Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

GDPR Compliant
Privacy First
User Control
Information We Collect

Information You Provide

  • Contact information (name, email address) when you submit forms
  • Content and files you upload to our platform
  • Communication preferences and settings
  • Feedback and support requests

Automatically Collected Information

  • Device information (browser type, operating system)
  • Usage data (pages visited, time spent, interactions, clicks, form submissions)
  • IP address and general location information
  • Performance and error data
  • User journey and conversion tracking data
How We Use Your Information

Service Provision

To provide, maintain, and improve our AI-powered content monetization services.

Communication

To respond to your inquiries and provide customer support.

Analytics

To understand how our services are used, identify friction points in user journeys, track conversion events, and improve user experience through data-driven insights.

Security

To protect against fraud, abuse, and security threats.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and provide our services.

Necessary Cookies

Essential for the website to function properly. These cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website. You can disable these in your preferences.

Functional Cookies

Enable enhanced functionality like form submissions and video playback. You can disable these in your preferences.

Manage Your Cookie Preferences

You can control your cookie preferences at any time using the cookie banner or by clearing your browser settings.

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party services that help us operate our platform, including analytics providers like PostHog
  • Legal Requirements: When required by law or to protect our rights and safety
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share your information
Data Retention

We retain your personal information only as long as necessary to provide our services and fulfill the purposes outlined in this policy.

Account Data

Retained while your account is active and for a reasonable period after deactivation.

Analytics Data

Aggregated analytics data may be retained for up to 2 years for service improvement. Individual user event data collected by PostHog is retained according to PostHog's data retention policies, typically up to 1 year for event data and longer for aggregated insights.

Legal Basis for Processing

We process your personal data based on the following legal bases under GDPR:

1. Contract (Article 6(1)(b))

Processing necessary for the performance of a contract:

  • Account creation and service provision
  • Payment processing and billing
  • Customer support

2. Consent (Article 6(1)(a))

Processing based on your explicit consent:

  • Analytics cookies
  • Functional cookies
  • Marketing communications (if applicable)

You can withdraw consent at any time via cookie settings.

3. Legitimate Interest (Article 6(1)(f))

Processing necessary for our legitimate interests:

  • Security monitoring and fraud prevention
  • Service improvement and analytics
  • Network and information security

4. Legal Obligation (Article 6(1)(c))

Processing required by law:

  • Tax record retention (7 years)
  • Financial compliance and auditing
Your Rights and Choices

You have the following rights regarding your personal information under GDPR and CCPA:

California Consumer Privacy Act (CCPA) Rights

If you are a California resident, you have additional rights under the CCPA:

  • Right to Know: You can request what personal information we collect, use, and share
  • Right to Delete: You can request deletion of your personal information (same as GDPR Article 17)
  • Right to Opt-Out: You can opt-out of the sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise your CCPA rights, contact us at support@earnlayerai.com or use the data export and deletion features in your account settings.

GDPR Rights (European Users):

Access and Portability (Article 15)

Request access to your personal data and receive it in a portable format (JSON).

Download My Data →

Right to Rectification (Article 16)

Correct inaccurate or incomplete personal data. You can update your profile information anytime.

Edit My Profile →

Right to Erasure (Article 17)

Request deletion of your personal information, subject to legal requirements. You can delete your account from your settings page.

Right to Object (Article 21)

Object to processing of your personal information for certain purposes. We do not currently engage in direct marketing. You can object to analytics tracking via cookie settings. For other objections, contact us at support@earnlayerai.com

Right to Restriction (Article 18)

Request restriction of processing of your personal data in certain circumstances. Contact us at support@earnlayerai.com to make a restriction request.

Data Breach Notification

In the event of a data breach that may affect your personal data, we will:

  • Notify the supervisory authority within 72 hours of becoming aware of the breach (Article 33)
  • Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms (Article 34)
  • Provide clear information about the nature of the breach, likely consequences, and measures taken

If you have concerns about a potential data breach, please contact us immediately at support@earnlayerai.com

For detailed information about our data breach notification procedures, see our Data Breach Policy.

International Data Transfers

Your data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) with data processors
  • Adequacy decisions where applicable
  • Encryption and security measures
  • Regular security audits and assessments

Sub-processors: We use trusted third-party services including PostHog (analytics), Railway (hosting), and Stripe (payments). All sub-processors are bound by appropriate data processing agreements.

Data Processing Agreement (DPA)

For enterprise customers, we provide a Data Processing Agreement (DPA) that outlines:

  • Standard contractual clauses for data processing
  • Security requirements and measures
  • Sub-processor terms and notifications
  • Data retention and deletion procedures
  • Audit rights and compliance requirements

Enterprise customers: Our standard DPA template is available at earnlayerai.com/dpa. For a customized version, please contact us at support@earnlayerai.com.

The DPA template can be customized based on your specific requirements.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: support@earnlayerai.com

Last Updated: 12/6/2025

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page.