Legal

Privacy Policy

Last updated: April 23, 2026

This privacy policy explains how layline.io GmbH ("layline.io", "we", "us", or "our") collects, uses, and protects your personal information when you visit our website or use our services, in accordance with the General Data Protection Regulation (GDPR).

1. Data Controller

The controller responsible for the processing of your personal data on this website is:

layline.io GmbH

Flughafenstr. 52a

22335 Hamburg, Germany

Registered at: Amtsgericht Hamburg, HRB 159256

Managing Directors: Andrew Tan / Stefan Deigmüller

VAT ID: DE327083403

Phone: +49 (40) 5329-9328

Email: hello@layline.io

2. Data Protection Officer

If you have any questions about how we handle your personal data, you can contact our Data Protection Officer:

layline.io GmbH

Flughafenstr. 52a

22335 Hamburg, Germany

Represented by: Andrew Tan

Email: ds@layline.io

Website: https://www.layline.io

3. What Data We Collect

We collect and process the following types of personal data:

3.1 Server Log Data

When you visit our website, our hosting provider automatically collects technical information including your IP address, browser type and version, operating system, referring URL, pages visited, and the date and time of your visit. Your IP address is truncated (anonymized) immediately upon collection and is never stored in full form.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) in ensuring website security and functionality.

Storage period: 30 days, after which logs are automatically deleted.

3.2 Contact Form Data

When you contact us via our website forms, we collect the information you provide, such as your name, email address, company name, and message content. We use this data solely to respond to your inquiry. Providing this data is voluntary; however, without an email address we cannot respond to your message.

Legal basis: Contract performance or pre-contractual measures (Art. 6(1)(b) GDPR) and legitimate interest (Art. 6(1)(f) GDPR).

Storage period: Duration of the business relationship, then deleted after 3 years unless legal retention requirements apply.

3.3 User Account & Database Data

When you create a user account or interact with features that require authentication, we collect and store your account data (e.g., email address, name, company) in our database hosted by Supabase, Inc. This data is used to provide you with access to our services and to manage your account.

Legal basis: Contract performance (Art. 6(1)(b) GDPR) and legitimate interest (Art. 6(1)(f) GDPR) in providing secure authentication and account management.

Storage period: Duration of your account existence; deleted within 30 days of account closure unless legal retention requirements apply.

3.4 Analytics Data

With your prior, explicit consent, we collect anonymized usage data through Google Analytics to understand how visitors use our website and to improve our services. We have enabled IP anonymization. You can withdraw your consent at any time via the cookie preferences.

Legal basis: Consent (Art. 6(1)(a) GDPR).

Storage period: 14 months, after which data is automatically deleted by Google.

4. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and maintain our website
  • To respond to your inquiries and requests
  • To analyze website usage and improve our services (only with your prior consent)
  • To ensure the security of our website
  • To comply with legal obligations

We do not use your personal data for automated decision-making or profiling within the meaning of Art. 22 GDPR.

4.1 Legal Bases for Processing

We process personal data under the following legal bases, depending on the purpose:

  • Art. 6(1)(a) GDPR: Consent (e.g., analytics cookies)
  • Art. 6(1)(b) GDPR: Contract performance or pre-contractual measures (e.g., responding to inquiries, user accounts)
  • Art. 6(1)(c) GDPR: Legal obligation
  • Art. 6(1)(f) GDPR: Legitimate interests (e.g., website security, fraud prevention, service improvement)

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Server logs: Deleted after 30 days
  • Contact form data: Retained for the duration of our business relationship, then deleted after 3 years unless legal retention requirements apply
  • User account data: Deleted within 30 days of account closure unless legal retention requirements apply
  • Analytics data: Automatically deleted after 14 months
  • Cookie consent preferences: Stored locally in your browser until you clear your browser data or withdraw consent
  • Transactional emails (e.g., confirmations): Retained as required for service delivery and statutory retention periods

6. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

Right of Access

You have the right to obtain confirmation of whether we process your personal data and to access that data. (Art. 15 GDPR)

Right to Rectification

You have the right to request correction of inaccurate personal data. (Art. 16 GDPR)

Right to Erasure

You have the right to request deletion of your personal data under certain conditions. (Art. 17 GDPR)

Right to Restriction

You have the right to request restriction of processing of your personal data. (Art. 18 GDPR)

Right to Data Portability

You have the right to receive your personal data in a structured, machine-readable format. (Art. 20 GDPR)

Right to Object

You have the right to object to processing based on legitimate interests. (Art. 21(1) GDPR)

Right to Object to Direct Marketing

Where your data is processed for direct marketing purposes, you have the right to object at any time. (Art. 21(2) GDPR)

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. (Art. 77 GDPR)

To exercise any of these rights, please contact our Data Protection Officer at ds@layline.io.

If processing is based on consent, you can withdraw your consent at any time with effect for the future. This does not affect the lawfulness of processing before withdrawal. You can withdraw consent for analytics cookies at any time by clicking the "Manage Cookies" button in Section 7 (Cookies) of this policy and adjusting your preferences accordingly.

7. Cookies

Our website uses cookies to enhance your browsing experience. Cookies are small text files stored on your device that help us understand how you use our website.

Essential Cookies

These cookies are necessary for the website to function properly. They enable core functionality such as security, network management, and remembering your cookie preferences. You cannot opt out of these cookies. These cookies are stored for up to 12 months or until you clear your browser data.

Analytics Cookies

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. We only set these cookies with your explicit consent. You can withdraw your consent at any time. These cookies are stored for up to 14 months.

Cookie Preferences

Manage which cookies you allow us to use on this website

8. Third-Party Services

We use the following third-party services that may process your personal data (as processors where applicable):

Cloudera (Hosting)

Our website is hosted on Cloudera infrastructure. Server log data including your truncated IP address is processed to deliver our website content. Data is stored exclusively within the European Economic Area (EEA).

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) in providing a fast and reliable website.

View Cloudera Privacy Policy →

Resend (Email Delivery)

We use Resend, Inc. to send transactional emails, such as contact form confirmations. When you submit a contact form, your email address and message content may be processed by Resend.

Legal basis: Contract performance (Art. 6(1)(b) GDPR) and legitimate interest (Art. 6(1)(f) GDPR).

View Resend Privacy Policy →

Google Analytics

With your prior, explicit consent, we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies to help us analyze how visitors use our website. We have enabled IP anonymization. Data may be transferred to Google LLC in the USA under Standard Contractual Clauses.

Legal basis: Consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time through our cookie preferences.

View Google Privacy Policy →

Supabase (Database & Authentication)

We use Supabase, Inc. as our database and authentication provider. Your account data (e.g., email address, name, company) and any data you submit through our services are stored on Supabase infrastructure. Supabase acts as a processor under Art. 28 GDPR. Data is stored within the European Union (EU).

Legal basis: Contract performance (Art. 6(1)(b) GDPR) and legitimate interest (Art. 6(1)(f) GDPR) in providing secure data storage and authentication.

View Supabase Privacy Policy →

8.1 Recipients & Processors

We may share personal data with service providers (processors) that support our website operations (hosting, email delivery, database, authentication, analytics). We have data processing agreements in place where required by Art. 28 GDPR.

9. International Data Transfers

Some of our third-party service providers are located outside the European Economic Area (EEA), particularly in the United States. We ensure that appropriate safeguards are in place for any transfer of personal data outside the EEA, including Standard Contractual Clauses (SCCs) approved by the European Commission and adequacy decisions where applicable.

Specifically, data transfers to the USA are based on the EU-US Data Privacy Framework (where certified) or Standard Contractual Clauses with additional technical safeguards (e.g., IP anonymization for analytics).

Our database and authentication provider, Supabase, Inc., is headquartered in the United States. We have entered into a Data Processing Addendum (DPA) with Supabase that incorporates Standard Contractual Clauses (SCCs) approved by the European Commission. Your account data is stored on Supabase infrastructure located within the European Union. Any processing by Supabase personnel or subprocessors outside the EEA is protected by these SCCs and additional technical and organizational safeguards.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our website uses SSL/TLS encryption to secure data transmission between your browser and our servers.

11. Right to Lodge a Complaint

If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority — in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement (Art. 77 GDPR).

Our lead supervisory authority is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit

Ludwig-Erhard-Str. 22, 7th Floor

20459 Hamburg, Germany

Website: https://datenschutz-hamburg.de

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

layline.io GmbH

Flughafenstr. 52a

22335 Hamburg, Germany

General inquiries: hello@layline.io

Data protection: ds@layline.io