Loading your digital empire...
Last Updated: March 8, 2026
Welcome to Layter ("we," "us," or "our"), operated at layter.io. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your information when you use our AI-powered social media management platform and related services (collectively, the "Service").
This policy applies to users worldwide, including residents of the European Economic Area ("EEA"), the United Kingdom ("UK"), the United States, Canada, Australia, and New Zealand. Jurisdiction-specific rights are detailed in Section 10.
By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy. Where we rely on consent as a legal basis, we will obtain your consent before processing your data for that purpose.
When you create an account, we collect:
When you connect social media accounts, we collect:
We currently support connections to: Instagram, Facebook, TikTok, YouTube, Pinterest, and LinkedIn.
Payment card details are collected and processed exclusively by Stripe. We never receive, store, or have access to your full card number. We store only your Stripe customer ID and subscription ID to manage your billing relationship.
We use the information we collect for the following purposes:
| Purpose | Legal Basis (GDPR/UK GDPR) |
|---|---|
| Provide, maintain, and improve the Service | Contract performance |
| Schedule and publish content to your connected social media accounts | Contract performance |
| Generate AI-powered captions, video/image analysis, and recommendations using LayterVision™ | Contract performance |
| Generate and publish AI-powered blog content for SEO purposes | Legitimate interest |
| Process subscription payments and manage billing | Contract performance |
| Send transactional emails (caption notifications, account updates) | Contract performance |
| Respond to support requests and communications | Contract performance / Legitimate interest |
| Monitor usage patterns and analyse trends to improve the Service | Legitimate interest |
| Detect, investigate, and prevent fraud and security incidents | Legitimate interest / Legal obligation |
| Comply with legal obligations and enforce our Terms of Service | Legal obligation |
| Web analytics via Google Analytics | Legitimate interest / Consent (where required) |
Our Service uses artificial intelligence to provide core functionality. When you use AI-powered features, the following processing occurs:
We may use AI to suggest optimal posting times based on aggregated, anonymised engagement patterns. No individual user data is shared for this purpose.
No Solely Automated Decisions with Legal Effect: Our AI features assist with content creation and scheduling but do not make decisions that produce legal effects or similarly significantly affect you. You always retain control over what content is published and when.
We do not sell your personal information. We share data only as described below:
We use the following third-party providers to operate the Service:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Database hosting, authentication, file storage | Account data, media files, OAuth tokens, all application data | United States |
| Vercel | Application hosting, serverless functions, cron jobs | Request data, IP addresses, server logs | United States (global edge) |
| Stripe | Payment processing, subscription management | Email, payment card details, billing address | United States |
| Google (Gemini AI) | AI content generation, image/video analysis | Uploaded media, text prompts, brand voice settings | United States |
| Tavily | SEO keyword research, SERP analysis | Search queries (no personal data) | United States |
| Resend | Transactional email delivery | Email address, notification content | United States |
| Google Analytics | Web analytics | Anonymised usage data, IP address (anonymised), device info | United States |
When you connect your accounts and schedule posts, we transmit your content (media, captions, metadata) to the respective platforms via their official APIs. Each platform processes your data under its own privacy policy:
We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on our Service before your information is transferred and becomes subject to a different privacy policy.
We retain your data for the following periods:
| Data Type | Retention Period |
|---|---|
| Account information | Until you delete your account |
| Social media OAuth tokens | Until you disconnect the account or tokens expire; immediately deleted on disconnection |
| Uploaded media files | Until you delete them or delete your account |
| Scheduled and published posts | Until you delete them or delete your account |
| AI-generated captions and history | Until you delete them or delete your account |
| Payment and billing records | As required by tax and accounting law (typically 7 years) |
| Audit and security logs | 12 months, unless required longer for legal purposes |
| Data deletion request records | 36 months (to demonstrate compliance) |
| Usage analytics (Google Analytics) | 14 months (Google Analytics default) |
When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law (e.g., billing records, audit trails). Media files stored in our cloud storage are permanently deleted upon account deletion.
We implement appropriate technical and organisational measures to protect your information, including:
No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Authentication session cookies (Supabase Auth), CSRF protection tokens for OAuth flows | Session / up to 7 days |
| Analytics | Google Analytics (_ga, _gid) to understand how visitors interact with our website | Up to 2 years |
You can control cookies through your browser settings. Disabling strictly necessary cookies may prevent you from using certain features of the Service. For Google Analytics, you can opt out by installing the Google Analytics Opt-out Browser Add-on.
Our Service is hosted in the United States via Vercel and Supabase. If you access the Service from outside the United States, your personal data will be transferred to, stored, and processed in the United States.
For EEA and UK residents: Where we transfer personal data outside the EEA/UK, we rely on appropriate safeguards including:
For Australian and New Zealand residents: By using the Service, you consent to the transfer of your personal information to the United States. We take reasonable steps to ensure that overseas recipients handle your information in accordance with the Australian Privacy Principles and the New Zealand Information Privacy Principles.
You can disconnect any social media account at any time from your dashboard. When you disconnect, we immediately revoke the OAuth token with the platform and delete it from our database.
We provide a compliant Data Deletion Callback endpoint as required by Meta. If you remove the Layter app from your Facebook or Instagram settings, Meta notifies us and we:
To request full deletion of your Layter account and all associated data, please email privacy@layter.io. We will process your request within 30 days, deleting all personal data except where retention is required by law.
Regardless of your location, you have the right to:
If you are located in the EEA or UK, you additionally have the right to:
If you are a California resident, you have the right to:
In the preceding 12 months, we have collected the categories of personal information described in Section 1. We have not sold personal information nor shared it for cross-context behavioural advertising.
Canadian users have the right to access, correct, and challenge the accuracy of their personal information. You may withdraw consent to the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions. Contact us at privacy@layter.io to exercise these rights.
Australian users have rights under the Australian Privacy Principles (APPs) including the right to access and correct your personal information, and to complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have breached the APPs. We take reasonable steps to ensure that personal information we hold is accurate, up-to-date, complete, and relevant.
New Zealand users have rights under the Information Privacy Principles (IPPs) including the right to access and request correction of your personal information. You may complain to the Office of the Privacy Commissioner if you believe we have interfered with your privacy. We collect personal information directly from you and only for lawful purposes connected to our functions.
To exercise any of these rights, please contact us at privacy@layter.io. We will respond within 30 days (or the timeframe required by your applicable law). We may need to verify your identity before processing your request.
Our Service is not directed to individuals under 16 years of age (or 13 in jurisdictions where this is the applicable age of digital consent). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@layter.io.
We may update this Privacy Policy from time to time. We will notify you of material changes by:
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of those changes, except where additional consent is required by law.
If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or have a complaint, please contact us at:
We aim to respond to all privacy enquiries within 30 days.