Privacy Policy

Layerbase may collect and process:

• account information, including email address, display name, OAuth provider IDs, avatar URLs, role, account status, and login timestamps;
• cloud database metadata, including database names, engines, versions, hostnames, ports, status, plan limits, firewall rules, backup records, and API key metadata;
• database content and backup artifacts that you create or upload to Layerbase Cloud;
• billing and subscription metadata from Polar, such as customer IDs, product IDs, subscription IDs, plan state, and payment status;
• operational logs, diagnostics, IP addresses, user agent data, request metadata, error traces, support messages, and bug reports;
• desktop download and update metadata needed to serve releases and validate entitlements.

We use data to:

• authenticate users and maintain sessions;
• create, run, stop, back up, restore, and delete databases;
• enforce quotas, rate limits, security controls, and plans;
• process checkout, subscriptions, and entitlement sync;
• provide support, debug incidents, and improve reliability;
• detect abuse, fraud, security incidents, and outages;
• comply with legal obligations.

Layerbase uses third-party providers to operate the service, including OAuth providers such as Google and GitHub, Polar for billing, Vercel for the web application, Hetzner for cloud compute, Cloudflare for DNS and R2 storage, GitHub for release hosting and workflows, and email or observability providers used for product communication and operations. These providers process data only as needed to deliver their services to Layerbase.

You control the content stored in your databases. Layerbase does not sell database content and does not inspect it for marketing. We may access database content or backups when needed to provide the service, troubleshoot an issue at your request, investigate security or abuse, comply with law, or recover from operational failure.

Do not store sensitive regulated data that requires a specific compliance program, region, retention policy, or data processing agreement unless we have agreed to those terms in writing.

Account records are retained while your account exists. Cloud databases are retained until you delete them, your account is deleted, or we terminate access under the Terms of Service.

Backup retention depends on the current plan, backup system, and operational state. Account deletion is designed to purge cloud database rows, API keys, DNS records, and R2 backups owned by the account. Operational logs are normally retained for about 30 days. Billing records may be retained longer where needed for tax, accounting, fraud prevention, dispute handling, or legal obligations.

You can delete your own account from the cloud settings page. The deletion flow removes your Layerbase account and triggers cloud-side purge of databases, API keys, DNS records, and backups associated with that account.

You can also contact bob@layerbase.com for account deletion, access, correction, or portability requests. We may need to verify your identity before acting on a request.

Layerbase uses OAuth authentication, server-side access controls, rate limits, isolated database containers, TLS for public connection paths where supported, backup infrastructure, and operational monitoring. No internet service is perfectly secure; you are responsible for protecting database credentials, API keys, OAuth accounts, and client systems.

Layerbase is not intended for children under 13, and we do not knowingly collect personal data from children under 13.

We may update this policy as Layerbase changes. If changes are material, we will make reasonable efforts to notify users through the website, dashboard, or email.

Privacy questions can be sent to bob@layerbase.com.