Privacy Policy
What we collect, and why.
Layroom keeps data collection to what the product actually needs. No advertising trackers, no third-party data brokers, no resale. The list below is the whole list.
Last updated 19 May 2026
- 01
Who the controller is
- The data controller is Cristiano Soleti, a sole proprietor based in Italy operating the service at layroom.com. For any question about this policy, including requests to access or erase your data, write to [email protected]. We aim to reply within seven days.
- 02
Visiting the site without an account
- Browsing layroom.com or using the editor without signing in does not require any personal data. The server logs the minimum needed to serve the page (your IP address, the user agent your browser sends, and the route you requested), retained for up to 14 days for security and debugging. Cookies are opt-in: the consent banner at the bottom of the page is the switch. Analytics (PostHog, EU instance) only fire after you accept analytics in the banner.
- 03
Signing in with Google
- If you choose to sign in with Google, we receive your email address, your display name, your profile picture URL, and your Google account identifier (the sub field). We store those in our Postgres database hosted in the EU and use them only to identify you, show your name in the account menu, and let you return to your saved work. We never post on your behalf and never request additional Google scopes.
- 04
Session cookies
- When you sign in we set a single HTTP-only cookie containing a session identifier. The cookie is signed with an HMAC secret on the server. The matching session record in Postgres stores a hashed token, your user id, the issue time, and the expiry. Sessions expire after roughly 30 days of inactivity. Signing out deletes both the cookie and the server-side record.
- 05
3D assets and uploads
- Floor plan images and generated 3D models are stored in our Cloudflare R2 bucket (EU region) and served from a public R2 URL bound to your account. The files are scoped to your account and are not indexed by search engines. Deleting a piece from your library deletes the underlying object.
- 06
Payments and Paddle
- When you open the upgrade overlay, the form is loaded directly from Paddle (paddle.com), our Merchant of Record. Paddle receives your name, email, billing address and card details so it can charge you and issue an invoice; Layroom never sees the card number. We send Paddle your account id and email so the charge can be tied back to your account, and we receive a webhook back from Paddle telling us which plan is now active. Paddle is GDPR-compliant and stores European customers' data in the EU; see paddle.com/legal/privacy for their own notice. Paddle's overlay sets a small number of cookies for fraud detection while the checkout form is open.
- 07
Subprocessors we use
- Google (OAuth sign-in only), Cloudflare R2 (object storage, EU region), PostHog (product analytics, EU instance, opt-in only), Meshy (text-to-3D generation when you request it), Paddle (billing, Merchant of Record, EU data residency), and Hetzner (server hosting, EU region). Each of these is contractually bound by data-protection terms; we do not share data with anyone else.
- 08
Your rights under GDPR
- You have the right to access the personal data we hold about you, correct anything that is wrong, ask us to delete it, port it elsewhere, restrict our processing, or object to it. Email the controller to exercise any of these rights. If you are in the EU you can also file a complaint with your national data-protection authority; for Italian residents that is the Garante per la protezione dei dati personali.
- 09
How long we keep things
- Account data (profile, generated models, saved plans) stays until you ask for deletion or close your account. Sessions auto-expire after 30 days. Server logs roll off within 14 days. Billing records sit with Paddle as the Merchant of Record; our own copy of invoice metadata (plan, amount, period) is retained for the period Italian tax law requires (currently ten years for invoices).
- 10
Changes to this policy
- If we change what we collect or who processes it, we will email account holders at least 14 days before the change takes effect and update the date below. Material reductions in scope (collecting less, removing a subprocessor) can take effect immediately.
Note: this policy is written by the operator in plain English and is not a substitute for legal advice.