PRIVACY

Controller and contact

Layerheart is operated as a LayerForged tool. For privacy, account, deletion, export, legal, refund, creator, or marketplace questions, contact the Layerheart / LayerForged team at info@layerforged.com.

If formal legal identity or postal notice details are required for your request, contact us and we will provide the appropriate owner details for the Layerheart project.

Data we process

Layerheart uses Supabase for authentication, cloud sync, profiles, user state, creator profiles, public creator pages, marketplace listings, purchases, and storage. Depending on how you use the app, we may store email login data, display name, avatar, profile links, saved campaigns, sessions, vault content, uploaded images, marketplace listings, purchases, and creator tax profile data.

Do not store sensitive personal information in campaign notes, cards, stat blocks, uploads, or public profiles unless you are comfortable with that information being processed by the service.

Payments

Stripe processes Premium subscriptions, marketplace checkout, billing portal sessions, Connect onboarding, invoices, payment methods, disputes, chargebacks, refunds, and payout-related identity checks. Layerheart stores Stripe IDs and payment status needed to unlock Premium, fulfill purchases, manage creator payouts, and keep accounting records.

Layerheart does not intentionally store full card numbers. Payment method details are handled by Stripe.

Cookies and consent

Essential local storage and cookies may be used for login sessions, security, cloud sync, saved UI state, cookie choices, and core app functionality. These are needed for the service to work.

Non-essential analytics only run after consent. If you reject or opt out, Layerheart should not send non-essential analytics events. Essential error logging, fraud prevention, security, payment records, and legal/accounting records may still be processed where necessary.

• Essential: auth session, app state, sync, payment state, security, cookie preference.
• Optional: product analytics events used to understand activation, retention, errors, and feature usage.
• You can change cookie preferences through the cookie banner where available.

Legal bases

Layerheart processes account, sync, Vault, Canvas, Premium, marketplace, creator, and support data mainly to provide the service, perform requested transactions, keep the product secure, comply with legal/accounting/payment obligations, and pursue legitimate product and fraud-prevention interests where those interests are not overridden by user rights.

Optional analytics are based on consent where required. You can reject optional analytics without losing core app access.

Analytics

Layerheart may track product events such as page views, CTA clicks, signups, app opens, canvas saves, marketplace purchases, exports, and errors. Analytics events are designed to be product metrics, not surveillance. They should avoid storing sensitive campaign text or private content.

Analytics are tied to consent. Anonymous IDs, session IDs, referrers, UTM campaign data, environment, and app version may be included where available.

Retention and deletion

Account and content data may be kept while your account is active. Payment, tax, anti-fraud, dispute, chargeback, legal, and accounting records may need to be retained longer even after account deletion, where required by law or payment-provider rules.

Creator listings, purchased content, free claims, and marketplace records may be retained to preserve buyer access, audit trails, refunds, and reporting.

Your rights

Depending on where you live and the legal basis for processing, you may have rights to access, correct, delete, restrict, object to, or receive a portable copy of your personal data. You may also withdraw optional analytics consent where consent is used.

To exercise these rights, contact info@layerforged.com. We may need to verify your account before acting on a request. You may also have the right to complain to your local data protection authority, including the Spanish Data Protection Agency (AEPD) where applicable.

Children

Layerheart is not directed at children. If local law requires parental or guardian consent for a younger user to use online services, the user must have that consent before creating an account or submitting personal data.

Processors and transfers

Layerheart currently relies on third-party services such as Supabase, Vercel, Stripe, Resend, GitHub, and related infrastructure providers. Data may be processed outside your country where those providers operate, subject to their safeguards and terms.

Last updated: June 2, 2026.