Privacy Notice

This notice applies when you sign up for Layout Pages, administer a tenant, submit a support or compliance request, receive transactional email from us, or visit platform-controlled pages such as layoutpages.com.

Hosted customer sites may have their own visitor-facing privacy notices. In those cases, the site operator is generally the primary controller for visitor content, forms, and marketing activity, while Layout Pages acts as a hosting and service provider for parts of that processing. See the Data Processing Addendum for the processor terms.

We may collect account details such as name, email address, password hash, tenant slug, custom domain settings, plan, billing status, and basic account preferences.

We also process content and operational data you place into the service, including published pages, portfolio items, blog posts, custom content, uploaded files, client pages, forms, submissions, user-management settings, API keys, webhooks, and backups or revision metadata.

For billing, Stripe provides customer and subscription metadata such as customer IDs, subscription IDs, invoice state, plan, billing interval, and renewal or cancellation state. We do not intentionally store full payment card numbers on our own servers.

We use cookies and local storage for session management, CSRF protection, client-page access, consent preferences, and similar core product functions. See the Cookie Notice for more detail.

We also collect service logs and security telemetry such as IP address, request path, timestamps, host, user agent, request identifiers, and error data as needed to operate, secure, and troubleshoot the service.

We use information to provide and improve the service, authenticate users, host sites, process subscriptions, operate forms and client pages, deliver emails, prevent abuse, respond to support issues, and maintain backups and audit trails.

We share information with subprocessors and infrastructure providers that help us operate the service, including hosting, edge and storage providers, payment processors, and email-delivery vendors. The current list is in our Subprocessors page.

We may also disclose information where required by law, in connection with a lawful request, business transfer, fraud investigation, security incident, or other legitimate protection need.

We and our vendors may process data in the United States and other jurisdictions. Where required, appropriate transfer mechanisms should be addressed by contract, including the DPA and any supplemental measures needed for a particular customer deployment.

We retain information for as long as reasonably necessary to provide the service, maintain security, satisfy legal obligations, resolve disputes, and enforce agreements.

We use reasonable administrative, technical, and organizational measures to protect information, but no system is perfectly secure. You should use strong credentials and control access to your admin accounts, webhooks, and API keys.

Depending on where you live, you may have rights to request access to, correction of, deletion of, restriction of, objection to, or export of certain personal information. Layout Pages account holders can use the in-product Privacy Center, and anyone can use our Privacy Requests page.

We aim to respond within one month where required by law. To contact us directly, email [email protected].

Layout Pages is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

We may update this notice from time to time. Questions can be sent to [email protected].