Security
Built around low-risk use.
SettleRoute is designed to reduce risk by avoiding accounts, sensitive document storage, and uncontrolled external links.
Low-data design
The app does not require login credentials and does not ask users to upload sensitive documents. Checklist progress is stored locally on the user’s device.
External link safety
SettleRoute uses an approved-source approach for official links. Before an external link opens, the app checks whether the destination domain is on the approved source list.
- Only approved HTTPS domains are allowed.
- Unknown domains are blocked.
- Non-HTTPS links are blocked.
- The destination is shown before the user leaves the app.
- Map links are generated by the app rather than stored as arbitrary third-party URLs.
Approved source types
The Cardiff pilot uses official-source categories such as:
- Local council sources
- National government sources
- NHS Wales and health authority sources
- Transport provider sources
- Public service and support sources
Reporting security or link concerns
If you notice a suspicious link, outdated source, incorrect destination, or security concern, contact: feedback@settleroute.app
Please do not send passwords, identity documents, bank documents, or other sensitive personal documents by email.