service area, working hours, vehicle.
  • Performance data: cases assigned, attempts logged, affidavit quality, tier.

3. How we use it

  • Operate the platform — quoting, dispatch, payment, payout, affidavits.
  • Verify identity + insurance + license for process servers.
  • Detect fraud / misuse / unauthorized practice of law via automated and human review.
  • Provide AI-assisted features (drafting, intake, dispatch suggestions, document parsing) via the providers listed in our Subprocessors page.
  • Respond to legal process — see Section 6.

4. How we share it

  • With process servers — only the case data they need for the assigned service (defendant name + address, documents to deliver, your case number).
  • With our subprocessors — see the live list. They process data on our instructions only.
  • With law enforcement / courts when legally required, or with your written consent.
  • With a successor in a merger or acquisition; we will give notice before any material change in how your data is handled.
  • We do not sell personal information as defined by CCPA / CPRA, and we do not use customer data to train foundation models. Prompts and outputs may be logged in redacted form for security, debugging, and audit.

5. Retention

Per our published retention windows:

  • Case records + affidavits — 7 years (longer if a legal hold applies).
  • AI tool-call logs — 2 years, then redacted or deleted.
  • Audit log — 7 years, immutable.
  • Sentry session replay — 30 to 90 days, with all input text + media masked.
  • PostHog product analytics — 12 to 24 months, deletable on request.
  • Upload chunks (incomplete multipart) — 24 to 72 hours, then auto-purged.

6. Your rights

California (CCPA / CPRA), Virginia (VCDPA), Colorado (CPA), Connecticut, and other US-state residents have the right to access, correct, delete, and limit use of personal information. EU / UK residents have the rights under GDPR / UK GDPR. To exercise any right, email privacy@servdlegal.ai. We respond within the statutory window (45 days for CCPA, 30 days for GDPR; we may extend once with notice). We do not discriminate against people who exercise these rights.

7. Security

See our public Security overview. In short: TLS in transit, vendor-managed encryption at rest (Neon / Cloudflare R2), Postgres Row-Level Security for tenant isolation, immutable audit logs, redaction of secrets and direct identifiers before they reach Sentry / PostHog / AI providers.

8. International transfers

Servd operates from the United States. If you access the service from outside the US, your data is transferred to the US. For EU / UK customers we offer Standard Contractual Clauses + the UK addendum on request — see our DPA.

9. Children

Servd is not directed to children under 13 (US) / 16 (EU). We do not knowingly collect personal information from minors except where a parent has named a minor party in a case and our customer represents that they have lawful authority to do so.

10. Changes

We will post material changes here and, where required, notify you by email. The “Last reviewed” date above is canonical.