Legal

layers: Privacy Policy

Last updated: July 29, 2024

1. How layers values data privacy

At layers, we believe that technology and data present a groundbreaking opportunity to empower people to take control of their lives. The layers app gives people the ability to enter data effortlessly through voice and helps them to understand themselves better based on the provided journal entries and other data, providing self-insight and self-advocacy that’s powered by data processing.

We also fully acknowledge the responsibility that comes with being the safekeepers of so much intimate data which is tracked by people using layers. This is why we are always striving to achieve the highest standards of privacy and security. Keeping your data safe is at the core of everything we do.

We see it as our job to be clear and transparent so that you can truly understand what we do with your data, even though the digital ecosystem of an app is complex. To provide our service as a health app, we rely on a number of other providers as summarized below to help us.

We use your data solely to provide and improve our services. Under no circumstances do we sell your data to advertisers or any third parties. Your trust is paramount, and we are committed to safeguarding your privacy.

To deliver the advanced AI-driven insights that layers provides, we need to process your data in the cloud on our secure servers. The sophisticated AI models we utilize are not available on mobile devices, and as such, cannot operate on mobile edge devices. We understand the importance of this responsibility and are dedicated to building the safest and most privacy-friendly software possible.

Please read the whole of this Privacy Policy to understand how we handle your data. We have done our best to make it as clear and comprehensible as possible. If you have any questions, reach out to us at .

2. The types of data we process

We process three types of data in order to provide our services on the layers app and the layersjournal.app website. All of our data is securely stored on servers located in the European Union (EU).

Account data: In order to create your layers account, we process some of your personal data such as your email address.

Usage data: In order to provide our services and technically improve performance, we process how you interact with our products using different data points. Such data includes device data, which informs us about the device you use to access our app services (such as device model, name and identifiers, device settings, application identifier, and crash information). On our website, we also collect information about your browser (such as browser settings, operating system, system settings). Other usage data includes the IP address provided by your browser or mobile device, which we collect in order to deliver the service to your device. We also use the IP address to determine your approximate location for statistical and analytics purposes and for regulatory compliance in different countries. We do not collect your precise location.

Journal data: In order to provide our service as a self-reflection app, we process journal data and other sensitive data that you choose to enter in the layers app. Such journal data may include your daily journal entries, in which you might share details about your day, answers to specific questions or other entries about dreams. We only process the journal data you choose to share with the layers app.

3. How and why we process your data

Data processing is essential to providing the service of layers. Whenever you use our services, some personal and non-personal data is collected, stored, and analyzed using internal and third-party tools.

Below are the purposes for which we process your data, and the type of data that’s processed to fulfill each purpose:

3.1 To provide our core service to you

To provide our service, we process the following:

Journal data: This is processed whenever you enter your personal data (e.g. journal entries) in the layers app, in order to provide our core service as a self-reflection app. This includes both your journal entries and other personal data (e.g. answers to specific questions or quizzes) that you choose to provide to the layers app.

Device data, event data, usage data, IP address: This is processed when you use the layers app or layersjournal.app, to understand how you interact with our services and to technically improve performance.

Account data: This is processed when you set up your layers account in the app, to enable you to sign in to the layers app, and additionally to communicate with you on service-related topics. Such communications may include information about your account, essential app updates, or insights and recommendations based on personal data you have entered. These communications can be sent to you via notifications or emails.

Please read the following sections to understand which third-party services, integrations, and partnerships we use to provide our core service.

3.1.1 Essential third-party providers:

We use several third-party providers to help us perform our core services.

Fly.io: layers uses Fly.io as our hosting provider to store our data on secure servers. We only use Fly.io data centers in the European Union. All data stored with Fly.io is encrypted by layers.

AWS S3: layers uses AWS S3 to store your audio recordings on secure servers. We automatically delete the recordings after 30 day. We only use AWS data centers in the European Union. All data stored with AWS S3 is encrypted by layers.

Mailerlite: layers uses services operated by Mailerlite, a company based in the United States, to help us facilitate communication with you via emails and to analyze how you interacted with the emails. Such communications may include information about your account, essential app updates, or feedback requests. For this purpose, Mailerlite processes your email address and potentially your name.

Mailerlite has ensured an adequate level of data protection by being listed under the EU-US Data Privacy Framework, and by also entering into an agreement with layers based on the Standard Contractual Clauses for data transfer between EU countries and non-EU countries (see Section 4). The privacy policy of these services can be found on their respective websites.

It is not possible to opt-out of layers as it is an essential tool that we require in order to provide our services to you. However, you can opt out of certain types of messaging from layers, as explained in Section 3.6.

Sentry: layers uses services provided by Sentry Inc. (Sentry), a company based in the United States, to carry out service and infrastructure monitoring and alerting. Sentry helps us monitor the application performance in real time and resolve issues impacting our users quickly. Sentry stores the data on EU servers.

It is not possible to opt-out of Sentry as it is an essential tool that we require in order to provide a functioning layers app to you.

Sign in with Apple: layers uses “Sign in with Apple” to allow users to create and sign in to their layers account with their Apple credentials.

If you sign up to layers using Apple, layers will exchange certain data with Apple like device data, IP address, and information you provided to Apple when creating an account with Apple Inc. This may include a transfer of your personal data to Apple servers located outside the European Union. It is your choice if and to what extent you use the “Sign in with Apple” service and what information you provide to Apple.

OpenAI GPT: layers uses OpenAI GPT to provide users with custom insights and advice. We share journal entries and other journal data with OpenAI to generate custom insights such as activities or to generate summaries. We do not share any personal identifiable data such as emails or names with OpenAI. OpenAI does not use any of the data shared for training their models. Additionally, any data shared with OpenAI is only processed but never stored on OpenAI’s servers.

OpenAI has ensured an adequate level of data protection by being listed under the EU-US Data Privacy Framework, and by also entering into an agreement with layers based on the Standard Contractual Clauses for data transfer between EU countries and non-EU countries (see Section 4). The privacy policy of these services can be found on their respective websites.

Deepgram: layers uses Deepgram to transcribe the audio files. To provide accurate transcription services, we may share your audio recordings with Deepgram. The audio recordings shared with Deepgram are exclusively used to transcribe your audio into text accurately. Deepgram does not use any of the data shared for training their models. Additionally, any data shared with Deepgram is deleted within a maximum of 30 days after processing.

Deepgram has ensured an adequate level of data protection by being listed under the EU-US Data Privacy Framework, and by also entering into an agreement with layers based on the Standard Contractual Clauses for data transfer between EU countries and non-EU countries (see Section 4). The privacy policy of these services can be found on their respective websites.

Vercel: layers uses Vercel to host the layersjournal.app website.

3.2 To help layers optimize their advertising efforts

To help us analyze how layers’ advertising performs, we process certain types of usage data (for example when you install the layers app or subscribe to layers premium) including your device ID and IP address. This helps us identify whether you’ve already downloaded layers or have a layers premium subscription.

By doing this, we can optimize our advertising efforts. For example, if you’ve already downloaded the layers app, we won’t show you an ad to download layers. It also helps us understand on which platforms people find out about us, and learn what kind of layers advertising performs best. With better advertising, we can help raise awareness about the layers app.

Third party providers: We use certain third-party services to help us with our advertising efforts. These include Apple Search Ads and Google Ads, both based in the United States, and Appsflyer.

Appsflyer: layers uses an in-app performance and analysis service by Appsflyer, a company based in the USA. They help us understand where our users are coming from, which age group they are from, and how they are interacting with our app, so that we can optimize our ad campaigns. Appsflyer uses your advertising identifier (Apple IDFA on iOS), and your IP addresses to provide us with these insights. Through Appsflyer, we share standard app events like installation of the layers app or subscription to layers premium services with certain advertisement networks like Reddit. We do this to avoid showing you layers ads if you’ve already downloaded or are subscribed to layers premium. Appsflyer does not have access to any of the personal health data you track in the app. You can read more about how Appsflyer handles data in their Privacy Policy.

Legal basis: The processing of your usage data to promote layers is based on the following consent according to Art 6 Sec.1 lit a) GDPR, if you have toggled this on in your privacy settings:

I agree to my usage and device data being processed so layers can optimize their advertising efforts to more effectively tell more people about layers. Certain third-party providers, including some located outside of the European Union, are used to help with this.

You can toggle this off at any time. All personal data collected to help promote layers is deleted by us as soon as it is no longer required for the purpose for which it was collected.

3.3 To improve layersjournal.app with website analytics

To improve our website, we process usage data such as your IP address and device data. This helps us track the performance of our website, understand how you use our website, and offer you an improved experience. For this purpose, we use cookies and third-party tracking services. Cookies are small text files that are intended to make the site better for you to use.

In general, cookies are used to retain preferences, store information for things like shopping carts, provide tracking data to third-party applications like Google Analytics, or identify your device for special advertising purposes such as retargeting. You can learn more about the specific cookies and tracking services used on layersjournal.com in Section 7.

Legal basis: The processing of your usage data for website analytics is based on the following consent according to Art 6 Sec.1 lit a) GDPR:

By using our website you consent through an opt-in in the cookie banner that layers may use cookies and third-party services, and collect your usage data under a unique identifier for the purposes of tracking, analysis, and improvement of our website.

The usage of non-essential cookies on our website is based on a consent according to § 25 of the German Telecommunication and Telemedia Data Protection Act (TTDSG). When visiting our website, you can decline the use of non-essential cookies in the pop-up notification. If you consent to the non-essential cookies, you may withdraw your consent again at any time in your browser’s cookie settings.

All personal data collected for website analytics is deleted by us as soon as it is no longer required for the purpose for which it was collected.

3.4 To deliver layers newsletters

To provide newsletter and email services, we process certain contact data of those people who have opted in so we can send such communications.

If you’ve registered for a newsletter service of layers without being a layers app user with an account, we will process your information provided in the registration on layersjournal.app. This may include an email address, which is needed to send you the newsletters you’ve subscribed to.

If you’re a layers app user with an account, layers will process the email address you provided with your account registration to send you newsletters, as well as occasional emails asking about feedback.

Third parties: layers may share information such as your email address to third-party providers for the sole purpose of carrying out our newsletter services. Our current provider for this service is Mailerlite. For more information about Mailerlite, see Section 3.1.1. Whenever data is transferred outside of the European Economic Area (EEA), we always apply the appropriate safeguards as outlined by the General Data Protection Regulation (GDPR) (see Section 4).

Legal basis: The legal basis for sending you our newsletter is based on your consent according to Art 6 Sec.1 lit a) GDPR. The legal basis for promotional emails is based on Art 6 Sec.1 lit a) and lit f) GDPR.

You can unsubscribe from our newsletters at any time by clicking the unsubscribe link at the bottom of the emails.

All personal data collected for providing our newsletter services is deleted by us as soon as it is no longer required for the purpose for which it was collected.

4. Data transfer outside the European Union

Any personal data collected from you may only be transferred to countries outside the European Economic Area (EEA) if we observe applicable privacy regulations and ensure that your privacy rights remain protected.

To ensure an adequate level of data protection in accordance with Art 46 GDPR, we use third-party providers that are certified under the EU-US Data Privacy Framework as a guarantee under Art 46 GDPR.

We choose our processors very carefully. We do not work with processors based in countries where we are concerned about the rule of law with respect to privacy. We follow the guidance of the European Data Protection Board on additional contractual and technical measures to ensure a sufficient level of privacy in different situations.

5. Your data protection rights

We believe that privacy—including data privacy—is a basic human right. At layers, we strive to ensure that your rights are respected.

Here are some key facts about your privacy that we would like you to know:

  • Our products and services have been designed to collect only the data necessary to provide our services. We only collect and process your data for the purposes outlined above and detailed in this Privacy Policy.
  • The security of our servers is routinely verified by experts to protect your data from unauthorized access. You can contact us at if you have any questions about the security of our services.
  • We do not retain your data in an identifiable format for longer than necessary to deliver our services.
  • layers does not engage in any automated decision-making or profiling activities.

As a user of the layers app and website, you may exercise your rights under the EU General Data Protection Regulation (GDPR) to:

  • Request information on your personal data processed by layers. Upon your request, this information will be provided to you electronically. You can contact us to request your information at .
  • Gain access to your information by requesting a copy of your data in a format that is readable by other companies or organizations (data portability).
  • Correct your personal information in the app settings.
  • Withdraw your consent from ongoing data processing at any time by deleting your account, changing your privacy preferences in Settings, and/or unsubscribing from our newsletter or other email communications by clicking the link at the bottom of the email.
  • Request the complete deletion of your data, including all past data sent to third-party services used for tracking and analysis, by reaching out to . Your data will be deleted within 1 month.
  • Lodge a complaint with the relevant supervising authority if you believe layers is processing your personal data in violation of applicable data protection regulations.

6. Data security procedures

Protecting your data privacy is at the core of what we do. We apply security measures to protect against misuse, loss, and/or alteration of personal information under our control. We follow industry standards when transferring and storing your data. Though we cannot ensure or guarantee that misuse, loss or alteration of information will never occur, we use all reasonable efforts to prevent it.

6.1 How layers secures your personal data

When you create an account with layers, your personal profile data is stored on servers located in the European Union.

When you create your layers password, it’s stored using one-way encryption with both “hashing” and “salting” techniques. This means your password is combined with a random string of characters and then scrambled up so it’s unreadable. Not even layers staff have access to your password. Doing this ensures extra protection for your password. Note that if you use social login to create your account (see Section 3.1.3), layers does not receive your original password.

When your data is sent between your device and our layers servers, we use hypertext transfer protocol secure (HTTPS). This is a type of encrypted data transmission, which scrambles the information being sent so it’s unreadable. Doing this increases the security of your data transfer. HTTPS is the same technology used to create secure connections for your web browser and is indicated by a padlock icon in the URL bar of your browser.

When you subscribe to layers premium, all your payment information is securely processed by the Apple App Store. layers does not store your payment information at any time.

7. Cookies on layersjournal.app

For the purpose of tracking the performances of our services and to improve layers, we use cookies on our layersjournal.app website. For more information on this purpose and its legal basis, please see Section 3.9.

Cookies are small text files that are intended to make the website better for you to use. In general, cookies are used to retain preferences, store information for things like shopping carts, provide tracking data to third-party applications like Google Analytics, or identify your device for special advertising purposes such as retargeting.

We use third-party analytics and tracking services to help us measure the performance of our website. Whenever data is transferred outside of the European Economic Area (EEA), we always apply the appropriate safeguards as outlined by the General Data Protection Regulation (GDPR) (see Section 4). Be assured that the sensitive health data you track in the layers app is never shared with or sold to advertisers. We do share a minimal amount of technical data with advertising networks, for example, so that you won’t see a layers ad if you’ve already downloaded the app or subscribed to layers premium.

Such third parties and services are listed below.

7.1 Google Analytics - Website

Our website uses Google Analytics, a web analysis service operated by Google LLC. (“Google”). Google Analytics uses cookies (text files) stored on your computer to allow for analysis of your visits to websites and interactions with them in order to personalize your experience and improve our services. Information produced via cookies will be transferred to and stored on a server in the USA operated by Google. You can find out more about Google Analytics here.

Google analyzes this information to offer reports to layers on website usage and online usage of associated services. Under the terms of Google’s analytics service, Google may also transfer this information to third parties, either when this is required by law or when third parties are contracted by Google to process this data. Google must not allow your IP address to be linked to any other personal data. By opting in via the cookie banner on layers’ website, you consent to data being used and processed by Google as described above. You can withdraw consent for this use of your data at any time. Please note that this withdrawal only applies to future activities.

8. Changes to this Privacy Policy

layers reserves the right to amend this Privacy Policy from time to time to reflect changes in the law, our data collection and data use practices, the features of layers’ services, or advances in technology.

Please check this page periodically for changes and refer to the “last updated” date at the top of the page to know if it has been revised since your last visit. If we make any changes to this Privacy Policy that we consider to be material to your consent, we will notify you of them.

9. Responsibility for layers’ data processing

layers is made in Berlin, Germany, and the way we handle data meets the high standards set by German and European Union legal requirements. layers is made by layers labs UG (haftungsbeschränkt), Maybachufer 11, 12047 Berlin. Please do not hesitate to reach out to if you have any questions.

10. Prevailing language of this Privacy Policy

layers is used by people around the world. This wider layers community accesses the layers app in a multitude of different languages. Please note that we currently only have an English version of this policy.