Last reviewed: June 2024
1. Overview
This statement outlines how Layer Systems manages, classifies, and protects data processed by The Layer platform during normal operation, support, and service delivery.
It reflects established operational practices used to ensure customer data is handled responsibly, securely, and in line with contractual expectations.
2. Applicability
This statement applies to:
- Customer data processed by The Layer platform
- System, operational, and support data generated by platform use
- Employees and contractors who may access data as part of their role
3. Data Categories & Classification
Layer Systems classifies data into the following categories to ensure appropriate handling and protection:
Customer Data
Data entered into The Layer platform by customers during normal use, including business records and configuration information.
Handling:
- Restricted to authorised systems and personnel
- Backed up and protected in line with recovery objectives
- Never used outside of service delivery
Operational & Configuration Data
Data required to operate, support, and configure the platform.
Handling:
- Access limited to engineering and operations staff
- Used solely to maintain platform functionality and performance
System & Diagnostic Data
Logs, metrics, and monitoring data used for troubleshooting, performance monitoring, and service reliability.
Handling:
- May be retained for operational analysis
- Access restricted to authorised personnel
- Does not include customer content beyond what is necessary for diagnostics
4. Use of Data
- Data is collected only where necessary to provide platform functionality
- Customer data is not processed for purposes outside of contracted services
- Data is not sold or shared with third parties for marketing or unrelated activities
5. Storage & Location
- Data is stored within managed cloud infrastructure
- Customer data remains within the region selected at provisioning (e.g. UK or EU)
- Logical separation is maintained between customer and system data
6. Access & Controls
- Access to data is role-based and granted on a need-to-know basis
- All access uses individual user accounts
- Elevated access is restricted and reviewed
- Access is removed promptly when no longer required
7. Protection Measures
Layer Systems applies a combination of technical and operational controls appropriate to each data classification, including:
- Encrypted communication for data in transit
- Encryption at rest using cloud-provider services
- Regular, automated backups and tested restore processes
- Monitoring of system health and availability
8. Retention & Recovery
Retention and recovery practices vary by data classification:
- Customer Data: retained for the duration of the active service and recoverable for a limited period after termination
- Operational Data: retained as required to support platform operation
- System & Diagnostic Data: retained for operational analysis and troubleshooting
Detailed retention and recovery practices are maintained internally as part of service continuity planning.
9. Data Portability
- Customers may request an export of their data
- Exports are provided within an agreed timeframe and secure format
10. Service Termination & Data Removal
When a service is terminated:
- Customer data remains recoverable for a limited retention period
- Data exports may be requested during this time
- Customer data is securely and permanently removed after the retention period
11. Third-Party Support
- Trusted third parties may support hosting, development, or testing activities
- All third parties are subject to confidentiality obligations
- Responsibility for customer data remains with Layer Systems
12. Incident Management
- Data-related incidents are investigated promptly
- Customers are notified of material incidents where required
13. Review
This statement is reviewed periodically and updated as operational practices evolve.
14. Contact
For questions relating to data management or classification, please contact:
Layer Systems Ltd
Email: support@layersystems.com
