PRIVACY POLICY
(Bytelantic, Inc. / Saferlayer)
Last updated: November 27, 2025
This Privacy Policy describes how Bytelantic, Inc., hereinafter “Saferlayer”, processes personal data of users who use:
- the free B2C service that applies watermarks locally (“B2C Service”), and
- the Enterprise/API-based B2B service (“B2B Service”).
Saferlayer is committed to lawful, fair, transparent data processing in accordance with Regulation (EU) 2016/679 (GDPR), the Spanish Organic Law 3/2018 (LOPDGDD), and other applicable regulations.
1. Identity of the Data Controller
Bytelantic, Inc.
Corporation incorporated in Delaware, United States
Registered address: 131 Continental Dr, Suite 305, Newark, Delaware 19713, USA
Contact email: [email protected]
European Union Representative (Art. 27 GDPR):
Carlos Sánchez García
Apartado de Correos 57
28232 Las Rozas de Madrid
Spain
2. Scope of this Policy
This Policy applies to:
- users of the B2C Service (no registration required),
- companies and users of the B2B Service (with account),
- general use of the website and its functionalities.
Processing activities are differentiated for each service type.
3. Data We Process
3.1 B2C Service (no personal data is processed)
In the B2C Service:
- documents are never transferred to Saferlayer servers,
- no images are received or stored,
- all processing occurs locally within the User’s browser,
- Saferlayer has no access to such documents or results.
The only data associated with the use of the B2C Service are:
- anonymous or aggregated usage and analytics data,
- IP address and technical metadata processed by providers such as Cloudflare for security,
- strictly necessary or analytical cookies (per User consent).
⚠️ Saferlayer does not collect or store personal data contained in documents processed by the B2C Service.
3.2 B2B Service (enterprise accounts)
The B2B Service does involve personal data processing.
A) Account data (required)
- Email address
- Password (hashed, never stored in plain text)
- Internal identifiers (user ID, API Keys)
- Billing data when applicable (via Stripe)
B) Data generated by API usage
Minimal technical logs:
- request timestamp
- file size
- type of operation
- status results
Also:
- usage metrics linked to the API Key
- watermark text (processed but not stored)
C) Content submitted for processing (documents/images)
- Ephemeral processing only
- Processed exclusively in memory
- Executed on cloud infrastructure located in Finland (EEA) operated by Hetzner
- Automatically deleted immediately after processing
- Never stored, copied, indexed, or reused
⚠️ Saferlayer does not retain original or processed documents.
4. Purposes and Legal Bases
4.1 B2C Service
| Purpose | Legal basis |
|---|---|
| Provide local watermarking functionality | Not applicable (no personal data is processed) |
| Ensure security and prevent abuse (Cloudflare) | Legitimate interest |
| Analytical measurement, aggregated usage data | Consent (non-essential cookies) |
4.2 B2B Service
| Purpose | Legal basis |
|---|---|
| Account management, authentication, access | Contract performance |
| Billing and invoicing | Legal obligation / Contract performance |
| Service execution (ephemeral processing) | Contract performance |
| Platform security, fraud prevention | Legitimate interest |
| Communication with Client | Contract performance |
5. Data Retention
| Type of data | Retention |
|---|---|
| Account data (email, password, API Keys) | Until Client requests deletion |
| Documents/images sent via API | 0 seconds — deleted immediately |
| Minimal technical logs | Up to 90 days |
| Billing data | As required by applicable tax laws (5–10 years) |
6. Recipients and Subprocessors
Saferlayer uses carefully selected providers:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Authentication and database (B2B accounts) | EU |
| Cloudflare | CDN, security, DDoS protection | Global |
| Stripe | Payments | USA/Global |
| Hetzner | Cloud infrastructure and ephemeral API execution | Finland (EEA) |
All subprocessors operate under contracts ensuring GDPR compliance, SCCs, and adequate security measures.
7. International Data Transfers
As a US-based company, Saferlayer may perform international transfers of data in compliance with:
- Standard Contractual Clauses (SCCs),
- additional technical and organizational safeguards.
Processing carried out on Hetzner infrastructure located in Finland (EEA) does not constitute an international transfer.
B2B account data is stored in the EU (Supabase EU region).
8. Security of Processing
Saferlayer implements appropriate technical and organizational measures, including:
- exclusively in-memory processing,
- execution on infrastructure located in Finland (EEA) operated by Hetzner,
- immediate deletion of Content,
- TLS encryption for all communications,
- strict access controls,
- isolated environments,
- minimal logging without personal data.
9. User and Client Rights (GDPR)
Users and Clients may exercise:
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction
- Right to object
- Right to data portability
- Right to withdraw consent (where applicable)
Saferlayer will respond within 1 month.
Requests may be sent to:
📩 [email protected]
10. Privacy in the B2C Service
Because Saferlayer does not process or receive documents in the B2C Service:
- no personal data contained in such documents is processed,
- no legal basis is required for such processing,
- no additional privacy measures are required.
Only:
- technical data,
- essential cookies,
- consent-based analytics
may be processed.
11. Privacy in the B2B Service
Saferlayer acts as:
- Data Controller: account data, billing data, usage metrics
- Data Processor: documents/images submitted via the API
Processing of such content is governed by the DPA included in the B2B Terms.
12. Cookies
Details about cookie usage are provided in the Cookie Policy (Document 4).
13. Minors
The Service is not intended for minors.
In the B2C Service:
- Saferlayer does not process identifiable personal data,
- no age verification is required,
- the User is responsible for ensuring they meet the minimum age requirement, which is 16 years old (or the minimum age applicable in their jurisdiction).
14. Changes to this Privacy Policy
Saferlayer may update this Policy at any time.
The “Last Updated” date will indicate the current version.
B2B Clients will be notified of material changes affecting data processing.
15. Contact
For privacy-related inquiries or to exercise rights:
📩 [email protected]