TERMS AND CONDITIONS OF USE

Including Annex I — Data Processing Agreement (DPA), applicable to Saferlayer Enterprise

Last updated: May 26, 2026

These Terms and Conditions of Use ("Terms") govern access to and use of the services offered by Bytelantic, Inc., hereinafter "Saferlayer", in three modalities:

  • Saferlayer Free: web application for applying watermarks to images, with local browser processing.
  • Saferlayer Pro: web application adding support for PDF files processed on Saferlayer's secure servers.
  • Saferlayer Enterprise: watermarking API for enterprise integration, with ephemeral document processing.

Users of Saferlayer Free and Saferlayer Pro are referred to as "User". Customers of Saferlayer Enterprise are referred to as "Client". Where a provision applies to both, the term "User or Client" is used.

By accessing or using any of the services, the User or Client declares that they have read and fully accepted these Terms. Saferlayer Enterprise clients additionally accept Annex I (DPA). If the User or Client does not agree, they must immediately stop using the Service.

1. Service Provider Information

Bytelantic, Inc.
Corporation incorporated in Delaware, United States
Registered address: 131 Continental Dr, Suite 305, Newark, Delaware 19713, USA
Contact email: [email protected]

European Union Representative (Art. 27 GDPR):
Carlos Sánchez García
Apartado de Correos 40143
28007 Madrid
Spain

2. Definitions

Service: any of the modalities offered by Saferlayer (Free, Pro, or Enterprise).
User: natural person who uses Saferlayer Free or Saferlayer Pro through the web application.
Client: natural or legal person that contracts and uses Saferlayer Enterprise through the API.
Content: images or documents processed through the Service, including the watermark text.
API: Saferlayer's programming interface allowing the Client to submit Content for processing (exclusive to Saferlayer Enterprise).
API Key: credential assigned to the Client to authenticate requests (exclusive to Saferlayer Enterprise).
Ephemeral Processing: temporary in-memory processing without persistent storage of Content.

3. Description of the Service

3.1 Saferlayer Free

Allows the User to apply watermarks to images locally, executed exclusively within the User's browser. In particular:

  • Images are never transferred to Saferlayer's servers.
  • Saferlayer does not access, receive, store, or process the User's images.
  • All computations are executed on the User's device using web technologies.
  • No registration or authentication is required.
  • PDF files are not available in Saferlayer Free.

3.2 Saferlayer Pro

Allows the User to apply watermarks to images (locally, as in Saferlayer Free) and also to PDF files, which are processed on Saferlayer's secure servers. In particular:

  • Images are processed locally within the User's browser. Saferlayer does not access or store images.
  • PDF files are sent to Saferlayer's secure server for processing. The original PDF is deleted immediately after returning the processed file. In the event of a processing error, the file may remain on the server for up to 24 hours, after which it is deleted automatically by the daily cleanup process.
  • The PDF is never copied, indexed, or used for any other purpose.
  • Registration with an email address and password, and a paid subscription, are required.

PDF processing is carried out on Hetzner cloud infrastructure located in Finland (EEA).

3.3 Saferlayer Enterprise

Offers a watermarking API for enterprise use. The Service consists of:

  • Receiving an image or document submitted by the Client via the API.
  • Applying a watermark with the text provided by the Client.
  • Returning the processed file in PNG format.
  • Immediate deletion of the original Content once processing is completed.
  • Temporary storage of the processed file for a maximum of 24 hours from the time of generation, solely to ensure its availability via API to the Client. After this period, the file is permanently and automatically deleted.

Relevant technical characteristics:

  • Maximum file size: 30 MB
  • Supported formats: JPEG, PNG, GIF, WebP
  • Minimum dimensions: 100 px; maximum: 4000 px
  • Maximum watermark text length: 100 characters

The Service does not guarantee that the watermark will be impossible to remove.
Processing is carried out on Hetzner cloud infrastructure located in Finland (EEA).

The Service is provided "as is", and Saferlayer does not guarantee continuous availability, uninterrupted operation, or error-free performance in any of its modalities.

4. Age and Capacity

Saferlayer Free and Saferlayer Pro: The User declares and guarantees that they are at least 16 years old (or the minimum age applicable in their jurisdiction) and that they possess the legal capacity required to use the Service.

Saferlayer Enterprise: The Client declares that they act on behalf of a legal entity or are a natural person with full legal capacity, and that they are authorized to accept these Terms.

5. Access to the Service

5.1 Saferlayer Free

No registration is required. The User may use the Service directly from their browser.

5.2 Saferlayer Pro

To access the Service, the User must:

  • create an account with an email address and password,
  • subscribe to a paid plan.

5.3 Saferlayer Enterprise

To access the Service, the Client must:

  • create an account with an email address and password,
  • obtain an API Key,
  • provide valid billing information.

The Client is responsible for keeping API Keys confidential, restricting their use to authorized personnel, and immediately reporting any unauthorized access.

Saferlayer may reject registration requests or suspend accounts in case of breach of these Terms.

6. Permitted and Prohibited Uses

6.1 Permitted Uses

The User or Client may use the Service to:

  • apply watermarks to images (all plans) for which they hold sufficient rights,
  • apply watermarks to PDF files (Saferlayer Pro) for which they hold sufficient rights,
  • integrate watermarking into enterprise workflows (Saferlayer Enterprise) on Content for which they hold sufficient rights,
  • protect their documents from unauthorized use,
  • use the resulting files for personal, educational, or professional purposes in compliance with applicable law.

6.2 Prohibited Uses

The User or Client agrees not to use the Service to:

  • Process illegal or fraudulent content, or content intended to falsify documents or identities.
  • Process content protected by intellectual property rights without authorization.
  • Process or attempt to process content depicting child sexual abuse material (CSAM) or any illegal material.
  • Process content that infringes third-party fundamental rights, privacy, or confidentiality without consent.
  • Introduce malware, viruses, or any code intended to damage devices.
  • Reverse engineer, decompile, copy, or analyze the internal functioning of the software or the API.
  • Interfere with, overload, or compromise the security or stability of the Service.
  • Bypass usage limits, security restrictions, or control mechanisms.
  • Resell, sublicense, or redistribute the Service or the API without prior written authorization (Saferlayer Enterprise).
  • Use automated systems (bots, scrapers, or similar) that affect normal operation (Saferlayer Free and Saferlayer Pro).
  • Perform any illegal activity or any activity contrary to these Terms.

Saferlayer may limit or suspend access to the Service if reasonable indications of misuse are detected.

7. Intellectual Property

7.1 User or Client Content

The User or Client retains all rights over the documents and images they process. Saferlayer acquires only a limited, temporary license to:

  • receive the original Content,
  • process it to apply a watermark,
  • transmit the resulting file to the Client,
  • delete the original Content immediately once processing is completed,
  • retain the processed file for a maximum of 24 hours solely to ensure its availability to the Client via API, after which it is permanently and automatically deleted.

Saferlayer does not acquire any additional rights over the Content.

7.2 Saferlayer Intellectual Property

Saferlayer retains exclusive ownership of:

  • the software, API, and their components,
  • processing algorithms,
  • user interfaces, tools, and graphical elements,
  • trademarks, logos, and distinctive signs,
  • source code, structure, and internal architecture,
  • documentation and manuals.

Use of the Service does not grant the User or Client any rights over these elements.

8. Service Availability and Operation

Saferlayer strives to keep the Service available but does not guarantee:

  • uninterrupted availability,
  • absence of errors,
  • that the watermark cannot be removed by third parties,
  • compatibility with all devices or browsers,
  • a specific service level (SLA) unless expressly agreed in writing (Saferlayer Enterprise).

Saferlayer may apply usage limits per API Key (Saferlayer Enterprise) and may modify, suspend, or discontinue the Service at any time.

9. User or Client Responsibility

The User or Client is fully responsible for:

  • verifying the quality and suitability of the resulting file,
  • keeping backups of original documents,
  • ensuring they hold sufficient rights over the content they manipulate,
  • using the result lawfully,
  • keeping billing information up to date (Saferlayer Pro and Saferlayer Enterprise),
  • safeguarding and protecting API Keys (Saferlayer Enterprise),
  • complying with applicable law, including GDPR where applicable,
  • complying with these Terms.

10. Limitation of Liability

Saferlayer shall not be liable for:

  • indirect, incidental, special, punitive, or consequential damages,
  • data loss or file corruption,
  • issues arising from the User's device or browser configuration (Saferlayer Free and image processing in Saferlayer Pro),
  • damages arising from the use or inability to use the Service,
  • unexpected results derived from local image processing,
  • technical incidents during ephemeral PDF server processing (Saferlayer Pro),
  • failures caused by third-party infrastructures (Saferlayer Enterprise),
  • misuse of the Service by the User or Client.

Saferlayer Enterprise: Saferlayer's total liability for any claim is limited to the amounts paid by the Client in the 12 months preceding the event giving rise to the claim.

Use of the Service is the User's or Client's own responsibility. Nothing in these Terms excludes liability where such exclusion is not permitted by applicable law.

11. Processing of Personal Data

The processing of personal data is detailed in Saferlayer's Privacy Policy.

Saferlayer Enterprise: use of the Service may involve the processing of personal data contained in Content submitted by the Client. Such processing is governed by Annex I — Data Processing Agreement (DPA), which forms an integral part of these Terms for Saferlayer Enterprise clients.

12. Security and Processing of Content (Saferlayer Pro and Saferlayer Enterprise)

Saferlayer implements the following measures:

  • strictly in-memory processing,
  • execution on Hetzner server infrastructure in Finland (EEA),
  • no persistent storage of original documents,
  • automatic deletion of Content upon completion,
  • TLS encryption in transit,
  • access controls and environment isolation,
  • minimal logging without personal content.

13. Subprocessors (Saferlayer Enterprise)

Saferlayer uses the following providers in the delivery of Saferlayer Enterprise:

SubprocessorPurposeLocation
SupabaseAuthentication and database (Enterprise accounts)EU
CloudflareCDN, security, DDoS protectionGlobal
StripePaymentsUSA/Global
HetznerCloud infrastructure and ephemeral API processingFinland (EEA)

Saferlayer will notify the Client of relevant changes as required by applicable law.

14. Payments and Billing (Saferlayer Pro and Saferlayer Enterprise)

  • Saferlayer offers subscription-based or usage-based pricing plans.
  • Payments are processed through Stripe or other secure providers.
  • The User or Client must keep billing information up to date.
  • Failure to pay may result in suspension of access to the Service.

15. Term and Termination (Saferlayer Pro and Saferlayer Enterprise)

The User or Client may cancel their account at any time. Saferlayer may suspend or terminate access:

  • for non-payment,
  • for breach of these Terms,
  • for legal requirements,
  • for abusive or harmful use.

Upon termination:

  • access credentials and API Keys will be revoked (Saferlayer Enterprise),
  • account data will be deleted according to the Privacy Policy,
  • original Content is never stored persistently and is deleted at the end of each operation; any processed files pending download will be automatically deleted within a maximum of 24 hours.

16. Modifications to the Terms

Saferlayer may update these Terms at any time.
The date at the beginning will indicate the current version.
Changes will be notified to Saferlayer Enterprise clients via email or through the control panel.
Continued use of the Service after updates constitutes acceptance of the new Terms.

17. Governing Law and Jurisdiction

These Terms are governed by the laws of the State of Delaware (United States).
The User or Client and Saferlayer submit to the exclusive jurisdiction of the competent state or federal courts of Delaware, unless mandatory law provides otherwise.

18. Contact

For questions regarding these Terms:
📩 [email protected]

ANNEX I — DATA PROCESSING AGREEMENT (DPA)

(Applicable exclusively to Saferlayer Enterprise. Integrated into these Terms.)

1. Purpose and Duration

The Client acts as the Data Controller and Saferlayer as the Data Processor regarding personal data contained in the Content submitted via the API.
Processing is ephemeral, solely for providing the Service, and ends immediately after completion.

2. Nature and Purpose of Processing

  • Temporary receipt of the original Content
  • In-memory processing to apply a watermark
  • Transmission of the resulting file to the Client
  • Immediate deletion of the original Content
  • Temporary retention of the processed file for a maximum of 24 hours for delivery via API, permanently and automatically deleted upon expiry

No other processing operations are performed.

3. Types of Data and Categories of Data Subjects

Data processed depends exclusively on the Content submitted by the Client. It may include:

  • images of documents, photographs, or files containing personal data, including potentially identifying data.

Saferlayer does not classify or interpret such Content.

4. Processor Obligations (Saferlayer)

Saferlayer shall:

  • Process data only following documented instructions from the Client.
  • Not store, copy, or retain Content.
  • Ensure confidentiality of authorized personnel.
  • Apply appropriate security measures (see section 12).
  • Assist the Client in complying with GDPR obligations where applicable.
  • Notify any personal data breach within 72 hours.
  • Delete original Content upon completion of processing; the processed file is retained for a maximum of 24 hours for delivery to the Client and permanently deleted upon expiry.
  • Allow reasonable audits by the Client or designated auditors.

5. Subprocessors

Saferlayer may rely on authorized subprocessors (see section 13).
Subprocessors are required to comply with the same data protection obligations.
These include Hetzner as cloud infrastructure provider located in Finland (EEA), where ephemeral processing is executed.

6. International Transfers

International transfers may occur due to Saferlayer's location and certain providers. In such cases, Saferlayer shall apply:

  • Standard Contractual Clauses (SCCs),
  • additional security measures.

Processing executed on Hetzner infrastructure in Finland (EEA) does not constitute an international transfer.
Account data is stored within the EU (Supabase EU region).

7. Security of Processing

Saferlayer implements appropriate technical and organizational measures:

  • processing exclusively in memory,
  • execution on infrastructure in Finland (EEA) operated by Hetzner,
  • no persistent storage of original Content,
  • automatic deletion of the original Content upon completion of the operation,
  • temporary retention of the processed file for a maximum of 24 hours solely for delivery to the Client via API, permanently and automatically deleted upon expiry,
  • TLS encryption,
  • access controls,
  • environment isolation,
  • minimal logging without personal data.

8. End of Processing

Upon completion:

  • original Content is automatically deleted at the end of each operation; any processed files pending download are automatically deleted within a maximum of 24 hours,
  • Client account data is processed according to the Privacy Policy,
  • API Keys may be revoked.