← Back to Layer UI

Privacy Policy

Last updated: May 10, 2026

1. Introduction

Layer UI ("we," "our," or "us") operates the Layer UI platform, including the web application at layerui.io and associated mobile applications (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

For users in the European Economic Area (EEA) and United Kingdom, we process personal data in accordance with the General Data Protection Regulation (GDPR) and applicable national laws. Our legal bases for processing include contract performance, legitimate interests, legal obligation, and — where required — your consent.

2. Data We Collect

Information you provide

  • Account data: name, email address, and password when you register.
  • Workspace content: tasks, notes, CRM records, messages, and files you create or upload inside Layer UI.
  • Billing data: payment method details collected and stored by Stripe — we do not store full card numbers on our servers.
  • Communications: messages you send to our support team.

Information collected automatically

  • Usage data: pages visited, features used, timestamps, and actions taken within the Service.
  • Device & log data: IP address, browser type and version, operating system, device identifiers, and crash reports.
  • Cookies and similar technologies: session identifiers, preference cookies, and analytics pixels as described in Section 7.

Information from third parties

  • If you sign in via a third-party OAuth provider (e.g., Google), we receive your name and email address from that provider.
  • Stripe may share transaction metadata with us for billing reconciliation.

3. How We Use Data

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Process transactions and send related billing communications.
  • Authenticate users and secure accounts.
  • Improve, personalise, and expand the Service based on aggregate usage patterns.
  • Power AI features — your workspace content may be processed by AI models to generate suggestions; we do not use your content to train external models without explicit consent.
  • Send transactional emails (password resets, invoices, security alerts) and — with your consent — product updates.
  • Investigate abuse and enforce our Terms of Service.
  • Comply with legal obligations.

4. Data Sharing

We do not sell your personal data. We share data only in the following circumstances:

Sub-processors / Third-party service providers

ProcessorPurposeData Shared
StripePayment processingName, email, billing address, payment method
SupabaseDatabase, authentication, file storageAll user and workspace data at rest
VercelWeb application hosting and CDNRequest logs, IP addresses
Expo / AppleiOS/Android app distribution and push notificationsDevice token, OS version, push notification payload

Legal requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency). We will notify you of such requests unless prohibited by law or a court order.

Business transfers

If we are involved in a merger, acquisition, or asset sale, your data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

5. Data Retention

We retain personal data only for as long as necessary to provide the Service and fulfil the purposes described in this policy.

  • Active accounts: data is retained for the duration of your account.
  • Deleted accounts: workspace content and personal data are deleted within 30 days of account deletion, except where we must retain data to comply with legal obligations (e.g., billing records for up to 7 years for tax purposes).
  • Backups: deleted data may persist in encrypted backups for up to 90 days before being purged.
  • Analytics: aggregated, anonymised usage data may be retained indefinitely.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure:request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
  • Portability: receive your data in a structured, machine-readable format (JSON or CSV) and transmit it to another controller.
  • Restriction of processing: request that we limit how we use your data in certain circumstances.
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email privacy@layerui.io. We will respond within 30 days. If you are an EEA resident and believe we have not adequately addressed your request, you have the right to lodge a complaint with your local supervisory authority.

7. Cookies

We use cookies and similar tracking technologies to operate and improve the Service.

  • Strictly necessary: session tokens required to keep you logged in. Cannot be disabled.
  • Functional: remember your preferences (theme, language, sidebar state).
  • Analytics: anonymised page-view and feature-usage data to help us improve the product. You may opt out via your browser settings or a consent banner.

Most browsers allow you to refuse cookies or delete existing ones. Blocking strictly necessary cookies will impair functionality.

8. Security

We implement administrative, technical, and physical safeguards designed to protect your data:

  • Data encrypted in transit via TLS 1.2+ and at rest via AES-256.
  • Row-level security (RLS) policies enforced at the database layer so workspace data is isolated per tenant.
  • Access to production systems restricted to authorised personnel with multi-factor authentication.
  • Regular security reviews and dependency audits.

No method of transmission over the Internet is 100% secure. If you believe your account has been compromised, contact us immediately at privacy@layerui.io.

9. Children's Privacy

The Service is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us at privacy@layerui.io and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will notify you by email or via an in-app notice at least 14 days before the change takes effect. Continued use of the Service after that date constitutes acceptance of the updated policy.

11. Contact

For any questions, requests, or concerns about this Privacy Policy or how we handle your data, please contact our privacy team:

Layer UI — Privacy

Email: privacy@layerui.io

We respond to all privacy requests within 30 days.

HomeHelp & Supportprivacy@layerui.io