Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

Last updated: February 11, 2026

Introduction

ActiveLayer LLC (“ActiveLayer”, “we”, “us”, or “our”) operates the ActiveLayer spam detection service, including the website, API, and WordPress plugin. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

Information We Collect

We collect several types of information to provide and improve our Service:

Account Information

When you create an account, we collect:

  • Name – Your full name as provided during registration
  • Email address – Used for account authentication and communications
  • Password – Stored in hashed form using industry-standard bcrypt encryption
  • Registration IP address – The IP address used when creating your account
  • Account status – Whether your account is active or suspended
  • Multi-factor authentication data – If enabled, MFA secrets are stored encrypted

Spam Detection Data

When you use our API to check content for spam, we log:

  • Detection ID – A unique identifier for each spam check request
  • Submitted content – The form data submitted for analysis, including message text, sender email, sender name, and any additional form fields
  • Client IP address – The IP address of the form submitter (not your server)
  • User agent – Browser or client information of the form submitter
  • Detection results – Spam scores, confidence levels, risk assessments, and detection signals
  • Processing metadata – Timestamps and execution times

API Token Information

  • Token name – The label you assign to each API key
  • Token hash – API keys are stored as SHA-256 hashes, not in plain text
  • Token status – Active or revoked status
  • Last used timestamp – When the token was last used for an API request

Usage Information

  • API request counts – Monthly usage statistics per user
  • Quota notifications – Records of usage alerts sent

User Configuration

  • Spam settings – Your custom detection preferences including trusted countries, languages, blocked IPs, domains, and keywords
  • Subscription plan – Your current plan tier and associated quotas

Session Information

  • Session ID – Unique identifier for your browsing session
  • IP address – Your IP address during the session
  • User agent – Your browser information
  • Session data – Encrypted session payload for maintaining login state

How We Collect Information

We collect information through the following methods:

Direct Collection

Information you provide when creating an account, configuring settings, or contacting support.

API Requests

Content and metadata submitted through our spam detection API endpoints.

Automatic Collection

Technical information collected automatically when you access our website or API, including IP addresses, browser type, and usage patterns.

Cookies and Similar Technologies

Information collected through cookies, session storage, and analytics tools.

How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision – To provide spam detection and analysis services
  • Account Management – To create and manage your account, authenticate requests, and process payments
  • Service Improvement – To improve our detection algorithms using aggregated and anonymized data
  • Usage Tracking – To monitor and enforce usage quotas based on your subscription plan
  • Security – To detect and prevent fraud, abuse, and security threats
  • Communications – To send service-related notifications, including quota alerts and important updates
  • Support – To respond to your inquiries and provide customer support
  • Legal Compliance – To comply with applicable laws, regulations, and legal processes

Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes described in this policy:

Data TypeRetention Period
Account dataUntil account deletion or 2 years of inactivity
Spam detection logs90 days (configurable per account)
API usage statisticsRolling 12 months
Session dataUntil logout or session expiration
Support communications3 years from last interaction

You may request deletion of your data at any time by contacting us. Some data may be retained longer if required by law or for legitimate business purposes.

Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers – With third-party vendors who help us operate our service (hosting, payment processing, analytics), subject to confidentiality obligations
  • Legal Requirements – When required by law, court order, or governmental authority
  • Protection of Rights – To protect our rights, privacy, safety, or property, or that of our users or others
  • Business Transfers – In connection with a merger, acquisition, or sale of assets, with notice to affected users
  • With Your Consent – When you explicitly authorize us to share your information

What We Don’t Do

  • We do not sell your personal data to third parties
  • We do not share individual spam detection results with other customers
  • We do not use your data for advertising purposes

Data Security

We implement appropriate technical and organizational measures to protect your information:

Encryption

  • Passwords hashed with bcrypt
  • API tokens stored as SHA-256 hashes
  • MFA secrets encrypted at rest
  • All API traffic over HTTPS/TLS

Access Controls

  • Role-based access controls
  • API authentication via Laravel Sanctum
  • Session management and timeout
  • Optional multi-factor authentication

Infrastructure

  • Secure cloud hosting
  • Regular security updates
  • Network isolation and firewalls
  • Automated backups

Monitoring

  • Abuse detection patterns
  • Rate limiting enforcement
  • Suspicious activity alerts
  • Security incident response

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access – Request a copy of the personal information we hold about you
  • Correction – Request correction of inaccurate or incomplete information
  • Deletion – Request deletion of your personal information, subject to legal retention requirements
  • Data Portability – Request your data in a structured, machine-readable format
  • Restriction – Request restriction of processing in certain circumstances
  • Objection – Object to processing of your personal information for certain purposes
  • Withdraw Consent – Withdraw consent where processing is based on consent

To exercise these rights, please contact us at [email protected]. We will respond to your request within 30 days.

Cookies and Tracking

We use cookies and similar technologies to:

  • Essential Cookies – Maintain your session and enable core functionality
  • Analytics Cookies – Understand how visitors interact with our website (via Google Analytics)
  • Preference Cookies – Remember your settings and preferences

Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC, to help us understand how visitors use our website. Google Analytics uses cookies to collect information about your use of our website, including:

  • Pages you visit and time spent on each page
  • How you arrived at our website (referral source)
  • Your approximate geographic location (based on IP address)
  • Browser type, operating system, and device information
  • Interactions with website features and content

This information is transmitted to and stored by Google on servers in the United States. Google may use this data to evaluate your use of our website, compile reports on website activity, and provide other services relating to website activity and internet usage. Google may also transfer this information to third parties where required by law or where such third parties process the information on Google’s behalf.

Opting Out of Google Analytics

You can prevent Google Analytics from collecting your data by:

For more information about how Google collects and processes data, please visit Google’s Privacy Policy and How Google uses data when you use our partners’ sites or apps.

Google Tag Manager

We also use Google Tag Manager to manage website tags and tracking scripts. Google Tag Manager itself does not collect personal data, but it facilitates the deployment of other tags that may collect data as described in this policy.

Managing Your Cookie Preferences

You can control cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified before a cookie is stored. Please note that disabling certain cookies may affect the functionality of our Service, including login sessions and preference storage.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

When we transfer data internationally, we implement appropriate safeguards to protect your information, including standard contractual clauses and ensuring adequate security measures are in place.

Children’s Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Third-Party Services

Our Service may integrate with or link to third-party services:

  • Payment Processors – For subscription billing (Stripe)
  • Analytics – Google Analytics for website usage analysis
  • Cloud Infrastructure – Hosting and data storage providers
  • CAPTCHA Services – Cloudflare Turnstile for bot protection

These third parties have their own privacy policies. We encourage you to review them.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page with an updated “Last updated” date
  • Sending an email notification for significant changes
  • Displaying a notice in your account dashboard

Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

ActiveLayer LLC
Email: [email protected]

For data protection inquiries or to exercise your privacy rights, please email us with “Privacy Request” in the subject line.