← Back to LayerDrop

Privacy Policy

Last updated: February 26, 2026

LayerDrop ("we", "us", "our") is operated by the LayerDrop team. This Privacy Policy explains how we collect, use, and protect your information when you use our website at layerdrop.net and the LayerDrop application (the "Service").

We are committed to protecting your privacy. We collect the absolute minimum data necessary to provide the Service and we never sell, share, or rent your personal information to third parties for marketing purposes.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

1.2 Image and Art Data

Images you upload are processed entirely within your web browser using the HTML5 Canvas API. Uploaded art files never leave your device. We do not store or have access to your uploaded images.

AI-generated images: When you use the AI generation feature, your text prompts are sent to a third-party AI service (Replicate) to generate images. The generated images are returned to your browser. We do not store your prompts or generated images on our servers. Replicate may temporarily process your prompts in accordance with their privacy policy.

Generated collections are assembled entirely in your browser. We never see, store, or transmit your final exported collections.

1.3 Automatically Collected Data

We do not use analytics, tracking pixels, fingerprinting, or any third-party tracking services. We do not collect:

2. How We Use Your Information

DataPurposeLegal Basis (GDPR)
EmailAccount authentication, password resets, critical service notificationsContract performance
Password (hashed)Secure authenticationContract performance
AI promptsSent to Replicate to generate images, not stored by usContract performance

We do not send marketing emails, newsletters, or promotional communications unless you explicitly opt in to such communications in the future.

3. Cookies and Local Storage

We use a single session cookie managed by our authentication provider (Supabase) to keep you signed in. This is strictly necessary for the Service to function. We do not use:

Your browser's local storage may be used to persist your authentication session. No other data is stored locally by the Service.

4. Third-Party Services

We use the following third-party services:

We do not share your personal data (email, account info) with Replicate. Only text prompts are sent to generate images. We do not use any advertising networks, data brokers, or social media tracking.

5. Data Storage and Security

Your account data (email and hashed password) is stored on Supabase's infrastructure with the following protections:

Since your images and generated collections never leave your browser, there is no image data to secure on our end.

6. Your Rights

6.1 Rights Under GDPR (EU/EEA/UK Residents)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights:

To exercise any of these rights, contact us at admin@layerdrop.net. We will respond within 30 days.

6.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the right to:

6.3 Rights Under LGPD (Brazilian Residents)

Brazilian residents have rights similar to GDPR, including access, correction, deletion, and data portability.

6.4 Rights Under POPIA (South African Residents)

South African residents have the right to access, correct, and delete their personal information.

7. International Data Transfers

Your account data may be processed in the United States where our infrastructure providers operate. When data is transferred outside your jurisdiction, it is protected by:

8. Data Retention

We retain your account data (email, hashed password) for as long as your account is active. Upon account deletion:

9. Children's Privacy

LayerDrop is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you are under 18, do not use the Service or provide any personal information. If we become aware that we have collected data from a child under 18, we will delete it promptly.

10. Do Not Track

We honor Do Not Track (DNT) browser signals. Since we do not track users in the first place, there is no tracking behavior to disable.

11. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, as required by GDPR and other applicable laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or a prominent notice on the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact

For privacy questions, data requests, or to exercise your rights:

Email: admin@layerdrop.net

Data Controller: the LayerDrop team