Privacy Policy

Layer8 Systems Inc. (“Layer8”, “we”, “us”, or “our”) is a Canadian company that operates the Layer8 Systems platform, including NetMapr, AssetTrakr, and NoteTakr (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in compliance with the Personal Information Protection and Electronic Documents Act(PIPEDA) and, where applicable, provincial privacy legislation including Quebec’s Act respecting the protection of personal information in the private sector (Law 25).

By using the Service you consent to the collection and use of your personal information as described in this policy. If you do not agree, please do not use the Service.

We collect personal information only for purposes that a reasonable person would consider appropriate in the circumstances. We use your information to:

• Provide, operate, and improve the Service.
• Authenticate you and manage your account and organization.
• Process billing and send transactional emails (invoices, receipts).
• Send service notifications (maintenance, security alerts, new features).
• Respond to support requests and resolve disputes.
• Detect, prevent, and address fraud, abuse, and security incidents.
• Comply with applicable legal obligations.

We do not sell your personal information to third parties. We do not use your infrastructure content for advertising or AI/ML model training.

We share personal information only with your knowledge and consent, or as permitted or required by law:

• Service providers:Clerk (authentication), Convex (database & backend), Vercel (hosting), Polar (billing), and Resend (transactional email). Each is contractually bound to protect your information and use it only to provide services to us.
• Within your organization: Members of your Layer8 organization can access shared maps. Notes and device configurations remain encrypted and owner-scoped.
• Public shares: Content you explicitly mark as public or share via a link is accessible to anyone with that link.
• Legal requirements: When required by Canadian federal or provincial law, court order, or to protect the rights and safety of users or the public.
• Business transfers: In connection with a merger, acquisition, or sale of assets, with advance notice to affected users and subject to the same privacy protections.

We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law. You may delete your account at any time from the Settings page. Upon deletion, your personal information and content are removed within 30 days, except where retention is required by applicable Canadian legislation.

We implement appropriate technical and organizational safeguards to protect your personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification, including:

• AES-256-GCM client-side encryption for notes and device configurations.
• TLS encryption for all data in transit.
• Access control enforced at every API layer (Clerk JWT + Convex authorization).
• Encrypted backups via Convex’s managed infrastructure.

No method of transmission over the internet or electronic storage is 100% secure. If you discover a security vulnerability please report it to privacy@layer8systems.ca.

We use strictly necessary cookies for authentication sessions (via Clerk) and local preference storage. We may use analytics cookies to understand usage patterns. You can control cookies through your browser settings; disabling authentication cookies will prevent you from signing in.

Under PIPEDA and applicable provincial legislation, you have the right to:

• Access the personal information we hold about you, and receive an explanation of how it has been or may be used.
• Correct inaccurate or incomplete personal information.
• Withdraw consent to our collection, use, or disclosure of your personal information at any time, subject to legal and contractual restrictions.
• Delete your account and associated personal data.
• Export your data in a portable format (available via in-app export tools).
• File a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca if you believe we have not handled your personal information in accordance with PIPEDA.

To exercise these rights, contact our Privacy Officer at privacy@layer8systems.ca. We will respond within 30 days of receiving your request.

Layer8 Systems is based in Canada. Some of our service providers (including Convex, Vercel, Clerk, Polar, and Resend) process data in the United States and other jurisdictions. When your personal information is transferred outside Canada, it may be subject to the laws of those jurisdictions, including lawful access by foreign governments. We take reasonable contractual measures to ensure that your information receives comparable protection to that required by Canadian privacy law.

By using the Service, you acknowledge that your personal information may be transferred to and processed outside Canada.

The Service is not directed to children under 13. We do not knowingly collect personal information from children without verifiable parental consent. If you believe a child has provided us personal information without appropriate consent, contact us at privacy@layer8systems.ca and we will delete it promptly.

We may update this Privacy Policy periodically. We will notify you by email or in-product notice at least 14 days before material changes take effect. Continued use of the Service after the effective date constitutes consent to the revised policy.

Questions about this Privacy Policy, our privacy practices, or your personal information?