StrikeServe Privacy Policy
Last updated: May 28, 2026 Effective: May 28, 2026
1. Introduction
This Privacy Policy explains how StrikeServe LLC, a Delaware limited liability company doing business as "StrikeServe" (together with its California subsidiary, California Legal Express LLC, collectively "StrikeServe," "we," "us," or "our"), collects, uses, shares, and protects personal information when you use the StrikeServe mobile application, our web platform at strikeserve.com, and the related services we provide to process servers, agencies, and law firms (collectively, the "Service").
StrikeServe is a software platform built for the process serving industry. We have two main groups of users:
- Process Servers — independent contractors who use the mobile app to fulfill service-of-process jobs.
- Agencies and Law Firms — business customers who assign jobs, review evidence, and manage operations through our web platform.
We also handle personal information about a third group — the defendants, witnesses, and other recipients named in legal documents that our customers ask us to serve. We describe that arrangement in Section 2.3.
If you are a California resident, Section 7 describes the additional rights you have under the California Consumer Privacy Act ("CCPA"), as amended by the California Privacy Rights Act ("CPRA").
If you have questions about anything in this policy, write to us at privacy@strikeserve.com or at the address in Section 13.
2. Information We Collect
We try to be exhaustive here. If we collect it, we want it listed.
2.1 Information from Process Servers (mobile app users)
When you create a process server account and use the StrikeServe mobile app, we collect:
Identity and contact information - Full name - Email address - Phone number - Business or service address
Professional credentials (required by California law and similar statutes) - Government-issued process server registration number - A photo of your registration card or county filing, used to verify that you are a licensed process server
Location information - Precise GPS location at the moment you log a service attempt. This is used to verify that service was attempted at the address on the job. It is captured only when you tap "Log Attempt" or a similar in-app action. - Background location during active shifts. This is optional and opt-in only. If you enable it, the app records location periodically while you are on shift so that route history can be reconstructed for evidence purposes. You can turn this off at any time in your device settings or in the app's privacy controls.
Photos and media - Photos you capture in the app of the location, the door, the recipient (where applicable), the vehicle, or other evidence relevant to the attempt. These photos are automatically watermarked with the GPS coordinates, the date and time, and the resolved street address. Photos are stored in Amazon Web Services (AWS) S3 in the us-west-2 region.
Voice (limited circumstances) - Voice during phone verification calls placed via Twilio, when used as a fallback for two-factor authentication. We do not retain recordings beyond what Twilio requires to deliver the call.
Device and technical information - iOS Identifier for Vendor (IDFV), used to associate the app installation with your account - Push notification tokens - Crash logs and error traces (via Sentry) - Basic app usage analytics — for example, which screens you viewed and which features you used (via Plausible, which does not use cookies and does not collect personal identifiers)
2.2 Information from Agencies and Law Firms (web and admin app users)
When you register an agency or law firm account, we collect:
Business information - Business name - Employer Identification Number (EIN) or equivalent tax identifier - Billing address
Account contact information - Name, email, and phone number of the primary account contact and any users you add
Payment information - Payment method details, processed and tokenized by Stripe. We do not store full card numbers or CVV codes on our systems; we store only the Stripe customer and payment-method tokens needed to charge you for the Service.
Job records you upload - The job records you create or upload, which typically include: - The defendant's or recipient's name - Service address(es) - Court information and case number - Plaintiff and attorney information - Any special instructions or background you provide
2.3 Information About Third Parties (defendants and recipients of legal process)
Process serving exists to deliver legal documents to specific named individuals or entities. As a result, StrikeServe necessarily handles personal information about people who are not our users — typically defendants, respondents, witnesses, or other recipients named in legal documents.
The categories of information in this group can include:
- Name
- Service address(es), and sometimes home and work addresses
- Phone number, where provided
- Employer information, where relevant to service
- Vehicle make, model, color, and license plate, where relevant to identification
- Photographs taken at the time and place of service
This information is provided to us by the law firms and agencies that hire process servers — not collected from defendants or recipients directly. Process servers see this information so they can perform service. Agencies and the originating law firm see it to manage the matter.
For this category of personal information, StrikeServe acts as a service provider (processor) on behalf of the law firm or agency (the controller). We process it only on their instructions and only to provide the Service, as set out in our agreements with them.
3. How We Use Information
We use the information described above to:
- Operate and deliver the Service — authenticate users, assign jobs, log attempts, generate proofs of service, and produce the evidence files our customers need.
- Comply with court and statutory requirements — including documenting who served whom, when, where, and how. Service evidence is what makes the Service useful in the first place, and that evidence is regulated.
- Bill, invoice, and process payments — through Stripe, including chargebacks and refunds.
- Communicate with you — service-related messages, push notifications, SMS, and email about your account, your jobs, security events, and changes to the Service.
- Provide customer support — including investigating issues you report and reproducing bugs.
- Maintain security and prevent abuse — detect fraud, abuse, unauthorized access, and misuse of the Service; investigate suspicious activity.
- Improve the Service — diagnose crashes (Sentry), understand which features are used (Plausible), and prioritize improvements.
- Comply with our own legal obligations — including responding to lawful requests from courts and government authorities (see Section 5).
We do not use any of the information described in this policy to build advertising profiles, and we do not sell or share personal information for cross-context behavioral advertising. See Section 7.
4. Legal Basis for Processing
To the extent any law (including the GDPR-style frameworks some of our customers reference contractually) requires us to identify a legal basis for processing personal information, we rely on the following:
- Performance of a contract — to provide the Service to process servers, agencies, and law firms under our Terms of Service.
- Legitimate interests — to operate, secure, and improve the Service; prevent fraud; and produce the service-of-process evidence that is the core function of the platform. We balance these interests against the privacy interests of the individuals involved.
- Legal obligation — to comply with applicable laws, court orders, and registration requirements for process servers.
- Consent — for background location tracking during shifts, which is strictly opt-in. You can withdraw consent at any time by disabling the feature in the app or in your device settings.
5. How We Share Information
We share personal information only as described in this section.
5.1 Service providers (processors) we use to run StrikeServe
We use the following third-party providers to operate the Service. Each one is bound by a written agreement that restricts how they may use information we share with them.
| Provider | What they do for us | What they receive |
|---|---|---|
| Amazon Web Services (AWS), S3 | Storage of photos and uploaded documents (us-west-2 region) | Photos, watermark metadata, uploaded job documents |
| Railway | Application backend hosting | All data the backend processes |
| PostgreSQL (hosted via Railway) | Primary database | Account, job, attempt, and audit data |
| Stripe | Payment processing | Cardholder details and billing identifiers (Stripe stores card data, not us) |
| Twilio | SMS notifications and voice calls for phone-number verification | Phone numbers and message contents |
| SendGrid / Mailgun | Transactional email delivery | Email addresses and message contents |
| Apple MapKit JS | Mapping and address resolution | Location and address queries are processed by Apple under Apple's terms |
| Sentry | Crash reporting and error tracking | Error traces, device metadata, sometimes user identifiers tied to a crash |
| Plausible | Privacy-respecting product analytics (no cookies, no personal identifiers) | Aggregate, non-identifying usage events |
| Cloudflare | Content delivery and DDoS protection | Standard network metadata (IP, request headers) |
5.2 Between our users, by design
The Service is built so that: - Agencies and law firms can see the jobs they own and the attempts performed against those jobs, including evidence captured by process servers assigned to them. - Process servers can see only the jobs assigned to them and their own attempt history.
That sharing is the product, not a side effect.
5.3 Law enforcement, courts, and legal process
We may disclose information when we have a good-faith belief that doing so is required to comply with a lawful subpoena, court order, warrant, or other legal process; to protect the rights, property, or safety of StrikeServe, our users, or the public; or to enforce our Terms of Service. Where allowed, we will notify the affected user before disclosure.
5.4 Corporate transactions
If StrikeServe is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred as part of that transaction. We will require any successor to honor this Privacy Policy with respect to the data they receive, or provide notice and the ability to object before any materially different practices apply.
5.5 Sale or sharing for cross-context behavioral advertising
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising, as those terms are defined under California law.
6. Data Retention
We retain personal information for the periods described below, or as required by law:
- Service evidence (photos, GPS coordinates, attempt logs, proofs of service): seven (7) years from the date of the attempt. Proofs of service can be challenged in court long after the underlying matter concludes, and this retention period reflects the longest commonly applicable statute of limitations for those challenges.
- Active account data (process servers and agency/law firm users): for as long as your account is active, plus up to three (3) years after closure for audit, dispute resolution, and tax purposes.
- Background location data (if you opted in): up to ninety (90) days, unless it has been attached to a specific attempt as evidence, in which case it follows the 7-year evidence retention period.
- Crash logs and analytics: up to thirteen (13) months.
- Billing and payment records: at least seven (7) years, to meet tax and financial recordkeeping requirements.
When retention periods expire, we delete or de-identify the information.
7. Your California Privacy Rights (CCPA / CPRA)
This section applies to California residents and provides the disclosures and rights required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act.
This Section also serves as StrikeServe's Notice at Collection under Cal. Civ. Code §1798.100(b), provided to you at the time you create an account or otherwise provide personal information to StrikeServe.
7.1 Categories of personal information we collect
In the twelve (12) months before the effective date of this policy, we have collected the following categories of personal information defined by California law:
| Category (CCPA / CPRA) | Examples we collect | Source |
|---|---|---|
| Identifiers | Name, email, phone, account ID, IDFV, IP address | You, your device |
| Customer records (Cal. Civ. Code § 1798.80) | Billing address, payment method tokens, business address | You, Stripe |
| Commercial information | Subscription plan, jobs ordered, transaction history | You, our systems |
| Internet or network activity | App usage events, crash reports, request metadata | Your device, our infrastructure |
| Geolocation, including precise geolocation | GPS coordinates at attempt; opt-in background location | Your device |
| Audio, electronic, visual information | Photos captured in the app, voice (during phone verification calls via Twilio, when used) | You, Twilio |
| Professional or employment-related information | Process server registration number and card | You |
| Inferences | None used for profiling that produces legal or similarly significant effects | — |
| Sensitive personal information (CPRA) | Precise geolocation; account credentials | You, your device |
7.2 Categories of sources
We collect personal information from you, your device, the agencies and law firms you work with, and the service providers listed in Section 5.1.
7.3 Business or commercial purposes
We use each category above for the purposes listed in Section 3.
7.4 Categories disclosed to third parties
In the twelve (12) months before the effective date of this policy, we disclosed the categories of personal information listed above to the service providers identified in Section 5.1 for the purposes described in this policy. We have not sold personal information and have not shared it for cross-context behavioral advertising.
7.5 Your rights
If you are a California resident, you have the following rights:
- Right to know. You can request the specific pieces of personal information we have collected about you, the categories of personal information we have collected, the categories of sources, the business or commercial purposes for collecting it, and the categories of third parties to whom we have disclosed it.
- Right to delete. You can request that we delete personal information we have collected from you, subject to certain exceptions — most importantly the legal-evidence and recordkeeping obligations described in Section 6.
- Right to correct. You can request that we correct inaccurate personal information we maintain about you.
- Right to opt out of the sale or sharing of personal information. We do not sell or share personal information, so there is nothing to opt out of, but you have this right.
- Right to limit the use and disclosure of sensitive personal information. You can ask us to limit our use of sensitive personal information (in our case, precise geolocation and account credentials) to what is necessary to provide the Service. Because most of our sensitive PI processing — verifying that you were at the service address — is necessary to provide the Service, this right will not change much in practice, but you may still exercise it.
- Right to non-discrimination. We will not deny you the Service, charge you a different price, or provide a different level of service because you exercised any of these rights.
7.6 How to exercise your rights
You can exercise any of these rights by:
- Submitting our online request webform at https://strikeserve.com/privacy/request,
- Emailing privacy@strikeserve.com with the subject line "CCPA Request," or
- Calling us toll-free at +1 866-811-1141.
We will need to verify your identity before responding. For account holders, we typically verify by matching information you provide to information in your account. We will respond within the time required by law (currently 45 days, with one 45-day extension if needed).
You may use an authorized agent to submit a request on your behalf. We will require written proof of the agent's authorization and may also need to verify your identity directly.
7.7 Notice of financial incentive
We do not offer financial incentives or price differences in exchange for personal information.
7.8 "Shine the Light" (Cal. Civ. Code § 1798.83)
We do not share personal information with third parties for their own direct marketing purposes.
7.9 Do Not Sell or Share My Personal Information
Do Not Sell or Share My Personal Information
StrikeServe does not sell personal information and does not share personal information for cross-context behavioral advertising, as those terms are defined under California law. Because there is no such sale or sharing, there is nothing for you to opt out of. We nonetheless honor Global Privacy Control (GPC) signals as a valid opt-out request consistent with Cal. Civ. Code §1798.135(b)(1), and we will treat any GPC signal we receive as an instruction not to sell or share personal information should our practices ever change.
8. Children's Privacy
The Service is intended for businesses and licensed professionals. It is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact privacy@strikeserve.com and we will delete it.
9. International Data Transfers
StrikeServe operates primarily in the United States. Our production data is hosted in the AWS us-west-2 region (Oregon) and via Railway's US infrastructure. If you access the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.
10. Security
We take security seriously, particularly given the legal evidentiary nature of what we store. Our safeguards include:
- Encryption in transit — all connections to the Service use TLS.
- Encryption at rest — AWS-managed encryption for stored photos and documents; database encryption at rest for Postgres.
- Multi-factor authentication (MFA) required for all StrikeServe staff with administrative access to production systems.
- Presigned, expiring URLs — photos served from S3 use short-lived presigned URLs so that links cannot be reused or shared indefinitely.
- Least-privilege access controls for staff, with logging of administrative actions.
- Patch management and dependency monitoring on our backend services.
No system is perfectly secure. If we ever experience a security incident affecting your personal information, we will notify affected users without undue delay and no later than required by Cal. Civ. Code §1798.82 (typically within the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement).
11. Cookies and Tracking
The StrikeServe web platform uses cookies sparingly:
- Authentication session cookies — required to keep you logged in. These are first-party and expire when your session ends or you log out.
- Analytics — we use Plausible, a cookie-free analytics product that does not set cookies, does not collect personal identifiers, and does not fingerprint visitors.
- No advertising cookies. We do not run advertising on the Service, and we do not place advertising or tracking cookies.
The mobile app does not use web cookies. It uses standard iOS identifiers (IDFV) and your account credentials to authenticate sessions.
Because we do not sell personal information and do not engage in cross-context behavioral advertising, we do not currently respond to "Do Not Track" browser signals in any special way, but we honor the Global Privacy Control (GPC) signal as a valid opt-out request for any future processing that might qualify.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will:
- Email the address on file for each account, and
- Display an in-app banner the next time you open the app or sign in to the web platform.
The "Last updated" and "Effective" dates at the top of this policy will always reflect the most recent revision. Continued use of the Service after the effective date of a change means you accept the updated policy.
13. Contact Us
If you have questions, requests, or concerns about this Privacy Policy or our handling of personal information, contact us:
StrikeServe LLC Attn: Privacy 2110 K St Sacramento, CA 95816-4921
Email: privacy@strikeserve.com
For California privacy rights requests, please use the subject line "CCPA Request" when emailing us, or mark your envelope "CCPA Request" when writing.
14. Governing Law
This Privacy Policy is governed by the laws of the State of Delaware, except that California residents retain all rights and protections afforded by California law, including the California Consumer Privacy Act as amended.