Layercode Privacy Policy
Last Updated: 09/10/2025
This Privacy Policy (“Policy”) describes how and why we might collect, store, use, and/or share ("process") your information when you use our Services, such as when you visit our website or any website of ours that links to this Policy or engage with us in other related ways ― including any sales, marketing, or events. If you do not agree with our policies and practices, please do not use our Services. If there are any capitalized terms in this Policy that are not defined, then those terms will have the meaning defined in our Terms.
How we process your personal information
“Personal information” or “personal data” includes a broad range of information. Data protection laws around the world define this concept in different ways, but in general, we interpret it to mean any information that relates to an identifiable, living individual person.
Some data protection laws and privacy laws in certain jurisdictions differentiate between “controllers” and “processors” of personal information. A controller decides why and how to process personal information. A processor does not make decisions about personal information; it only processes personal information on behalf of a controller based on the controller's instructions.
If you are a customer of Layercode, we process your personal information in different ways when you use our Services:
We process your personal information as a customer of our Services — information that we refer to as Customer Account Data (e.g., your contact information) — when you visit Layercode's public-facing website; reach out to our Sales or Support teams; or sign up for a Layercode account and use our Services.
We process the personal information of your end users who use or interact with your application that you've built on Layercode's platform, like the people you communicate with by way of that application. This includes information we use to route audio and video calls and metadata about media streams — we refer to this information as “Customer Usage Data” — and it also includes the contents of communications, which we refer to as your “Customer Content”. You can see a more detailed definition of Customer Content in our Data Processing Addendum, which is part of our agreement with you.
Layercode processes these categories of personal information differently because the direct relationship we have with you, our customer, is different from the indirect relationship we have with your end users.
When Layercode processes your Customer Account Data and your Customer Usage Data, Layercode is acting as a controller.
When Layercode processes your Customer Content, we are acting as a processor.
If you are a visitor to our website, we collect a minimal amount of data about you (depending on how much you've chosen to share with us). This might be as little as an IP address or a cookie, and it might be your contact information. We consider this Customer Account Data.
If you are an end user of a Layercode customer, this Policy does not apply to the services that our customers provide to their end users. Our customers have their own policies regarding the collection, use, and disclosure of the personal information of their end users. If you are an end user of one of our customers and want to learn about how that customer handles your personal information, we encourage you to read the customer's privacy policy. Only the customer can assist you with requests for access or deletion.
Data about our customers
Layercode requires the minimal amount of data necessary to provide Services to you, and the amount or type of data we collect depends on the product or service you choose or how you use it. If you choose to share additional information with us so that we can better customize your account and our Services, we'll process that with the same care and respect. We do not sell your personal information and we do not share your information with third parties for those third parties' own business interests. This Policy describes the data we collect from our customers at a high level, but you can always learn more by reading our API docs.
We use the information we collect and share it with our service providers primarily to provide the Services you've requested from us, and as needed for our operational purposes (e.g., to do the things we need to do to function as a business, such as to collect payment). In addition, we may use data about our customers to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and Services.
Data we process during account creation and account usage
When you sign up for an account with us, we ask for certain information like your contact details and billing information to facilitate payment and communication. We also collect some information automatically, like your IP address, when you log in to your account or when your software application built on Layercode makes requests to our APIs. We use this to understand who is using our Services and how, and to detect, prevent and investigate fraud, abuse, or security incidents.
Information you share directly
Name and contact information. When you sign up for a Layercode account with us, you will provide us your email address and name. We collect this information so we know who you are — this helps us communicate with you about your account(s), recognize you when you communicate with us or otherwise, bill you correctly, and provide other Services.
Payment information. When you upgrade your free account, we'll ask you to provide our payment processor with your payment method information like a credit card and your billing address. Our payment processor, Stripe, acting on our behalf, gathers this so we can bill you for your use of our Services.
Personalization details. When you create a project, we may ask you to complete an optional survey by providing details about yourself, your company (if applicable), your intended use of the product, and your reasons for choosing Layercode. We may use this information for the purpose of determining eligibility for these products, improving our internal processes and Services or to train our team members.
Information we generate or collect automatically
Subdomains and API Keys. When you create an account with Layercode, we'll automatically generate an API key for your account, which can be used to make requests to the API. We keep a record of these credentials so we know it is you making the requests when your application makes requests to our API using these credentials.
Device information and IP addresses. When you use our dashboard, we collect your IP address and other data through tracking technologies like cookies, web beacons, and similar technologies. We also collect IP addresses when you make requests to our APIs and in our server logs. We use this information to understand how customers are using our platform, who those customers are (if they are a company and the IP address is associated with that company), what country they are logging in from (for analytics and export control purposes), and to help improve the navigation experience.
When you use our dashboard, we also collect information about your device, such as your computer or mobile device operating system type and version number, manufacturer and model, browser type, screen resolution and general location information such as city or town.
Data We Process From Our Website and Interactions
When you visit our website we collect information automatically using tracking technologies, like cookies, and through web forms where you type in your information. We collect this information to provide you with what you request through the web form, to learn more about who is interested in our Services, and to improve navigation experience on our pages.
Information you share directly
On certain parts of our public-facing websites, you can fill out forms to request contact from our Sales team, sign up for newsletters, or participate in surveys. The personal information requested on these forms will vary depending on the purpose of the form. We will ask for information that is necessary to fulfill your request, such as your email address if you want to receive a newsletter or your phone number if you want to be contacted by a member of our Sales team. We may also ask for additional information to better understand our customers, such as your use case for Layercode, your company name, or your job title. If you opt in to receive ongoing marketing communications from Layercode, such as a newsletter, you can always choose to unsubscribe through a preferences page or by contacting our Customer Support team.
Our Sales and Customer Support teams keep a record of all communication with customers, including contact information and any other details shared during the conversation. This information is used to help us improve our Services, provide training to our team members, and manage our ongoing relationships with customers. It is important to be mindful of what information you share with these teams, as we store a record of these communications. To protect your privacy, it is best to avoid sharing sensitive personal information unless it is necessary for the teams to assist you. We will take appropriate measures to protect any sensitive information that is shared with us.
Information we collect automatically
When you visit our websites, including web forms, we and our service providers may collect certain information using tracking technologies such as cookies, web beacons, and similar technologies. This information helps us understand how visitors use our websites, which pages and features are most popular, and how we can improve our websites and track the performance of our advertisements. Tracking technologies also help improve the navigation experience on Layercode websites. We do not sell this information to third parties.
Marketing information
We use your email address to send you information about other Services or events in which we think you may be interested. You can opt out of receiving marketing communications from us at any time through your marketing preferences page by clicking the “unsubscribe” link at the bottom of any marketing email you receive from Layercode. You can also contact our Customer Support team to communicate your choice to opt out. Please note that it may take up to ten days to remove your contact information from our marketing communications lists, so you may receive correspondence from us for a short time after you make your request. You will not be able to opt out of service emails from us, such as password reset emails, billing emails, or notifications of updates to our terms, unless you delete your account.
We may also use publicly-available information about you that we have gathered through other services or we may obtain information about you or your company from third-party providers. We use this information to help us understand our customer base better, such as your industry, the size of your company, and your company's website URL. We also may use this information to reach out to potential candidates for roles at Layercode.
How long we store your customer account data
Layercode will store your Customer Account Data as long as needed to provide you with our Services and to operate our business. If you ask Layercode to delete specific personal information from your Customer Account Data, we will honor this request unless deleting that information prevents us from carrying out necessary business functions, such as billing for our Services, calculating taxes, or conducting required audits.
More specifically, within 30 days following closure of your account, we will either delete other Customer Account Data or transform it such that it can no longer be used to identify you, with the following exceptions, depending on and in accordance with applicable law:
Customer Account Data is stored for up to 30 days following closure of your account. However, we may retain invoice records, including their digital equivalent, for longer periods for accounting, tax, and audit purposes.
We may retain your communications with Layercode's Customer Support team for up to one year after your account is closed.
We may need to retain data due to special circumstances (such as due to an open investigation, audit, or other legal matter).
Once the retention period expires, Customer Account Data shall be deleted. The right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
Data about our customers' end users
What Customer Usage Data and Customer Content Layercode Processes and Why
We use Customer Usage Data and Customer Content to provide Services to you and to carry out necessary functions of our business as a communications service provider. We do not sell your end users' personal information and we do not share your end users' information with third parties for those third parties' own business interests.
End user personal information, which Layercode processes when you, our customer, use our Services, generally consists of audio, video, text message, and IP address information. The specific information and other end user personal information Layercode processes and the reasons Layercode processes it, depends on how you use our Services and which Services you use.
For Layercode's customers, our Data Processing Addendum describes more about how we process Customer Content in accordance with your instructions.
How Long We Store Customer Usage Data and Customer Content
Details regarding how long your end user personal information may be stored on Layercode systems will depend on which Services you are using and how you are using them.
As a Layercode customer, if the product or service you use enables you to store records of your usage on Layercode, including personal information contained within those records, and you choose to do so, then Layercode will retain these records for as long as you instruct, up until termination of your account. Please note that it may take up to 30 days for the data to be completely removed from all systems.
How Layercode shares personal information
We do not sell your personal information or the personal information of your end users. We also do not allow any personal information to be used by third parties for their own marketing purposes. However, we do need to share personal data in order to provide our Services to you, such as to route a call you send through us or to store data you ask us to store. Below are the different scenarios under which we may share your data with third parties:
Third-party service providers or consultants. Layercode engages certain third-party vendors and service providers to carry out certain data processing functions on our behalf. These providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances they will appropriately safeguard the data.
Sub-processors. A sub-processor is a vendor that is permitted to process data for which we are a processor — in other words, Customer Content. We share Customer Content with sub-processors who assist in providing the Services, like our infrastructure provider, or as necessary to provide optional functionality like transcriptions.
Compliance with Legal Obligations. We may disclose your or your end users' personal information to a third party if (i) we reasonably believe that disclosure is compelled by applicable law, regulation, legal process, or a government request (including to meet national security, emergency services, or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our Services, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If Layercode is required by law to disclose any personal information of you or your end user, we will notify you of the disclosure requirement, unless we are prohibited by law. Further, we reserve the right to object to requests we do not believe were issued properly.
Business transfers. If we go through a corporate sale, merger, reorganization, dissolution or similar event, data we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction. In that situation, and that situation only, we might transfer your data in a way that constitutes a sale under applicable law. If we do, we'll let you know ahead of time, and we will require any acquirer or successor of Layercode to continue to process data consistent with this Policy.
Aggregated or de-identified data. We might also share data about our customers with third parties if the data has been de-identified or aggregated in a way so it cannot be used to identify you or your end users.
Choices about your customer account data
Accessing and Controlling Account Data. As part of the Services we provide to our customers, we provide you with a number of self-service features at no additional cost within the Services, including the ability to access your data, update any incorrect data, restrict the use of your data, or delete your data. You can make various choices about your Customer Account Data through the Services when you log into your Layercode account. Any other requests about your data you cannot make through these self-service tools, you can request by contacting Customer Support.
Closing Your Account and Deletion. To request closure or deletion of your Layercode account, you can contact Customer Support. Please be aware that closure or deletion of your Layercode account will result in you permanently losing access to your account and the data in the account. After closure of your account, certain information associated with your account may remain on Layercode's servers in an aggregated form that does not identify you or your end users. Similarly, after you close your account, we will retain data — including personal information — associated with your account that we are required to maintain for legal purposes or for necessary business operations until it is no longer needed.
Choices about your end users' data
Your ability to make choices about end user data, namely Customer Usage Data and Customer Content, depends on the Services you use and how you use the Services. Our API docs are the best place to find more detailed information about managing end user data collected and stored in connection with your use of our Services.
In some cases, we may retain a copy of your usage records, including the personal information contained in them, to carry out necessary functions like billing, invoice reconciliation, troubleshooting, along with detecting, preventing, and investigating spam, fraudulent activity, and network exploits and abuse. Sometimes legal matters arise that also require us to preserve records, including those containing personal information. These matters include litigation, law enforcement requests, or government investigations. If we have to do this, we will delete the impacted records when we are no longer legally obligated to retain them. We may, however, retain or use records after they have been anonymized, if the law allows.
Cookies and tracking technologies
A cookie is a small text file stored on your device when you visit a website. Cookies allow website operators to recognize your device as you navigate through a website. By using cookies, a website can do things like remember a user's login details and store user preferences. By themselves, cookies do not identify you specifically. Rather, they recognize your web browser. So, unless you identify yourself specifically to us, for instance by signing into your account, we don't know who you are just because you visited our website.
How Layercode uses cookies
Necessary Cookies
Some cookies are necessary for our Services to function. We use these cookies for many purposes, including:
Authentication: to remember that you've logged in to our Services.
Security: to protect user data from unauthorized access.
Site stability: to administer our Services with a minimum of downtime.
Analytics Cookies
Layercode uses some cookies to help us understand how users interact with our Services. We use these cookies for many purposes, including:
Feature configuration: to remember how you prefer to use our Services so your settings stay the same each time you log in to your account.
Analyzing and improving our services: to make our Services work better for you, we use cookies to track how you use them. Analyzing this usage helps us make our Services better.
Third-party analytics: We use the following third-party analytics tools to collect and analyze information about how our Services are used and generate reports on usage trends for internal consumption:
Pixel tags
We use pixel tags (also known as web beacons) to, among other things, track the actions of email recipients, to measure the success of our marketing campaigns, and track response rates.
Opting Out of Cookies
You can opt out of cookies at any time in your User Settings, with the exception of the Necessary Cookies which are required for our Services to properly function.
Your web browser may also provide cookie configuration options, including to delete and disable cookies. If you choose to disable cookies, our Services may not operate as intended.
Global privacy compliance at Layercode
Layercode is a global company with customers and employees all around the world. As such, our approach to privacy compliance is a global one. No matter where you are located, whether in the United States, the European Economic Area (EEA), the United Kingdom (UK), Latin America, or the Asia-Pacific region, we remain committed to abiding by all applicable data protection laws.
Regions requiring a legal basis for processing personal information
If you are from a region that requires a legal basis for processing personal data (such as the EEA or the UK), our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms, or where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person, such as in the case where we request personal information from you in the context of a government audit or in response to a request from law enforcement.
Broadly speaking, we use Customer Account Data to further our legitimate interests to:
understand who our customers and potential customers are and their interests in the Services;
manage our relationship with you and other customers;
carry out core business operations such as accounting, filing taxes, and fulfilling regulatory obligations; and
help detect, prevent, or investigate security incidents, fraud and other abuse or misuse of our Services.
United States
California Consumer Access and Deletion Rights
For those customers that would like more information about our use of Customer Account Data or Customer Usage Data, you have the ability to request:
that we provide details about the categories of personal information that we collect about you, including how we collect and share it;
that we provide you access to the personal information we collect about you; and
that we delete the personal information we have about you.
Please be aware that when you ask us for these things, we will take steps to verify that you are authorized to make the request. You must be a resident of California to make this request.
The California Code of Regulations defines a "resident" as:
every individual who is in the State of California for other than a temporary or transitory purpose; and
every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose
We have collected the following categories of personal information in the past twelve (12) months:
Identifiers
Personal information listed in the California Customer Records statute
Geolocation data
Internet or other similar network activity
User Rights Based on the General Data Protection Regulation (GDPR)
Customers from the EEA have the right to do the following, to the extent permitted by law:
Withdraw their consent at any time. Customers have the right to withdraw consent where they have previously given their consent to the processing of their Customer Data.
Object to processing of their Data. Customers have the right to object to the processing of their Customer Data if the processing is carried out on a legal basis other than consent.
Access their Data. Customers have the right to learn if their Customer Data is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the their Customer Data undergoing processing.
Verify and seek rectification. Customers have the right to verify the accuracy of their Customer Data and ask for it to be updated or corrected.
Restrict the processing of their Data. Customers have the right to restrict the processing of their Customer Data.
Have their Personal Data deleted or otherwise removed. Customers have the right to obtain the erasure of their Customer Data by us.
Receive their Data and have it transferred to another controller. Customers have the right to receive their Customer Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance.
Lodge a complaint. Customers have the right to bring a claim before their competent data protection authority.
Customers are also entitled to learn about the legal basis for Customer Data transfers abroad, including to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by us to safeguard their Customer Data.
Other regions
Some countries, other than the EEA, UK, and United States, also have specific privacy notice requirements, and we address those requirements in our general privacy sections above. If there are specific changes we need to make to our legal language to comply with a country's privacy or data protection laws, you can find those changes in our Data Processing Addendum.
Privacy and compliance for specific individuals
Information from Children. We do not knowingly permit children (under the age of 13 in the US and UK or 16, if you live in the EEA) to sign up for a Layercode account. If we discover someone who is underage has signed up for a Layercode account, we will take reasonable steps to promptly close that person's account and remove their personal information from our records.
International data transfers
As a global organization, we may need to transfer your personal information to Layercode affiliates, contractors, service providers, and to third parties in various countries and jurisdictions around the world. In each case, we take care to use appropriate safeguards to ensure your personal information remains protected.
Data transfers to the United States and elsewhere. When you use our Services, personal information of you and your end users processed by Layercode may be transferred to the United States, where our primary processing facilities are located, and possibly to other countries where we or our service providers operate. These transfers will often be made in connection with routing your communications in the most efficient way.
Safeguards for data transfers. Layercode employs appropriate safeguards for cross-border transfers of personal data, as required by applicable local law. Our Data Processing Addendum, which we provide to all customers, includes more detailed information about our cross-border data transfers.
When transferring personal information outside the EEA, the UK, and Switzerland, we rely on data transfer mechanisms such as the Standard Contractual Clauses.
Transfers from other countries. When we transfer personal information outside countries other than those in the EEA, the UK, and Switzerland, we strive to comply with the cross-border data transfer rules of those countries, such as by cooperating with that country's data protection authority or providing a written agreement to each customer that meets the data protection requirements of the country.
Security information
How We Secure Personal Information
Our security measures. We use appropriate security measures designed to protect the security of your personal information both online and offline. These measures vary based on the sensitivity of the personal information we collect, process and store and the current state of technology. We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place. When we transfer data across borders, we also take supplementary measures to ensure that data is protected.
Please note that no service is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.
Security measures you can take. To protect the confidentiality of your account and protect against unauthorized use of your account, you must keep your account API keys confidential and not disclose them publicly or to unauthorized individuals — this includes accidentally distributing them in a binary or checking them into source control. Please let us know right away if you think your API keys were compromised or misused.
How we use personal information for security purposes
We may collect and use Customer Account Data or Customer Usage Data to detect, prevent, or investigate security incidents, fraud, or abuse and misuse of our platform and Services. In addition, we also use records containing end user personal information to debug, troubleshoot, or investigate security incidents; to detect and prevent spam or fraudulent activity; and to detect and prevent network exploits and abuse. We may anonymize personal information and use it for our legitimate business needs, and, where allowed by law, this may include records containing end user personal information.
Handling disputes
If you have a dispute with us relating to our data protection practices, you can raise your concern or dispute by contacting the Data Protection Officer via email at privacy@layercode.com or by post at:
Layercode, Inc.
1601 Fifth Avenue, Suite 900
Seattle, WA, USA 98101
For individuals in the EEA, the UK, or Switzerland, you have additional rights to make a complaint to a competent data protection authority or commence proceedings in a court of competent jurisdiction in accordance with applicable data protection laws.
Other information you may find useful
Automated decision making and machine learning
Layercode may use automated decision making leveraging a variety of signals derived from records we collect to help monitor, identify, and suspend accounts sending spam or engaging in other abusive or fraudulent activity. Holders of accounts suspended under these circumstances are notified of the suspension and given an opportunity to request human review of the suspension decision.
Changes to our Privacy Policy
We reserve the right to and may change this Policy from time to time, and if we do, the most current version will be available on our Privacy Page with the date at the top indicating when it was last updated. Given this, it is strongly recommended to check this page often. These changes might be minor, such as updating an address or fixing a typo, or they might be material, such as making a change that affects your rights.
