PRIVACY POLICY
(Bytelantic, Inc. / Saferlayer)
Last updated: May 26, 2026
This Privacy Policy describes how Bytelantic, Inc., hereinafter “Saferlayer”, processes personal data of users who use:
- Saferlayer Free, which applies watermarks locally in the browser ("Saferlayer Free"),
- the paid Saferlayer Pro, which also enables PDF file processing on Saferlayer's secure servers ("Saferlayer Pro"), and
- Saferlayer Enterprise, API-based ("Saferlayer Enterprise").
Saferlayer is committed to lawful, fair, transparent data processing in accordance with Regulation (EU) 2016/679 (GDPR), the Spanish Organic Law 3/2018 (LOPDGDD), and other applicable regulations.
1. Identity of the Data Controller
Bytelantic, Inc.
Corporation incorporated in Delaware, United States
Registered address: 131 Continental Dr, Suite 305, Newark, Delaware 19713, USA
Contact email: [email protected]
European Union Representative (Art. 27 GDPR):
Carlos Sánchez García
Apartado de Correos 40143
28007 Madrid
Spain
2. Scope of this Policy
This Policy applies to:
- users of Saferlayer Free (no registration required),
- users of Saferlayer Pro (with a paid account),
- companies and users of Saferlayer Enterprise (with an Enterprise account),
- general use of the website and its functionalities.
Processing activities are differentiated for each service type.
3. Data We Process
3.1 Saferlayer Free (no personal data is processed)
In Saferlayer Free:
- images are never transferred to Saferlayer servers,
- no files are received or stored,
- all processing occurs locally within the User's browser,
- Saferlayer has no access to such images or results.
- PDF files are not available in Saferlayer Free.
The only data associated with the use of Saferlayer Free are:
- anonymous or aggregated usage and analytics data,
- IP address and technical metadata processed by providers such as Cloudflare for security,
- strictly necessary or analytical cookies (per User consent).
⚠️ Saferlayer does not collect or store personal data contained in images processed by Saferlayer Free.
3.2 Saferlayer Pro (paid plan with account)
Saferlayer Pro combines local processing and secure server processing:
Images: processed locally within the User's browser, without transfer to Saferlayer servers. Saferlayer does not access or store the User's images.
PDF files: sent to Saferlayer's secure server for processing:
- Strictly ephemeral processing, carried out on Hetzner cloud infrastructure located in Finland (EEA).
- Immediate deletion of the original PDF after returning the processed file.
- In the event of a processing error, the file may remain on the server for up to 24 hours, after which it is deleted automatically by the daily cleanup process.
- The PDF is never copied, indexed, transferred, or used for any other purpose.
Account data (required):
- Email address
- Password (hashed, never stored in plain text)
- Internal identifiers (user ID)
- Billing data (via Stripe)
Minimal technical logs generated by PDF processing:
- request timestamp
- file size
- type of operation
- status results
⚠️ Saferlayer does not access or store personal data contained in images processed by Saferlayer Pro. PDF files are processed ephemerally on a secure server and deleted immediately after processing.
3.3 Saferlayer Enterprise (enterprise accounts)
Saferlayer Enterprise does involve personal data processing.
A) Account data (required)
- Email address
- Password (hashed, never stored in plain text)
- Internal identifiers (user ID, API Keys)
- Billing data when applicable (via Stripe)
B) Data generated by API usage
Minimal technical logs:
- request timestamp
- file size
- type of operation
- status results
Also:
- usage metrics linked to the API Key
- watermark text (processed but not stored)
C) Content submitted for processing (documents/images)
- Ephemeral processing only
- Processed exclusively in memory
- Executed on cloud infrastructure located in Finland (EEA) operated by Hetzner
- Immediate deletion of the original document after returning the processed file
- The original document is never stored, copied, indexed, transferred, or used for any other purpose
- The processed file is stored for a maximum of 24 hours to ensure its availability via API for the user
- The processed file is never stored for more than 24 hours, nor is it copied, indexed, transferred, or used for any other purpose
4. Purposes and Legal Bases
4.1 Saferlayer Free
| Purpose | Legal basis |
|---|---|
| Provide local image watermarking functionality without data transfer | Not applicable (no personal data is processed) |
| Ensure security and prevent abuse (Cloudflare) | Legitimate interest |
| Analytical measurement, aggregated usage data | Consent (non-essential cookies) |
4.2 Saferlayer Pro
| Purpose | Legal basis |
|---|---|
| Account management, authentication, access | Contract performance |
| Billing and invoicing | Legal obligation / Contract performance |
| Ephemeral PDF processing on secure server | Contract performance |
| Local image processing (no access by Saferlayer to content) | Not applicable (no personal data is processed) |
| Platform security, fraud prevention | Legitimate interest |
| Analytical measurement, aggregated usage data | Consent (non-essential cookies) |
4.3 Saferlayer Enterprise
| Purpose | Legal basis |
|---|---|
| Account management, authentication, access | Contract performance |
| Billing and invoicing | Legal obligation / Contract performance |
| Service execution (ephemeral processing) | Contract performance |
| Platform security, fraud prevention | Legitimate interest |
| Communication with Client | Contract performance |
5. Data Retention
| Type of data | Retention |
|---|---|
| Saferlayer Pro account data (email, password) | Until the User requests deletion |
| PDFs sent via Saferlayer Pro (successful processing) | 0 seconds — deleted immediately after processing |
| PDFs sent via Saferlayer Pro (in the event of error) | Up to 24 hours (automatic daily cleanup) |
| Saferlayer Enterprise account data (email, password, API Keys) | Until Client requests deletion |
| Documents/images sent via Saferlayer Enterprise API | 0 seconds — deleted immediately |
| Processed documents/images via Saferlayer Enterprise API | Up to 24 hours |
| Minimal technical logs | Up to 90 days |
| Billing data | As required by applicable tax laws (5–10 years) |
6. Recipients and Subprocessors
Saferlayer uses carefully selected providers:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Authentication and database (Saferlayer Enterprise accounts) | EU |
| Cloudflare | CDN, security, DDoS protection | Global |
| Stripe | Payments | USA/Global |
| Hetzner | Ephemeral PDF processing (Saferlayer Pro) and API execution (Saferlayer Enterprise) | Finland (EEA) |
All subprocessors operate under contracts ensuring GDPR compliance, SCCs, and adequate security measures.
7. International Data Transfers
As a US-based company, Saferlayer may perform international transfers of data in compliance with:
- Standard Contractual Clauses (SCCs),
- additional technical and organizational safeguards.
Processing carried out on Hetzner infrastructure located in Finland (EEA) does not constitute an international transfer.
Saferlayer Pro and Saferlayer Enterprise account data is stored in the EU (Supabase EU region).
Ephemeral processing of PDFs sent via Saferlayer Pro, as well as Content submitted to the Saferlayer Enterprise API, is carried out on infrastructure located in the EU (Hetzner – Finland).
8. Security of Processing
Saferlayer implements appropriate technical and organizational measures, including:
- exclusively in-memory processing,
- execution on infrastructure located in Finland (EEA) operated by Hetzner,
- immediate deletion of Content,
- TLS encryption for all communications,
- strict access controls,
- isolated environments,
- minimal logging without personal data.
9. User and Client Rights (GDPR)
Users and Clients may exercise:
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction
- Right to object
- Right to data portability
- Right to withdraw consent (where applicable)
Saferlayer will respond within 1 month.
Requests may be sent to:
📩 [email protected]
10. Privacy in Saferlayer Free and Saferlayer Pro
10.1 Saferlayer Free
Because Saferlayer does not process or receive images in Saferlayer Free:
- no personal data contained in such images is processed,
- no legal basis is required for such processing,
- no additional privacy measures are required.
Only:
- technical data,
- essential cookies,
- consent-based analytics
may be processed.
10.2 Saferlayer Pro
In Saferlayer Pro:
- Images are processed locally within the User's browser. Saferlayer does not access or process personal data contained in images.
- PDF files are sent to Saferlayer's server for ephemeral processing. Saferlayer acts as Data Controller with respect to account data, and processes PDF files exclusively in memory for the time required to complete the operation, deleting them immediately afterwards.
- In the event of a processing error, the PDF file may remain on the server for up to 24 hours, after which it is deleted automatically by the daily cleanup process.
11. Privacy in Saferlayer Enterprise
Saferlayer acts as:
- Data Controller: account data, billing data, usage metrics
- Data Processor: documents/images submitted via the API
Processing of such content is governed by the DPA included in the Saferlayer Enterprise Terms.
Note: In Saferlayer Pro, Saferlayer acts solely as Data Controller with respect to account data and the ephemeral processing of PDF files, in accordance with the Saferlayer Free and Saferlayer Pro Terms and this Privacy Policy.
12. Cookies
Details about cookie usage are provided in the Cookie Policy (Document 4).
13. Minors
The Service is not intended for minors.
In Saferlayer Free:
- Saferlayer does not process identifiable personal data,
- no age verification is required,
- the User is responsible for ensuring they meet the minimum age requirement, which is 16 years old (or the minimum age applicable in their jurisdiction).
In Saferlayer Pro:
- registration with an email address is required,
- no automatic age verification is implemented,
- the User guarantees they are at least 16 years old (or the minimum age applicable in their jurisdiction).
14. Changes to this Privacy Policy
Saferlayer may update this Policy at any time.
The “Last Updated” date will indicate the current version.
Saferlayer Enterprise Clients will be notified of material changes affecting data processing.
15. Contact
For privacy-related inquiries or to exercise rights:
📩 [email protected]