Compliance, security, and the lines we don't cross.
Servd handles legal documents on behalf of law firms and consumers. The procedural rules for how we collect, store, and act on that information are non-negotiable. Here's the map.
Regulatory framework
The statutes that bind our work.
CA BPC §22440
ServeAxis Technology LLC is registered as a process serving entity in California. Each individual server holds their own county registration under §22350. Servd does not operate in any state without the equivalent licensure on file.
CCP §2015.5
Every affidavit Servd produces satisfies the six elements of §2015.5: declarant identification, qualifications, facts, perjury statement, signature, and date and place. We do not generate affidavits any other way.
FCRA
Skip trace is performed only for litigation-support purposes — locating parties to active or imminent civil matters. We do not provide skip trace for employment, credit, tenant screening, or other consumer-report purposes regulated by the FCRA.
CCPA
California Consumer Privacy Act rights are honored on request. Email privacy@servdlegal.ai to request a copy of your data or to delete it. We respond within the 45-day statutory window. We do not sell data.
How we handle data
The technical controls behind every case and every transaction.
Encrypted at rest
All case data, attempt logs, and uploaded documents are encrypted at rest in our Neon Postgres database and Cloudflare R2 object storage. Sensitive fields (server bank account, identification) use column-level encryption.
Square-secured payments
Card data is collected by the Square Web Payments SDK and lives inside Square. Servd never sees a full PAN, never stores card numbers, and never has access to the cardholder data environment. We see receipt metadata and last-4.
Sentry error tracking
Every server and client error is captured by Sentry with PII scrubbing on the way in. We monitor production health continuously and investigate every red-flag event within the same business day.
Audit logs on every action
Each change to a case, assignment, attempt, affidavit, or payment is appended to an immutable audit log with user, timestamp, and action context. The audit trail supports malpractice insurance, bar inquiries, and court challenges to affidavit authenticity.
What Servd is and is not
The boundaries are not aspirational. They are operating constraints.
Servd is not a law firm.
We are a process-serving and legal-support service provider. We do not provide legal advice, evaluate cases, predict outcomes, recommend strategy, or fill out court forms beyond mechanical data entry. Using Servd does not create an attorney-client relationship.
We do not provide legal advice.
Our chat agent will explain procedural mechanics in plain language. It will not tell you whether to sue, who to sue, what to file, or how strong your case is. If you need legal advice, talk to a licensed attorney of your choosing or your court's self-help center. Servd does not match, refer, or recommend lawyers.
What's on every Servd affidavit
The CCP §2015.5 declarant language, signed by the server who performed the work, with a tamper-evident hash on every PDF we deliver.
Declarant identification
Server's full legal name, county registration number, and qualification statement under BPC §22350.
Facts of service
Defendant name, address, date and time, documents served, recipient description. Each fact generated from the verified field log.
Diligence record (for sub-service)
Each prior attempt logged by date, time, and result. GPS-stamped photos available on request for substituted-service motions.
Penalty-of-perjury clause
“I declare under penalty of perjury under the laws of the State of California that the foregoing is true and correct.” Generated verbatim every time.
Signature and hash-stamp
Signed by the server in-app via signature pad. PDF is then hash-stamped (SHA-256) for tamper evidence and delivered to the requesting firm or consumer.
Servd is AI-native. Here's the part you should read before trusting us with a case.
AI runs the chat, drafts the affidavit, suggests the dispatch, and indexes the law. But every legal output is grounded in cited statute, every refund / suspend / invoice edit requires admin confirmation, and every affidavit gets a human review before signing. We don't train models on your data. Ever.
- Your case data is never used to train any AI model. Not Servd's, not Anthropic's, not anyone's. Contractually enforced via Anthropic's commercial terms + our DPA.
- Every AI answer about service rules cites its source. Statute number, county rule, court form — clickable, verifiable. No bare assertions.
- Every affidavit is reviewed by a human before it leaves the platform. AI drafts. Humans sign off.
- Refund, suspend, and invoice changes require admin confirmation. AI proposes — the human in the loop approves. Hard-coded, not a prompt.
Claude for reasoning · never our own model
We use Anthropic's Claude (Opus / Sonnet / Haiku) for chat, document parsing, and voice-to-declaration transformation. We route via the the Portkey AI gateway for unified billing + observability. We do not train our own foundation model and we do not fine-tune on your case content.
RAG over 50-state law · grounded answers
Every state's service-of-process code (CCP, FRCP, state-specific rules), county local rules, and public case law on service is indexed and retrieved at query time. Claude reads the retrieved passages and answers with citations. If the source isn't in the index, the assistant says so — it does not invent.
Rules engine · not ML for legal logic
SLA breach detection, sub-service eligibility, CCP §2015.5 checklist, license expiry, and refund eligibility are hard-coded rules. Not learned, not probabilistic. The math is auditable end-to-end — you can read the code and prove the decision.
Human in the loop · ops review
Affidavits get human review before signature. Server applications get admin approval. Refund / suspend / invoice-edit actions surface a confirm modal in the admin console. AI proposes, humans confirm. The full audit log is retained for 7 years.
- ×Give legal advice or recommend a strategy
- ×Predict case outcomes
- ×Fill court forms beyond mechanical data entry
- ×Refer or recommend an attorney
- ×Issue refunds, suspend users, or modify invoices on its own
- ×Sign an affidavit without paralegal review
- ×Train on your case content
- ×Output a legal claim without a cited source
- 1Your input → encrypted in transit (TLS 1.3), persisted to our Postgres (Neon, US-East), encrypted at rest.
- 2AI inference → sent to Anthropic via the Portkey AI gateway for the duration of the call only. Anthropic does not retain or train on commercial-API content (see their commercial terms).
- 3Sensitive fields — SSN, full bank account, payment card — never leave our DB. Never sent to any AI provider.
- 4Logging → Braintrust captures every AI call (prompts, completions, latency) for quality review by our engineering team. Customer data inside those logs is redacted on a 30-day rolling window unless flagged for compliance review.
- 5Deletion → on account cancellation, we purge from Postgres within 30 days and from logs within 60. Required-by-law retention (affidavits, audit logs) is itemized in our DPA.
- Anthropic
- Foundation models (Claude Opus / Sonnet / Haiku)
- OpenAI
- GPT models for specialized tasks + transcription (Whisper)
- Braintrust
- LLM observability + quality review
In writing · the AI clause
The four pledges above appear verbatim in our DPA and ToS. Breach is a contractual remedy event. If you need this language added to your firm's vendor security questionnaire or a custom MSA, email legal@servdlegal.ai.
System status
Live operational health of Servd services — API, dispatch, payments, email.