Laiyr, Inc. ("Laiyr," "we," "our," or "us") respects your privacy and is committed to protecting it through compliance with this Privacy Policy.
This Privacy Policy describes:
This Privacy Policy applies to information collected through the Laiyr™ platform, including our website at laiyr.ai, our web and mobile applications, our API, our connector applications, and any related services we provide (collectively, the "Service").
By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, do not use the Service.
Account Information: When you create an account, we collect your name, email address, password (stored in hashed form), and the brand name you are registering. For paid tiers, we collect billing information through our payment processor (we do not store full credit card numbers on our servers).
Brand Truth Declarations: We collect the structured declarations you make about your brand, including identity, positioning, voice, claims, certifications, audience, prohibited terms, and any custom freeform answers you provide.
Documents You Upload: If you upload documents to support your declarations (such as certification documents, license documents, or other proof materials), we collect and store those documents.
Communications: When you contact us for support or feedback, we collect the content of those communications.
Usage Data: When you use the Service, we automatically collect information about your interactions, including pages viewed, features used, actions taken, time spent, and navigation patterns.
Device and Connection Data: We collect IP address, browser type and version, operating system, device type, screen resolution, language preference, and referring URLs.
Cookies and Similar Technologies: We use cookies, local storage, and similar technologies to operate the Service, remember your preferences, authenticate your session, analyze usage, and improve performance. See Section 9 for more detail.
Logs: Our servers automatically log information about each request, including timestamps, request paths, response codes, and error data.
Connected Platforms: If you connect a third-party platform (such as Shopify or WooCommerce), we receive information from that platform necessary to deliver the Service, including store information, product data, and authorization tokens.
Payment Processors: Our payment processor (e.g., Stripe) provides us with limited transaction information, including amounts paid and payment success or failure, but not full payment card data.
AI Platforms: Through publicly available AI Platform APIs, we collect responses about your brand. These responses do not contain personal information about you, but may contain references to your brand.
Public Web Sources: Through our corroboration scanning, we collect publicly available web content that references your brand for the purpose of scoring source authority.
We use the information we collect for the following purposes:
If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar privacy laws, we process your personal data under the following legal bases:
(a) Performance of a contract: To provide the Service you have requested (b) Legitimate interests: To improve the Service, prevent fraud, and operate our business (c) Consent: Where you have given consent (which you may withdraw at any time) (d) Legal obligation: To comply with applicable laws
The Service primarily processes organizational identity assertions and business representation data, declarations a brand makes about its own positioning, voice, claims, certifications, audience, and prohibited terms. This is fundamentally different from consumer profile data. Brand Truth declarations are intended to be public and machine-readable, and the brand entity itself is the data subject of those declarations.
We do, however, process limited personal data relating to the individual users who manage brand accounts (such as the merchant's name, email address, and authentication information). This personal data is processed in the context of the user's role as a brand representative, not as a consumer of consumer-facing services. Where applicable law treats this distinction as relevant to compliance obligations, we will apply the appropriate framework.
We do not sell your personal information. We share information only in the following circumstances:
Your Verified Brand Record and your registry listing on laiyr.ai are intended to be publicly accessible by design. By publishing through the Service, you authorize this public access. AI Platforms, search engines, agents, and other systems may access, retrieve, and use your VBR.
We share information with trusted third-party service providers who help us operate the Service, including:
These providers are bound by confidentiality obligations and may use the information only to provide services to us.
If you authorize connections with third-party platforms (such as Shopify), we share information with those platforms as necessary to deliver the integration you have authorized.
When we execute query variations against AI Platforms to measure brand representation, those queries reference your brand name. We do not share your personal contact information with AI Platforms.
We may disclose information when required by law, subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
If Laiyr is involved in a merger, acquisition, financing, sale of assets, or other business transaction, your information may be transferred as part of that transaction. We will provide notice and opportunity to object where required by law.
We may share information for any other purpose with your express consent.
Laiyr is based in the United States, and we may process and store information in the United States and other countries. If you are located outside the United States, your information may be transferred to and processed in jurisdictions that may have different data protection laws than your country.
For transfers from the European Economic Area, the United Kingdom, or Switzerland, we rely on standard contractual clauses and other lawful transfer mechanisms approved by relevant authorities.
We retain your information for as long as necessary to:
(a) Provide the Service to you; (b) Comply with applicable legal obligations; (c) Resolve disputes and enforce our agreements; and (d) Maintain the integrity of the cryptographically chained Governance Corpus, which by design preserves a tamper-evident record of declarations and events.
When you terminate your account:
You may request deletion of your account data at any time, subject to the legal retention requirements described above. Contact privacy@laiyr.ai to make such a request.
The Laiyr Governance Corpus is a cryptographically chained, tamper-evident audit log designed to preserve the verifiable history of brand identity events. By design, individual events within the chained log cannot be deleted without breaking the cryptographic integrity of the log itself.
This creates a recognized tension with the right to erasure under GDPR Article 17 and similar deletion rights under other privacy laws. We address this tension as follows:
(a) Personal data within Governance Corpus events (such as the name or email of the user who triggered an event) can be redacted from the log in response to a valid deletion request. Redaction replaces the personal data with a cryptographic placeholder while preserving the event record itself.
(b) The cryptographically chained event records themselves are not deleted, because deletion would break the integrity of the entire log and undermine the audit, dispute resolution, and tamper-evident purposes that the Governance Corpus serves. We rely on GDPR Article 17(3) exemptions, including the exemptions for compliance with legal obligations, the establishment, exercise, or defense of legal claims, and processing necessary for the performance of a task in the public interest (auditability of brand identity claims).
(c) Brand Truth declarations themselves (which are organizational data, not personal data) are retained in the Governance Corpus for the audit retention period. The publishing surface of those declarations (the Verified Brand Record and registry listing) is unpublished upon account termination as described above.
If you have specific concerns about the application of these retention practices to your circumstances, contact privacy@laiyr.ai. We will work in good faith to resolve concerns consistent with applicable law and the integrity requirements of the Service.
Depending on your jurisdiction, you may have the following rights regarding your personal information:
To exercise any of these rights, contact us at privacy@laiyr.ai. We will respond within the timeframe required by applicable law (typically 30-45 days, depending on jurisdiction).
We may need to verify your identity before responding to your request. If we are unable to verify your identity, we may decline your request as required by law.
We use the following types of technologies:
We do not use third-party advertising cookies, tracking pixels for behavioral advertising, or cross-site tracking technologies.
For users in jurisdictions that require cookie consent (such as the European Economic Area, United Kingdom, and certain U.S. states), we provide a cookie consent banner allowing you to accept or decline non-essential cookies on your first visit. You may update your preferences at any time through your account settings.
Most browsers also allow you to control cookies through browser settings. Note that disabling strictly necessary cookies will prevent you from using the Service.
We do not currently respond to "Do Not Track" browser signals because no consistent industry standard has been established.
We implement reasonable technical, administrative, and physical safeguards to protect your information, including:
No system is perfectly secure, however. We cannot guarantee absolute security, and you use the Service at your own risk. If we become aware of a security incident affecting your information, we will notify you as required by applicable law.
The Service is not directed to individuals under the age of 18 and is intended for use by businesses and brand representatives. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us at privacy@laiyr.ai and we will take steps to delete it.
The Service may contain links to or integrations with third-party websites and services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them with any personal information.
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will notify you by email or through the Service at least thirty (30) days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated Privacy Policy.
If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact:
Laiyr, Inc. Privacy Officer privacy@laiyr.ai
For users in the European Economic Area or United Kingdom, you may also contact our designated data protection representative at the address above.