Layoutr

Legal

Privacy Policy

Last updated: 30 May 2026

1. Who we are

Layoutr is a product of Van Dijk Ontwikkeling, registered with the Dutch Chamber of Commerce under number 42036550. Van Dijk Ontwikkeling is the controller of your personal data as described in this policy.

Questions about this policy? Reach us at [email protected].

2. What data we collect and why

We only collect data that is strictly necessary to provide the service.

Account data

When you create an account, we store your email address, a hashed password, and basic account state (such as whether your email address has been verified and your subscription tier). This data is required to authenticate you, keep your account secure, and provide the correct level of service.

Billing data

If you subscribe to a paid plan, your payment is processed by Stripe. We store a Stripe customer ID and subscription ID to link your account to your subscription. We do not store your payment card details — those are held exclusively by Stripe. Stripe's privacy policy is available at stripe.com/privacy.

Project data

Your floor plans, furniture placements, and all other project data are stored exclusively in your browser (local storage). This data never leaves your device and is never transmitted to or stored by us.

Analytics data

We use Google Analytics 4 (GA4) on both layoutr.app and use.layoutr.app to understand how people use Layoutr. GA4 collects your approximate location (country and region, derived from your IP address which is not stored), browser type, device type, pages visited, and in-app events such as uploading a floor plan, setting scale, placing furniture, and completing a purchase. Sessions are stitched across both domains so we see the full user journey in one report.

This data is processed by Google LLC under our instructions and is not used for advertising profiling. We do not enable Google's advertising features, remarketing audiences, or cross-device tracking. Data retention in GA4 is set to the minimum available (2 months).

GA4 sets persistent cookies (_ga, _ga_*) in your browser to distinguish sessions. We do not use fingerprinting or any other tracking technology.

3. Legal basis (GDPR)

Contract performance — Article 6(1)(b)

This covers all data strictly necessary to deliver the service you signed up for:

  • Your email address and hashed password are required to authenticate you.
  • Your subscription tier and Stripe identifiers are required to deliver the correct plan and process payments.

Legitimate interest — Article 6(1)(f)

We process analytics data (via Google Analytics 4) on the basis of our legitimate interest in understanding how Layoutr is used so we can improve the product. We have assessed that this interest is not overridden by your rights and freedoms: IP addresses are anonymized, no advertising profiling takes place, and data retention is minimized. You may object to this processing at any time by contacting us at [email protected].

4. Data retention

We retain your account data for as long as your account exists. Account deletion is not available as a self-service feature — to request deletion of your account and associated personal data, contact us at [email protected]. Upon deletion, your data is permanently and immediately removed from our systems. We do not use soft-deletion or deferred removal.

5. Third-party processors

We use the following sub-processor to deliver the service:

  • Stripe, Inc. — payment processing. Stripe processes billing data on our behalf under a data processing agreement. Stripe is certified under the EU–US Data Privacy Framework.
  • Google LLC— analytics and conversion measurement (Google Analytics 4, Google Ads). Google processes analytics data on our behalf under Google's data processing terms. Google is certified under the EU–US Data Privacy Framework. See Google's privacy policy at policies.google.com/privacy.

We do not sell your data to third parties or share it with anyone beyond what is listed above.

6. Your rights

Regardless of where you are located, you may contact us at any time to exercise the following rights regarding your personal data. Residents of the European Economic Area may additionally lodge a complaint with their national data protection authority.

  • Access — request a copy of the data we hold about you.
  • Rectification — ask us to correct inaccurate data.
  • Erasure — request deletion of your personal data.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing in certain circumstances.

To exercise any of these rights, email [email protected]. EEA residents also have the right to lodge a complaint with their national data protection authority, such as the Dutch Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

7. Changes to this policy

We may update this policy when the service changes. The date at the top of this page always reflects the most recent version. Continued use of the service after changes constitutes acceptance of the updated policy.

8. Contact

Van Dijk Ontwikkeling
KvK 42036550
[email protected]

← Back to home