Layers by Mirror Factory

Privacy Policy

Layers records meetings without a meeting bot and turns them into transcripts, summaries, decisions, actions, and searchable memory. This policy explains what data the app handles and how account deletion requests work during launch.

Launch draft - legal review pending

This policy is practical launch copy for website, TestFlight, and Play internal testing. It should be reviewed by counsel before production store submission or broad public launch.

Account and identity

  • Email address, authentication identifiers, user ID, and sign-in provider details.
  • OAuth tokens you approve to connect Layers to MCP clients or integrations.
  • Subscription tier, billing status, and Stripe customer identifiers. We do not store full payment card numbers.

Meeting content

  • Audio you record or upload, transcripts, speaker segments, summaries, decisions, action items, and intake fields.
  • Search indexes and embeddings derived from your meeting content so you can find prior context.
  • Local recording draft data while a capture is in progress, where supported by the app surface.

Connected context

  • Calendar connection status, provider account email, event titles, times, and related metadata you choose to connect.
  • Webhook destinations, integration settings, model preferences, and usage limits.
  • Support messages and operational notes when you contact us.

Usage and diagnostics

  • Product usage events, request logs, error traces, cost telemetry, and basic device/browser information.
  • Cookies or local storage needed for authentication, settings, theme preference, and session continuity.
  • Aggregate launch analytics used to understand reliability, activation, and product quality.

How we use information

  • Provide transcription, summaries, action items, search, exports, and connected AI-tool context.
  • Authenticate accounts, secure sessions, prevent abuse, and keep each user's meeting library isolated.
  • Operate billing, usage limits, support, product reliability, and service communications.
  • Improve product quality using aggregate diagnostics and user feedback.
  • Comply with legal, security, tax, accounting, and platform review obligations.

AI processing and service providers

Layers uses service providers to operate the app. Meeting content may be sent to transcription and AI model providers only as needed to produce the product features you request. Provider settings, subprocessors, and retention commitments need final legal review before production launch.

  • Supabase for authentication, database, storage-related application data, and security controls.
  • Speech-to-text and AI model providers for transcription, summarization, and structured extraction.
  • Vercel and related infrastructure providers for hosting, logs, and app delivery.
  • Stripe for subscriptions, invoices, payment status, tax, and fraud prevention.
  • Resend or email providers for transactional email and support communications.
  • Google and Microsoft when you choose to connect calendar or sign-in services.

Recording consent

Layers is a bot-free recorder. That does not remove consent or notice obligations. You are responsible for telling participants when a meeting is being recorded and for following recording, privacy, employment, and confidentiality laws that apply to your conversations.

Sharing

We do not sell your personal information or meeting content. We share information with service providers, connected integrations you authorize, billing and support systems, and when required for security, legal compliance, or protection of rights.

Retention and deletion

We keep account data, meeting content, and derived meeting memory while your account is active or while needed to provide Layers, unless you delete data or request account deletion. Some records may be retained when needed for security, fraud prevention, payment, tax, legal, backup, or dispute purposes.

Account deletion requests are handled through the account deletion page. Full self-serve destructive deletion is a launch follow-up and should not be treated as legal-approved until reviewed.

Security

Layers uses authentication, row-level database controls, limited access patterns, and operational logging to protect user data. No online service can guarantee absolute security, so report suspected issues to support@mirrorfactory.ai.

Children

Layers is intended for work use and is not directed to children. Do not use Layers to collect personal information from children unless you have all required authority, consent, and compliance controls.

Changes

We may update this policy as Layers changes. We will update the date above and, where appropriate, provide additional notice.