Layout

Privacy Policy

Effective date: 1 March 2026

1. Introduction

Layout (layout.design) is operated from the United Kingdom. We are committed to protecting your privacy and being transparent about how we handle your data. This policy explains what information we collect, how we use it, and what rights you have.

2. What Data We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign in via Google or GitHub, we receive your profile information from those providers (name, email, and avatar).

Project Data

Design system extractions, layout.md files, context bundles, and related project data you create within Layout. This data is stored in our self-hosted database and is scoped to your account — no other user can access it.

Usage Analytics

We use self-hosted Plausible Analytics to collect anonymous usage data such as page views, referral sources, and device type. Plausible does not use cookies, does not collect personal information, and all data is stored on our own infrastructure. No data is shared with third parties.

3. API Key Handling

Layout may ask you to provide API keys for third-party services (e.g. Anthropic, Figma). These keys are stored exclusively in your browser's localStorage. They are sent to our server only when required to process a specific request on your behalf and are never written to our database or logged. Clearing your browser data removes them entirely.

4. How We Store Your Data

Account and project data is stored in a self-hosted PostgreSQL database (via Supabase) on infrastructure we control. We do not use shared multi-tenant cloud databases. Authentication sessions are managed by Better Auth and stored in the same PostgreSQL instance. All connections use encrypted transport.

5. Cookies

Layout uses a single session cookie to keep you signed in. This cookie is httpOnly and secure, meaning it cannot be accessed by JavaScript and is only sent over HTTPS. We do not use advertising cookies, tracking cookies, or any other non-essential cookies.

6. Website Extraction

When you use Layout to extract a design system from a live website, we use Playwright server-side to visit the URL you provide. We capture CSS properties and screenshots for the purpose of building your design system context. This data is associated with your project and is not shared with anyone else.

7. Third-Party Services

We integrate with the following third-party services:

  • Stripe — processes subscription payments. Your payment card details are handled entirely by Stripe and never touch our servers. See Stripe's Privacy Policy.
  • Google OAuth — if you choose to sign in with Google, we receive your name, email, and profile picture. We do not request access to any other Google data.
  • GitHub OAuth — if you choose to sign in with GitHub, we receive your name, email, and avatar. We do not request access to your repositories or other GitHub data.
  • Plausible Analytics — self-hosted, cookie-free, privacy-focused web analytics. No personal data is collected or shared.

8. Data Retention

We retain your account data and project data for as long as your account is active. If you delete your account, we will remove your personal data and project data within 30 days. Anonymous, aggregated analytics data (which cannot identify you) may be retained indefinitely.

9. Your Rights

You have the right to:

  • Access — request a copy of all personal data we hold about you.
  • Correction — ask us to correct any inaccurate information.
  • Deletion — ask us to delete your account and all associated data.
  • Export — download your project data (design system bundles) at any time through the export feature in the studio.
  • Restriction — ask us to restrict processing of your data in certain circumstances.

To exercise any of these rights, email us at hello@layout.design. We will respond within 30 days.

10. Children's Privacy

Layout is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by posting a notice on the service or by email. Continued use of Layout after changes take effect constitutes your acceptance of the revised policy.

12. Contact

If you have questions about this privacy policy or how we handle your data, please contact us at hello@layout.design.