Privacy Policy
Effective date: 9 June 2026
This policy explains what data the AI Data Layer plugin and its cloud service process, when, and with which providers. It is written to reflect the plugin's actual data flows. This is not legal advice; we recommend you have your own counsel review your use of the service.
1. Who we are
"AI Data Layer" (the "Service", "we", "us") is a WordPress plugin and
accompanying cloud service that analyses a website's published content using
cloud AI to extract entities, generate JSON-LD schema, and publish
AI-readable surfaces (such as /llms.txt, per-page Markdown
copies, canonical entity pages, a public REST API, and a per-site MCP
server) so the site is legible to AI search engines. Content analysis runs
in our cloud, not on your own server.
For any privacy question, or to exercise your rights, contact us at privacy@ai-datalayer.com.
2. What data we process and when
The plugin transmits data to our cloud only on actions you initiate (for example, when you analyse a post, validate your licence, start a trial, or open billing). It does not silently exfiltrate your content. The table below lists exactly what is sent and when.
| When | Data sent | Sent to |
|---|---|---|
| You analyse a post, or enable auto-analyse | Post title, content, and URL; your site domain; your licence key | AI Data Layer cloud → then an LLM for extraction |
| Licence validation / quota check | Licence key, site domain | AI Data Layer cloud |
| Activating the free trial | Site domain and your WordPress admin email | AI Data Layer cloud |
| Starting checkout / opening the billing portal | Licence key, return URL | AI Data Layer cloud → Stripe |
3. What we store
- Account / licence record: your email, registered site domain(s), plan tier, usage counters, and your Stripe customer and subscription IDs.
- Analysis jobs and results derived from your content: the extracted entities, generated schema, and summaries produced from the post content you submit.
- Billing records: webhook and credit-grant records.
Card data is never sent to or stored by us. All card details are handled by Stripe through its hosted checkout and billing portal; we keep only a Stripe customer/subscription reference.
4. Subprocessors
We use the following providers to operate the Service. Where content or personal data is shared, it is described below. Each provider processes data under its own privacy policy (linked).
| Provider | Purpose | Data they receive |
|---|---|---|
| Supabase | Hosting of the cloud service (Postgres database and Edge Functions); stores licences, analysis jobs, and analysis results | Account/licence records and analysis data |
| Trigger.dev | Runs the background task that processes submitted post content | Submitted post content during processing |
OpenRouter
/ the LLM provider (model gpt-4o-mini)
| Extracts entities and structured data from your content | Post content you submit for analysis |
| Wikidata (Wikimedia) | Public API used to verify entity identifiers | Only extracted entity names — no site or personal data |
| Stripe | Payments via hosted checkout and billing portal | Your payment details (handled entirely by Stripe); we never receive or store card numbers |
5. How we use data and our lawful basis
We process the data above for one purpose: to provide the Service you requested — analysing your content, generating AI-readable surfaces, validating your licence, and managing your subscription and billing. Our lawful basis is the performance of our contract with you (providing the Service) and our legitimate interest in operating and securing it.
6. Data retention
We retain your account/licence record and analysis data while your account is active. On request, or when you close your account, we delete your personal data and analysis results, except where we must retain limited billing records to meet legal and accounting obligations. To request deletion, contact privacy@ai-datalayer.com.
7. Your rights
Subject to applicable law, you have the right to access the personal data we hold about you, to have it corrected, and to have it deleted. You may also object to or restrict certain processing, and request a copy of your data. To exercise any of these rights, email privacy@ai-datalayer.com; we will respond within the time required by law.
8. Security
Data is encrypted in transit between the plugin, our cloud, and our subprocessors. Your licence key is masked in the settings API and is never logged. We restrict access to stored data to what is needed to operate the Service.
9. International transfers
Our cloud service and several of our subprocessors are hosted in the United States. Where your data is transferred internationally, we rely on the providers' own safeguards and applicable transfer mechanisms.
10. Cookies
The plugin itself sets no cookies on your public website. Our admin application uses only the WordPress session cookies required to keep you signed in to your own WordPress dashboard.
11. Children
The Service is intended for website owners and is not directed at children. We do not knowingly collect personal data from children.
12. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify you through the plugin or by email.
13. Contact
Questions about this policy or your data: privacy@ai-datalayer.com.