Privacy Policy
How AccessLayer collects, uses, shares, and protects personal data.
Effective date: April 9, 2026
This Privacy Policy explains how Alfred Roger Michael Jones, trading as AccessLayer ("AccessLayer", "we", "us", or "our") collects, uses, stores, and shares personal information in connection with the AccessLayer Services.
Scope
This Privacy Policy applies to accesslayer.ai, app.accesslayer.ai, related APIs, support channels, and the AccessLayer Services.
Information We Collect
We may collect:
- account data, such as name, email address, profile information, and organization details;
- authentication and session data;
- billing and transaction data;
- connector configuration data and encrypted credentials;
- data imported or temporarily cached from connected third-party sources;
- query text, prompts, query results, dashboards, visualizations, and chat history;
- technical data, such as IP address, browser, device, logs, telemetry, and usage events;
- support communications and other information you provide to us.
How the Service Uses Data
AccessLayer allows users to connect third-party data sources, process and query that data, generate dashboards and visualizations, and use AI-assisted features.
Data may flow through the Services in the following way:
- you connect a third-party source;
- AccessLayer receives credentials or authorization needed to access that source;
- AccessLayer may retrieve, process, and temporarily cache data from that source;
- queries, prompts, or selected data may be sent to AI providers or AI routing providers to generate outputs; and
- outputs may be stored in your workspace, chat history, dashboards, or logs.
How We Use Information
We use personal information and Customer Data to:
- provide and operate the Services;
- authenticate users and manage organizations and access controls;
- process payments and administer subscriptions;
- connect to, retrieve from, and process third-party data sources;
- provide AI-assisted features;
- secure, monitor, troubleshoot, and improve the Services;
- communicate with users about support, operational issues, billing, and updates; and
- comply with legal obligations and enforce our agreements.
Legal Bases
Where applicable, we process personal data on the basis of:
- contract performance;
- legitimate interests, including security, fraud prevention, product improvement, and support;
- consent, where required; and
- legal obligation.
AI Providers and Routing Providers
AccessLayer may send prompts, queries, workspace content, and other data submitted through AI-enabled features to third-party AI model providers and routing or gateway providers selected by AccessLayer.
We aim to opt out of provider training on customer inputs and outputs where commercially and technically available. Even so, users should not submit highly sensitive or regulated data to AI-enabled features unless they are comfortable with the associated risks.
AI providers may process submitted content for the purpose of generating outputs, maintaining service reliability, abuse prevention, and other provider-side operational purposes.
Sharing of Information
We may share information with:
- cloud hosting and infrastructure providers;
- database, storage, and caching providers;
- authentication and identity service providers;
- email and communications providers;
- payment processors;
- analytics, logging, and error monitoring providers;
- AI model providers and AI gateway or routing providers; and
- professional advisers, regulators, law enforcement, or counterparties where legally required or reasonably necessary.
We do not sell personal information in the ordinary sense of that term.
Subprocessor Categories
Current processing categories may include:
- hosting and infrastructure;
- DNS and networking;
- database and cache services;
- authentication services;
- email delivery;
- billing and payment processing;
- analytics and product telemetry;
- logging and error monitoring; and
- AI model and gateway services.
We may maintain a separate subprocessor list and update providers over time.
Retention
We generally aim to delete customer content from active systems within 30 days after deletion or termination requests and from backups or residual systems within up to 90 days, unless longer retention is needed for legal, billing, security, fraud-prevention, or dispute-resolution purposes.
Certain business records, invoices, support records, and security logs may be retained for longer where required or justified.
Security
We use reasonable technical and organizational measures designed to protect data, including encryption in transit, encryption at rest, access controls, backups, and incident response practices. No system is completely secure.
Security inquiries may be sent to security@accesslayer.ai.
International Processing
AccessLayer may process data in Australia and other countries where our providers operate. By using the Services, you understand that data may be transferred internationally.
Your Rights
Depending on your location, you may have rights to access, correct, delete, restrict, object to, or request portability of personal data.
Account deletion requests may be submitted to alfie@accesslayer.ai and will generally be handled within 30 days.
Children
The Services are not intended for children and we do not knowingly collect personal information from children.
Changes
We may update this Privacy Policy from time to time by posting a revised version and updating the effective date.
Contact
AccessLayer
Alfred Roger Michael Jones, trading as AccessLayer
102/55 Queens Road, Melbourne VIC 3004, Australia
alfie@accesslayer.ai
security@accesslayer.ai