Privacy Policy

Last updated: March 28, 2026

1. Introduction

Layered Labs (Business Registration No. 241-42-01288, "Company", "we", "us", or "our") operates the SnapAPI service ("Service") at snapshot-api-gamma.vercel.app. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: Email address and name when you create an account
  • Payment information: Billing details processed by Paddle (Paddle.com Market Limited), our Merchant of Record. We do not store your credit card numbers, bank account details, or other payment credentials on our servers. Paddle handles all payment data in compliance with PCI DSS standards.
  • Support communications: Information you provide when contacting us for support, including email correspondence

2.2 Information Collected Automatically

  • API usage logs: Request timestamps, target URLs, response status codes, response sizes, and processing times for each API call made with your API key
  • Device and browser data: IP address, browser type, operating system, and device type when accessing the dashboard
  • Cookies and analytics: We use cookies and similar technologies to maintain sessions, remember preferences, and analyze usage patterns (see Section 6)

2.3 Information We Do Not Collect

We do not store the actual screenshots or PDFs generated through our API. Once a capture is delivered to you via the API response, it is not retained on our servers. We do not access, view, or analyze the content of the web pages you capture.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service delivery: To provide, maintain, and improve the Service, including processing API requests and managing your account
  • Billing and payments: To manage subscriptions, process payments (via Paddle), and send billing-related communications
  • Usage monitoring: To enforce rate limits, prevent abuse, and ensure fair use of the Service
  • Communication: To send transactional emails (account verification, password resets, billing receipts) and important service announcements
  • Analytics: To understand how the Service is used and to make data-driven improvements
  • Security: To detect, prevent, and respond to fraud, abuse, and security incidents
  • Legal compliance: To comply with applicable laws, regulations, and legal processes

We do not sell your personal information to third parties. We do not use your data for targeted advertising.

4. Data Sharing and Third Parties

We share your information with the following categories of third parties, solely to operate and improve the Service:

ProviderPurposeData Shared
PaddlePayment processing (Merchant of Record)Email, billing details
VercelHosting and infrastructureIP address, request data
SupabaseDatabase and authenticationAccount data, usage logs
Google AnalyticsWebsite analyticsAnonymized usage data, device info

We may also disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained until you request account deletion
  • API usage logs: Retained for up to 90 days for operational purposes
  • Billing records: Retained for up to 7 years as required by tax and accounting laws
  • Support correspondence: Retained for up to 2 years after resolution

After the retention period, data is permanently deleted or anonymized.

6. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential cookies: Required for the Service to function (authentication sessions, CSRF protection). These cannot be disabled.
  • Analytics cookies: Used to understand how visitors interact with our website (Google Analytics). These collect anonymized data including page views, session duration, and referral sources.

You can control cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

7. Data Security

We implement industry-standard security measures to protect your personal information, including:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of data at rest
  • Secure API key generation and hashed storage
  • Regular security reviews and vulnerability assessments
  • Access controls limiting employee access to personal data on a need-to-know basis

While we take reasonable measures to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights (GDPR and International Users)

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data protection laws, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing: Request limitation of how we process your data
  • Right to data portability: Request your data in a structured, machine-readable format
  • Right to object: Object to processing of your data for certain purposes
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us at support@layeredlabs.dev. We will respond to your request within 30 days.

9. Data Deletion Requests

You may request complete deletion of your account and associated data at any time by sending an email to support@layeredlabs.dev with the subject line "Data Deletion Request". Upon receiving your request, we will:

  • Verify your identity through your registered email
  • Delete your account, API keys, and personal data within 30 days
  • Confirm deletion via email once the process is complete

Please note that we may retain certain data as required by law (e.g., billing records for tax compliance) even after account deletion. Such retained data will be minimal and stored securely.

10. International Data Transfers

Your data may be processed and stored in countries outside your country of residence, including the United States and the Republic of Korea. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all third-party service providers
  • Compliance with applicable data transfer regulations

11. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will promptly delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will notify you via email.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Company: Layered Labs
  • Data Protection Contact: Taesung Park
  • Email: support@layeredlabs.dev
  • Business Registration No.: 241-42-01288