Privacy Policy

This Privacy Policy describes how Manafold Inc. ("Manafold," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our platform, Layo (the "Platform"), accessible at uselayo.com and related services. Layo is a no-code application builder that enables businesses and individuals to build, deploy, and scale applications powered by large language models ("LLMs"), including deployment to third-party app stores such as OpenAI's ChatGPT and Anthropic's Claude.

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use the Platform.

1. Information We Collect

1.1 Information You Provide Directly

We collect information you voluntarily provide when you register for, access, or use the Platform, including:

  • Account Information: Name, email address, username, password, and other registration details.
  • Contact Information: Phone number, mailing address, and other contact details you provide.
  • Payment Information: Billing address and payment card details processed through our third-party payment processor, Stripe. We do not store complete payment card numbers on our servers.
  • API Credentials: Third-party API keys and credentials you onboard to the Platform to enable integrations with external services.
  • Communication Preferences: Your preferences for receiving communications from us.
  • Support and Feedback Information: Information you provide when contacting customer support, submitting feedback, requesting demos, or joining waitlists.

1.2 Information Collected Automatically

When you access or use the Platform, we automatically collect certain information, including:

  • Device Information: IP address, browser type and version, operating system, device identifiers, and device settings.
  • Usage Information: Pages visited, features used, clickstream data, session duration, and other interactions with the Platform.
  • Log Data: Server logs, error reports, and performance data.

1.3 Information from Third Parties

We may receive information about you from third-party sources, including identity verification services, fraud prevention services, and publicly available sources, which we may combine with other information we collect.

1.4 Platform-Generated Data

As you use Layo to build and deploy applications, the Platform generates data related to your applications, including application configurations, deployment metadata, usage analytics, and insights derived from interactions with applications you create. When end users interact with LLM-powered applications built through our Platform, we may store non-personal, aggregated insights and analytics data to improve the Platform. Conversation data from deployed applications is stored by the respective LLM providers (e.g., OpenAI, Anthropic) in accordance with their privacy policies.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and Maintain the Platform: To operate, deliver, and improve the Platform and its features.
  • Process Transactions: To process subscription payments and manage your account.
  • Communicate with You: To send service-related communications, respond to inquiries, and provide customer support.
  • Improve and Develop: To analyze usage patterns, conduct research, and improve our services.
  • Security and Fraud Prevention: To detect, prevent, and address security incidents, fraud, and abuse.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.
  • Platform Enhancement: We may use aggregated, de-identified customer feedback and usage data to improve the Platform. We do not use your data to train machine learning models.

3. How We Share Your Information

We may share your information in the following circumstances:

  • Service Providers: We share information with third-party vendors who perform services on our behalf, including Google Cloud Platform (cloud infrastructure), Stripe (payment processing), and other service providers bound by contractual obligations to protect your information.
  • LLM Platform Providers: When you deploy applications to third-party app stores (e.g., OpenAI, Anthropic), certain information may be shared with those platforms in accordance with their respective terms and privacy policies.
  • Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as a business asset.
  • With Your Consent: We may share information with third parties when you have provided explicit consent.

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Upon account deletion, we retain your data for sixty (60) days, after which it is permanently deleted from our systems, unless longer retention is required by law or for legitimate business purposes such as resolving disputes or enforcing agreements.

5. Data Security

We implement industry-standard technical and organizational security measures designed to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, and regular security assessments. We are pursuing SOC 2 Type II certification and maintain PCI-DSS compliance for payment processing. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

6. International Data Transfers

We are headquartered in the United States, and our servers are located in us-east4 (Northern Virginia) on Google Cloud Platform. If you access the Platform from outside the United States, your information will be transferred to, stored, and processed in the United States. We take appropriate measures to ensure that transfers of personal data comply with applicable law, including the use of Standard Contractual Clauses approved by the European Commission for transfers from the European Economic Area.

7. Your Rights and Choices

7.1 General Rights

Depending on your location, you may have the following rights:

  • Access: Request access to the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to certain exceptions.
  • Portability: Request a copy of your data in a structured, machine-readable format.
  • Opt-Out: Opt out of marketing communications at any time.

7.2 European Economic Area (EEA) Residents

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR), including:

  • The right to object to processing of your personal data.
  • The right to restrict processing of your personal data.
  • The right to withdraw consent at any time where we rely on consent to process your data.
  • The right to lodge a complaint with your local supervisory authority.

Legal Bases for Processing (GDPR):

We process your personal data based on the following legal bases:

  • Contract: Processing necessary to perform our contract with you.
  • Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services and preventing fraud.
  • Legal Obligation: Processing necessary to comply with legal obligations.
  • Consent: Processing based on your explicit consent.

7.3 California Residents

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected, the sources of collection, the purposes for collection, and the categories of third parties with whom we share information.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes.
  • Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise any of these rights, please contact us at legal@uselayo.com. We will respond to your request within the timeframes required by applicable law.

8. Third-Party Links and Services

The Platform may contain links to third-party websites or integrate with third-party services, including OpenAI and Anthropic platforms. This Privacy Policy does not apply to such third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Platform.

9. Regulatory Compliance Limitations

The Platform is not currently designed to meet the requirements of the Health Insurance Portability and Accountability Act (HIPAA) or the Family Educational Rights and Privacy Act (FERPA). Users should not use the Platform to process, store, or transmit protected health information (PHI) as defined under HIPAA or education records as defined under FERPA. If you require compliance with these regulations, please contact us to discuss your specific requirements before using the Platform.

10. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have collected information from a child under 18, please contact us at legal@uselayo.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Effective Date" at the top of this policy and, where required by law, provide additional notice (such as via email or through the Platform). Your continued use of the Platform after any changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Manafold Inc. Email: legal@uselayo.com Website: uselayo.com

For EEA residents, you may also contact your local data protection authority if you have concerns about our processing of your personal data.