Back to Home

Privacy Policy

Last updated: November 29, 2024

This Privacy Policy complies with the EU General Data Protection Regulation (GDPR) and describes how SmartLayers collects, uses, and protects your personal data.

1. Data Controller

Global Marketing EOOD, operating as SmartLayers, is the data controller responsible for your personal data. For any questions regarding this Privacy Policy or your data rights, please contact us at:

  • Company: Global Marketing EOOD
  • Email: privacy@smartlayers.io
  • Data Protection Officer: dpo@smartlayers.io

2. Data We Collect

2.1 Account Information

  • Email address (required for account creation)
  • Full name
  • Profile picture (optional)

2.2 Billing Information (for paid subscriptions)

  • Full legal name
  • Company name (optional)
  • Billing address (street, city, postal code, country)
  • VAT number (for EU businesses)
  • Phone number (optional)
  • Payment method details (processed securely by Stripe)

2.3 Blockchain Data

  • Wallet addresses used for transactions
  • Transaction hashes and smart contract interactions

2.4 Usage Data

  • IP address
  • Browser type and version
  • Pages visited and features used
  • Date and time of access
  • Device information

2.5 Content You Create

  • AI-generated images and prompts
  • NFT collection data and metadata
  • Project configurations

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

Contract Performance

Processing necessary to provide our services (account management, subscriptions, NFT generation)

Legal Obligation

Processing required by law (AML compliance, tax reporting, fraud prevention)

Legitimate Interest

Processing for service improvement, security, and analytics (with appropriate safeguards)

Consent

Marketing communications, optional cookies (you can withdraw consent at any time)

4. How We Use Your Data

  • To provide and maintain our Service
  • To process payments and manage subscriptions
  • To comply with AML/KYC regulations for crypto payments
  • To communicate with you about your account and service updates
  • To provide customer support
  • To detect and prevent fraud and abuse
  • To improve our Service through analytics
  • To send marketing communications (with your consent)

5. Data Sharing & Third Parties

We may share your data with the following categories of recipients:

Payment Processors

Stripe (for card payments) - processes payment data under their own privacy policy

Cloud Infrastructure

Supabase (database), Pinata (IPFS storage) - data stored with appropriate security measures

AI Service Providers

FAL AI - processes image generation prompts (no personal data shared)

Analytics

Anonymized usage data for service improvement

Legal Authorities

When required by law or to protect our rights

We do NOT sell your personal data to third parties for marketing purposes.

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules where applicable

7. Data Retention

We retain your data for different periods depending on the type:

Data Type Retention Period
Account data Until account deletion + 30 days
Billing/transaction records 10 years (legal requirement)
Project data Until project deletion
Support tickets 3 years after resolution
Analytics data 26 months (anonymized)

8. Your Rights (GDPR)

Under the GDPR, you have the following rights:

Right of Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate personal data

Right to Erasure

Request deletion of your data ("right to be forgotten")

Right to Restriction

Limit how we process your data

Right to Portability

Receive your data in a machine-readable format

Right to Object

Object to processing based on legitimate interest

To exercise these rights, please contact us at privacy@smartlayers.io. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication and access controls
  • Regular security audits and updates
  • API keys and sensitive data are encrypted
  • Limited employee access to personal data

10. Cookies

We use cookies and similar technologies to provide and improve our Service. For detailed information about our use of cookies, please see our Cookie Policy.

11. Contact & Complaints

For any questions or to exercise your rights, contact us at:

  • Privacy inquiries: privacy@smartlayers.io
  • Data Protection Officer: dpo@smartlayers.io

If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority. In Bulgaria, this is the Commission for Personal Data Protection (CPDP).

Terms of Service Cookie Policy