Privacy Policy

1. Who we are

Extralayer (“we”, “us”, “our”) operates the Extralayer browser extension and the website at extralayer.io. We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable EU/EEA data protection law.

Contact: denis@extralayer.io

2. What data we collect

3. Legal basis for processing

• →Contract performance (Art. 6(1)(b) GDPR): Processing necessary to provide the service you signed up for.
• →Legitimate interests (Art. 6(1)(f) GDPR): Security monitoring, fraud prevention, and improving service reliability.
• →Consent (Art. 6(1)(a) GDPR): Where we ask for your explicit consent, e.g. for marketing communications.

4. How we use your data

• Authenticate you and maintain your session
• Provide content analysis and community verification features
• Prevent abuse, spam, and security threats
• Send transactional emails (e.g. password reset)
• Improve and develop the service

We do not sell your personal data to third parties. We do not use your data for automated profiling or decisions with legal effect.

5. Data sharing

We share data only with:

• Infrastructure providers — cloud hosting and database services operating under data processing agreements (DPAs) with adequate safeguards.
• Identity providers — only at the time of OAuth login; we do not maintain ongoing data sharing with them.
• Law enforcement — only when required by applicable law or valid legal process.

6. International transfers

Our infrastructure is primarily located within the EEA. Where data is processed outside the EEA, we ensure adequate safeguards are in place (Standard Contractual Clauses or adequacy decisions by the European Commission).

7. Data retention

• Account data: retained for the lifetime of your account plus 30 days after deletion
• Content hashes and community contributions: retained while the service is active
• Server logs: 30 days
• Backups: up to 90 days

8. Your rights under GDPR

As a user in the EU/EEA you have the following rights. To exercise them, contact denis@extralayer.io.

• →Right of access: Request a copy of your personal data we hold.
• →Right to rectification: Correct inaccurate or incomplete data.
• →Right to erasure: Request deletion of your data (“right to be forgotten”).
• →Right to restriction: Restrict processing in certain circumstances.
• →Right to portability: Receive your data in a structured, machine-readable format.
• →Right to object: Object to processing based on legitimate interests.
• →Right to withdraw consent: Withdraw consent at any time without affecting prior processing.

You also have the right to lodge a complaint with your national data protection authority.

9. Cookies

The extension itself does not use cookies. The website uses only essential session cookies required for authentication. We do not use tracking or advertising cookies.

10. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), hashed credentials, and access controls. In the event of a data breach affecting your rights we will notify you as required by GDPR.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the extension or by email. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions: denis@extralayer.io