Privacy policy

Privacy Policy

This policy explains how ABVentures SAS processes personal data when operating Layerz.

Effective date: 2026-06-26

Controller and contact

ABVentures SAS, 60 RUE FRANCOIS IER, 75008 PARIS, France, is the controller for the personal data described in this policy. Contact: [email protected].

Data we process

  • Account data such as email, name and avatar from authentication providers.
  • Authentication and session cookies.
  • Billing, customer, subscription and invoice data handled with Stripe.
  • Financial models, uploaded or imported files, mappings, formulas, outputs and exports.
  • Model changes made by your own AI agent (for example Claude) when you connect it over MCP or the API. The agent acts under your own AI account; Layerz stores and serves the resulting model and does not run AI on your data on your behalf.
  • API key metadata, usage logs, rate-limit data, support messages and admin communications.
  • Technical logs, security events, Sentry errors and Vercel Analytics events.

Recipients and subprocessors

Data may be processed by infrastructure, authentication, billing, email and observability providers used to operate the service, including Supabase, Vercel, Stripe, Sentry, Resend and Google/Supabase Auth.

AI providers are not Layerz subprocessors. When you connect your own AI agent, any AI processing happens under your own AI account and is governed by your agreement with that provider, not by Layerz.

AI processing and training

Layerz does not train any AI model on your data, and does not send your model content to AI providers. AI processing only happens when you connect your own AI agent, under your own AI account. In that setup the agent reads and writes your model through MCP or the API, and Layerz stores and serves the result.

International transfers

Some providers may process data outside the European Economic Area. Where required, transfers rely on appropriate safeguards such as adequacy decisions, standard contractual clauses or equivalent mechanisms.

Retention

Account and model data are kept while your account is active or as needed to provide the service. Billing records are kept for legal accounting periods. Logs, API and MCP request audit records, support messages and backups are kept for limited periods appropriate to security, debugging, audit and legal needs.

Cookies and telemetry

Layerz uses necessary cookies for authentication and security. It may use Vercel Analytics and Sentry for audience measurement, reliability and error monitoring. Non-essential tracking will be consent-gated when required by law.

Your rights

Depending on applicable law, you may request access, rectification, deletion, restriction, portability, objection and withdrawal of consent. You may also lodge a complaint with the CNIL. To exercise rights, contact [email protected].

Security

Layerz uses access controls, authenticated sessions, API key protections, row-level security patterns, encryption in transit, restricted admin access and log redaction. No online service can be guaranteed completely secure.

These pages are operational compliance text for the current product. Final legal copy should be reviewed by counsel before production reliance.