Privacy Policy

Last updated: 2/1/2026

Human Layer Lab, Inc. Last Updated: February 1, 2026

1. Introduction

Human Layer Lab, Inc. ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our workforce intelligence platform ("Service").

2. Information We Collect

2.1 Personal Data You Provide

Account Information:

  • Name and email address
  • Organization name and role
  • Password (encrypted)
  • Profile preferences

Organization Data:

  • Company name and size
  • Industry and department information
  • Workforce structure data you upload
  • Custom role definitions and configurations

2.2 Automatically Collected Data

Usage Data:

  • Pages visited and features used
  • Session duration and frequency
  • Device type and browser information
  • IP address and approximate location

Technical Data:

  • Log files and error reports
  • Performance metrics
  • API usage patterns

2.3 Inferred and Derived Data

Our AI systems generate derived insights from your data, including:

  • Role Risk Assessments: AI-generated scores indicating automation potential
  • Skills Analysis: Inferred skill requirements and trends
  • Trend Indicators: Predictions about workforce changes
  • Prescriptive Actions: Suggested strategic responses

Important: These AI-generated insights are probabilistic estimates, not factual determinations. They are designed to support human decision-making, not replace it.

2.4 Third-Party Data Sources

We aggregate and enrich our analysis using publicly available data from:

  • Job market platforms (job postings, skills requirements)
  • Technology databases (tool maturity, adoption rates)
  • Professional skills taxonomies (ESCO, O*NET)
  • Industry research and publications

This data is anonymized and aggregated; we do not collect personal information about individuals outside our platform.

3. How We Use Your Information

3.1 Service Delivery

  • Providing workforce intelligence and analytics
  • Generating AI-powered insights and recommendations
  • Processing and displaying your organizational data
  • Enabling collaboration within your organization

3.2 Service Improvement

  • Analyzing usage patterns to improve features
  • Training and refining our AI models (using anonymized data)
  • Debugging and performance optimization
  • Developing new features and capabilities

3.3 Communication

  • Sending service notifications and updates
  • Responding to support requests
  • Sharing product announcements (with consent)
  • Providing security alerts

3.4 Legal and Compliance

  • Complying with legal obligations
  • Enforcing our Terms of Service
  • Protecting against fraud and abuse
  • Responding to legal requests

4. AI Processing Disclosure

4.1 How AI Processes Your Data

Our AI systems analyze:

  • Role titles and descriptions you provide
  • Task and skill information
  • Industry and market data
  • Historical patterns and trends

4.2 Automated Decision-Making

We do NOT use automated decision-making for employment-related decisions. All AI outputs are:

  • Advisory in nature
  • Designed for human review
  • Not intended to make binding decisions
  • Clearly labeled as AI-generated

4.3 GDPR Article 22 Compliance

In accordance with GDPR Article 22, we do not subject data subjects to decisions based solely on automated processing that produce legal or similarly significant effects. All significant decisions require human oversight.

5. Data Sharing and Disclosure

5.1 With Your Consent

We share data with third parties only when you explicitly consent.

5.2 Service Providers

We may share data with trusted service providers who assist in:

  • Cloud hosting and infrastructure (see subprocessor list)
  • Analytics and monitoring
  • Customer support tools
  • Payment processing

All service providers are bound by data processing agreements.

5.3 Legal Requirements

We may disclose data when required by law, court order, or governmental authority, or to:

  • Protect our rights and property
  • Prevent fraud or abuse
  • Ensure user safety

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity.

6. Data Retention

6.1 Active Accounts

We retain your data for as long as your account is active and for a reasonable period thereafter to:

  • Allow account reactivation
  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements

6.2 Retention Periods

| Data Type | Retention Period | |-----------|------------------| | Account data | Duration of account + 2 years | | Usage logs | 90 days (rolling) | | Audit logs | 7 years | | AI analysis results | Duration of account + 1 year | | Backup data | 30 days after deletion |

6.3 Deletion

Upon account deletion request:

  • Personal data is deleted within 30 days
  • Anonymized aggregate data may be retained
  • Backup data is purged within 90 days

7. Data Security

7.1 Technical Measures

  • Encryption in transit (TLS 1.3)
  • Encryption at rest (AES-256)
  • Role-based access controls
  • Multi-factor authentication (MFA)
  • Regular security assessments

7.2 Organizational Measures

  • Employee security training
  • Background checks for personnel with data access
  • Incident response procedures
  • Regular security audits

7.3 SOC 2 Compliance

We maintain SOC 2 Type I certification for Security and Confidentiality trust service criteria.

8. Your Rights

8.1 Access

You may request a copy of your personal data at any time.

8.2 Correction

You may update or correct inaccurate personal data through your account settings or by contacting us.

8.3 Deletion

You may request deletion of your personal data, subject to legal retention requirements.

8.4 Portability

You may request an export of your data in a machine-readable format.

8.5 Objection

You may object to certain processing activities, including marketing communications.

8.6 Restriction

You may request that we limit processing of your data in certain circumstances.

8.7 Exercising Your Rights

To exercise any of these rights, contact us at privacy@humanlayerlab.com. We will respond within 30 days.

9. Cross-Border Data Transfers

9.1 Transfer Mechanisms

When we transfer data outside your jurisdiction, we ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs)
  • Data Processing Addendums
  • Adequacy decisions where applicable

9.2 US Data Processing

Our primary infrastructure is located in the United States. European users' data may be processed in the US under appropriate safeguards.

10. Cookies and Tracking

10.1 Essential Cookies

Required for Service functionality:

  • Session management
  • Authentication
  • Security features

10.2 Analytics Cookies

Used to understand Service usage (with consent):

  • Page views and navigation
  • Feature usage
  • Performance metrics

10.3 Your Choices

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service. Your continued use after notification constitutes acceptance.

13. Contact Us

For privacy-related questions or to exercise your rights:

Human Layer Lab, Inc. Email: privacy@humanlayerlab.com

Data Protection Officer: Email: dpo@humanlayerlab.com

This Privacy Policy is effective as of the date listed above and applies to all users of Human Layer Lab.