Legal
Privacy Policy
Effective date: March 20, 2026
1. Information We Collect
We collect information that is reasonably necessary to provide and secure UserLayer. This may include your account identifiers, email address, profile metadata, API key associations, billing settings, application URLs you submit, prompts or questions you provide, request metadata, usage records, and related service logs.
We may also collect device, session, and browser information used to maintain authentication state, prevent abuse, diagnose failures, and improve reliability.
2. Payment and Billing Information
When you purchase Credits, enable Auto Top-up, or open the Stripe Customer Portal, we process the minimum payment-related information needed to support those actions, including Stripe customer references, payment status, invoice or checkout records, and saved default payment method references.
We do not store full card numbers or sensitive payment credentials in our own application database. Payment information is handled by Stripe subject to Stripe’s own terms and privacy commitments.
3. How We Use Information
We use collected information to authenticate users, issue and manage API keys, process requests, retrieve review data, generate analysis results, support follow-up queries, process billing, enforce limits, support automatic top-ups, investigate abuse, and operate the service.
We may also use service data and logs for debugging, reliability improvements, fraud prevention, security monitoring, product analytics, and customer support.
4. Third-Party Processing
UserLayer currently relies on third-party services for authentication and data infrastructure, payments and billing portal functionality, hosting, observability, and model execution. This includes providers such as Supabase and Stripe, as well as infrastructure or model providers involved in serving API requests.
The application links, prompts, and related context you submit may be processed by those providers to the extent necessary to provide the service.
5. Cookies, Sessions, and Local Storage
We and our authentication providers may use cookies, local storage, session tokens, and similar technologies to maintain sign-in state, secure accounts, prevent abuse, and enable features such as the dashboard and billing portal flows.
6. Data Retention
We retain account information, usage logs, billing records, and operational logs for as long as reasonably necessary to provide the service, comply with legal or accounting obligations, resolve disputes, enforce agreements, prevent abuse, and protect service integrity.
Different data categories may be retained for different periods depending on operational, security, and legal requirements.
7. Data Sharing and Disclosure
We do not sell your personal information. We may share necessary information with service providers acting on our behalf, with payment processors and infrastructure providers, or when required to comply with law, legal process, or valid governmental requests.
We may also disclose information when we believe it is reasonably necessary to protect our rights, protect users, investigate fraud or abuse, or respond to a merger, acquisition, financing, or asset transfer.
8. International Transfers and Security
Because our infrastructure and service providers may operate in multiple jurisdictions, your information may be transferred to, processed in, or stored outside your home country.
We use reasonable technical and organizational measures intended to protect information. However, no internet or software-based service can guarantee absolute security, and you remain responsible for protecting your own credentials and API keys.
9. Your Choices and Rights
You may manage parts of your account, payment methods, and API keys through the dashboard and Stripe Customer Portal. You may also contact us to request account updates, account deletion, or assistance with privacy-related questions.
Some information may be retained where required for billing, fraud prevention, legal compliance, security, or dispute resolution.
10. Children’s Privacy
UserLayer is not directed to children, and we do not knowingly collect personal information from children in violation of applicable law. If you believe a child has provided personal information to us improperly, please contact us so we can take appropriate steps.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we may revise the effective date and publish the updated version on this page. Your continued use of the service after the updated policy becomes effective constitutes acceptance of the updated policy.
12. Contact
If you have questions or requests regarding privacy or data handling, contact us at silic2023@gmail.com.