← Back to Layr

Privacy Policy

Last updated: May 28, 2026

1. What We Collect

When you sign in via Google OAuth, we receive your email address, display name, and profile picture. We do not store your Google password.

When you use the Layr browser extension, we collect:

  • Annotations you create (text, position, URL)
  • Reactions, replies, and @mentions
  • Pages you annotate (URL and domain)
  • Credit balance and transaction history

2. How We Use Your Data

  • Display your annotations to other Layr users
  • Power AI features (page summaries, semantic search) using anonymized content
  • Moderate content for safety (via AI moderation)
  • Send you notifications about activity on your annotations
  • Process payments via Stripe (we never store card details)

3. Data Storage

Your data is stored on Supabase (PostgreSQL) with row-level security. Files (avatars, images) are stored in Supabase Storage. All data is encrypted in transit (TLS) and at rest.

4. Third-Party Services

  • Supabase — database, authentication, file storage
  • Google OAuth — sign-in
  • Anthropic (Claude) — AI moderation, AI Chat, AI Translate, and Layr Agent
  • Tavily — open-web search used by Layr Agent (Pro feature)
  • Stripe — payment processing
  • Vercel — web hosting
  • Sentry — error tracking (anonymised stack traces)

5. Layr Agent and browser-based tools (Pro feature)

Layr Agent is an in-extension AI research assistant available to Pro subscribers. When you explicitly ask the Agent a question that requires reading a web page in real time (for example, “compare prices on Amazon, Fnac, and Boulanger”), the extension can open a public web page in a background tab in your own browser, extract the visible main text, then close the tab automatically.

Consent. The first time the Agent wants to open a tab on a given hostname, a modal asks for your permission: refuse, allow once, or always allow. Your choice is stored locally in chrome.storage.local and can be cleared at any time from your browser settings.

What is sent to Anthropic. Only the extracted text content of the page (after JavaScript rendering) is sent to Anthropic for the Agent to reason about. We never send your cookies, session tokens, scroll position, screenshots, or the contents of any password / credit-card field.

What we block by default. The Agent refuses to open any URL whose path contains /login, /signin, /auth, /checkout, or /cart, and any hostname matching paypal.*, stripe.*, *.bank.*, accounts.google.com, login.live.com, or login.microsoftonline.com. Additionally, fields with type="password", type="hidden", or autocomplete="cc-*" are stripped from the extracted text before anything leaves your machine.

What we store. Only the Agent’s reasoning and final answer are stored in your private ai_agent_messages conversation history. The raw page text used as input is not persisted on Layr servers.

Visibility. While the Agent is reading pages, a progress chip is always visible in the Agent panel with a Stop button that immediately aborts the sequence. Tabs are always opened in background (active: false) and never steal focus.

Limits. Pro-only. Hard cap of 12 page reads per Agent turn, 5 credits per read. You can revoke an “always allow” decision by clearing the extension’s local storage.

6. Your Rights

You can:

  • Access and export your data at any time
  • Edit or delete your annotations
  • Delete your account by contacting us
  • Opt out of AI features by not using credits

7. Cookies

We use essential cookies for authentication sessions. We do not use tracking cookies or third-party analytics.

8. Children

Layr is not intended for users under 13. We do not knowingly collect data from children.

9. Contact

For privacy concerns, contact us at contact@layr.community.

Privacy Policy — Layr