Legal

Privacy Policy

Last updated: March 7, 2026

1. Who We Are

ComplianceLayer, Inc. ("ComplianceLayer," "we," "us," or "our") operates the ComplianceLayer API and website at compliancelayer.net. We provide infrastructure security scoring services for MSPs and businesses.

If you have questions about this policy, contact us at: [email protected]

2. Information We Collect

Account Information

When you create an account, we collect your email address, name (optional), and billing information (processed by Stripe — we never store full card numbers).

Usage Data

We collect logs of API requests including: domains scanned, timestamps, API key used, scan results, and IP address of the request origin. This data is used to provide the service, enforce rate limits, and detect abuse.

Payment Data

All payment processing is handled by Stripe, Inc. We receive confirmation of successful payments and subscription status, but never store raw card data. Stripe's privacy policy applies to payment data: stripe.com/privacy

Technical Data

When you visit our website, we may collect browser type, referring URLs, and page interaction data via standard web analytics. We do not use tracking pixels or third-party advertising cookies.

3. How We Use Your Information

  • Provide and operate the ComplianceLayer API service
  • Process billing and send invoices
  • Send service notifications (downtime alerts, scan completions, plan updates)
  • Enforce our Terms of Service and Acceptable Use Policy
  • Respond to support requests
  • Improve the product based on aggregate usage patterns

We do not sell your data to third parties. We do not use your scan results for any purpose other than delivering results to you.

4. Scan Data

Domains you submit for scanning are processed to generate security scores. Scan results are stored in your account history for the duration of your subscription. We do not share individual scan results with other customers or third parties.

Aggregate, anonymized data (e.g., "X% of scanned domains have no DMARC record") may be used in published research or marketing materials. No individual domain results are included in aggregate reports.

5. Data Retention

  • Account data: Retained for the life of your account plus 90 days after cancellation
  • Scan results: Retained per your plan's history window (30 days on Starter, 1 year on Pro and above)
  • Billing records: Retained for 7 years as required by law
  • API logs: Retained for 90 days for abuse detection and debugging

6. Data Sharing

We share data only with:

  • Stripe — payment processing
  • Infrastructure providers (e.g., cloud hosting) — to operate the service
  • Law enforcement — only when legally required by valid legal process

We will notify you of any government data requests where legally permitted to do so.

7. Your Rights

You may at any time:

  • Export your scan history from your dashboard
  • Delete your account and associated data (email [email protected])
  • Request a copy of data we hold about you
  • Correct inaccurate account information

Account deletion requests are processed within 30 days. Billing records required by law are retained per Section 5.

8. Security

We use industry-standard practices to protect your data: encryption in transit (TLS 1.2+), encryption at rest, API key hashing, and access controls. No system is perfectly secure — if you discover a vulnerability, please report it to [email protected].

9. Cookies

We use cookies strictly necessary to operate the service (authentication sessions, CSRF protection). We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but this will prevent login from working.

10. Children

ComplianceLayer is not directed at children under 13. We do not knowingly collect data from children. If you believe we have inadvertently collected such data, contact us immediately.

11. Changes to This Policy

We may update this policy. Material changes will be communicated via email to active customers at least 30 days before taking effect. Continued use of the service constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or requests:
Email: [email protected]
ComplianceLayer, Inc.
United States