Privacy policy
Privacy Policy
This policy explains how ABVentures SAS processes personal data when operating Layerz.
Effective date: 2026-06-26
Controller and contact
ABVentures SAS, 60 RUE FRANCOIS IER, 75008 PARIS, France, is the controller for the personal data described in this policy. Contact: [email protected].
Data we process
- Account data such as email, name and avatar from authentication providers.
- Authentication and session cookies.
- Billing, customer, subscription and invoice data handled with Stripe.
- Financial models, uploaded or imported files, mappings, formulas, outputs and exports.
- Model changes made by your own AI agent (for example Claude) when you connect it over MCP or the API. The agent acts under your own AI account; Layerz stores and serves the resulting model and does not run AI on your data on your behalf.
- API key metadata, usage logs, rate-limit data, support messages and admin communications.
- Technical logs, security events, Sentry errors and Vercel Analytics events.
Purposes and legal bases
- Contract performance: account access, app features, model storage, collaboration, exports, API access and subscriptions.
- Legal obligations: invoicing, accounting, tax, security and compliance records.
- Legitimate interests: service reliability, security, abuse prevention, debugging and product improvement.
- Consent: non-essential cookies or analytics where consent is legally required.
Recipients and subprocessors
Data may be processed by infrastructure, authentication, billing, email and observability providers used to operate the service, including Supabase, Vercel, Stripe, Sentry, Resend and Google/Supabase Auth.
AI providers are not Layerz subprocessors. When you connect your own AI agent, any AI processing happens under your own AI account and is governed by your agreement with that provider, not by Layerz.
AI processing and training
Layerz does not train any AI model on your data, and does not send your model content to AI providers. AI processing only happens when you connect your own AI agent, under your own AI account. In that setup the agent reads and writes your model through MCP or the API, and Layerz stores and serves the result.
International transfers
Some providers may process data outside the European Economic Area. Where required, transfers rely on appropriate safeguards such as adequacy decisions, standard contractual clauses or equivalent mechanisms.
Retention
Account and model data are kept while your account is active or as needed to provide the service. Billing records are kept for legal accounting periods. Logs, API and MCP request audit records, support messages and backups are kept for limited periods appropriate to security, debugging, audit and legal needs.
Your rights
Depending on applicable law, you may request access, rectification, deletion, restriction, portability, objection and withdrawal of consent. You may also lodge a complaint with the CNIL. To exercise rights, contact [email protected].
Security
Layerz uses access controls, authenticated sessions, API key protections, row-level security patterns, encryption in transit, restricted admin access and log redaction. No online service can be guaranteed completely secure.