Privacy Policy

1. Data Controller

Thinlayer Labs is a Sweden-based software business. For questions regarding this policy or your data, please contact us at hello@thinlayerlabs.com.

2. Scope

This Privacy Policy applies to Thinlayer Labs products and services, including our website (thinlayerlabs.com), plugins, SaaS tools, support, billing, and related operations.

3. What Data We Collect

Website and Contact Data

When you contact us through our website, we may collect:

• Your name
• Your email address
• The subject and message you provide

This data is processed by our form provider and forwarded to us so we can respond to your request.

Product Account and Configuration Data

If you use our products, we may collect account and configuration information needed to provide the service, such as account email, domain/store identifiers, product settings, plan/tier information, and service metadata.

Product Usage and Operational Data

To operate product features, we may process technical and usage data you submit to the product (for example, service inputs, generated outputs, request metadata, and diagnostics required for reliability, abuse prevention, and troubleshooting).

Billing Data

When you purchase paid plans, billing is handled by third-party payment providers. We receive billing-related records needed to activate, manage, and support subscriptions (for example, plan, status, and transaction/reference identifiers).

Hosting & Server Logs

Our services are hosted by infrastructure providers that may collect standard server and security logs (for example IP address, user-agent, timestamps, and request paths) as part of normal hosting and security operations.

Cookies and Local Storage

Our public marketing website is designed with minimal tracking. Product interfaces may use strictly necessary storage/cookies for authentication, session continuity, and security.

4. How We Use Your Data

We use your data exclusively to:

• Provide, secure, and operate our products and services
• Respond to inquiries and support requests
• Manage accounts, subscriptions, and billing state
• Improve product quality, reliability, and safety
• Comply with legal obligations

5. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contract (Article 6(1)(b) GDPR) — to provide products and paid services you request
• Legitimate interest (Article 6(1)(f) GDPR) — to operate, secure, and improve our services and respond to inquiries
• Consent (Article 6(1)(a) GDPR) — where consent is requested (for example voluntary submissions)
• Legal obligation (Article 6(1)(c) GDPR) — when required by law

6. Data Sharing

We do not sell, trade, or rent your personal data to third parties. We may share data with:

• Infrastructure and hosting providers (for example Vercel, Supabase) to run our services
• Payment providers (for example Polar) to process subscriptions and payments
• Communication providers (for example transactional email services) to deliver service and support emails
• AI/service processors where required to deliver product functionality
• Form providers (for example Web3Forms) for website contact submissions

These providers act as processors/sub-processors under contractual safeguards where applicable.

7. International Transfers

Some providers may process data outside the EU/EEA. Where required, we rely on lawful transfer mechanisms such as Standard Contractual Clauses and similar safeguards.

8. Data Retention

We retain data only as long as needed for service delivery, support, security, legal compliance, and legitimate business purposes. Retention varies by data type (account records, billing records, logs, and support communication).

9. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

• Access — request a copy of any personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your data ("right to be forgotten")
• Restriction — request limitation of processing
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interest

To exercise any of these rights, please contact us at hello@thinlayerlabs.com. We will respond within 30 days.

10. Product-Specific Notices

Some products may provide additional privacy notices for product-specific data flows. Where those notices exist, they supplement this policy.

11. Security

We apply reasonable technical and organizational measures to protect personal data. No method of transmission or storage is completely secure, but we continuously work to reduce risk.

12. Children's Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by the "Last updated" date above.

14. Supervisory Authority

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY):

• Website: www.imy.se
• Email: imy@imy.se

15. Contact

For any questions about this Privacy Policy or your data, contact us:

• Email: hello@thinlayerlabs.com
• Website: thinlayerlabs.com
• Location: Sweden