1. Who we are
Layoutr is a trade name of Van Dijk Ontwikkeling, registered with the Dutch Chamber of Commerce under number 42036550. Van Dijk Ontwikkeling is the controller of your personal data as described in this policy.
Questions about this policy? Reach us at [email protected].
2. What data we collect and why
We only collect data that is strictly necessary to provide the service.
Account data
When you create an account, we store your email address, a hashed password, and basic account state (such as whether your email address has been verified, your subscription tier, your AI credit balance, and sign-in timestamps). This data is required to authenticate you, keep your account secure, and provide the correct level of service.
Billing data
If you subscribe to a paid plan, your payment is processed by Stripe. We store a Stripe customer ID and subscription ID to link your account to your subscription. To process your payment and issue a valid invoice, Stripe also collects your billing address and, where applicable, a VAT number. We do not store your payment card details. Those are held exclusively by Stripe.
Project data
Your floor plans, furniture placements, and all other project data are created and stored in your browser (local storage), and you can save a project to your own device as a file. In ordinary use this data stays on your device: we do not store it on our servers, and it is never transmitted to us, except when you choose to use the optional AI features described below.
AI features (optional)
Two optional Pro features use artificial intelligence: AI-vision room detection and AI-powered furnishing. If you choose to use them, some of your project data is sent off your device so it can be processed:
- Room detection sends the floor plan image you uploaded, so the AI can detect the rooms and walls in it.
- Furnishing sends your room's dimensions and layout, the furniture already placed, a short description you write, and, where relevant, a cropped section of your floor plan.
This data is processed on our behalf by Microsoft Azure OpenAI solely to generate your result, which is returned to your browser. It is not stored on our servers, and under Microsoft's Azure OpenAI Service terms it is not used to train AI models or shared with other customers. These features are entirely optional. The rest of Layoutr works without them, and without any project data leaving your device.
Analytics data
We use Google Analytics 4 (GA4) on both layoutr.app and use.layoutr.app to understand how people use Layoutr. GA4 collects your approximate location (country and region, derived from your IP address which is not stored), browser type, device type, pages visited, and in-app events such as uploading a floor plan, setting scale, placing furniture, and completing a purchase. Sessions are stitched across both domains so we see the full user journey in one report.
This data is processed by Google LLC under our instructions and is not used for advertising profiling. We do not enable Google's advertising features, remarketing audiences, or cross-device tracking. Data retention in GA4 is set to the minimum available (2 months).
GA4 sets persistent cookies (_ga, _ga_*) in your browser to distinguish sessions. We do not use fingerprinting or any other tracking technology.
Newsletter and marketing emails
If you choose to subscribe to our emails, either through the form on our website or during account registration, we store your email address and the email preferences you selected (product updates, blog posts, or both). We use this only to send you the emails you asked for, delivered through our email provider, Resend. Every email includes an unsubscribe link, and you can opt out at any time. Subscribing is entirely optional and is never required to use Layoutr.
Reminder emails on mobile
The planner is built for desktop. If you open it on a phone, you can optionally leave your email address to be reminded to try Layoutr on a computer. If you do, we store your email address only to send you a single follow-up reminder. Leaving your email is optional and is never required.
Feedback and feature requests
If you send us feedback or submit a feature request, we collect your message, an optional rating, your email address, and the version of the app you were using. We use this to reply to you and to improve Layoutr.
Bot protection (Cloudflare Turnstile)
When you submit the subscribe form, we use Cloudflare Turnstile to confirm you are a person and not an automated script. To do this, Cloudflare processes your IP address and signals about your interaction with the page. Turnstile is a privacy-preserving alternative to traditional CAPTCHAs: it does not use tracking cookies and does not profile you across websites.
3. Legal basis (GDPR)
Contract performance — Article 6(1)(b)
This covers all data strictly necessary to deliver the service you signed up for:
- Your email address and hashed password are required to authenticate you.
- Your subscription tier and Stripe identifiers are required to deliver the correct plan and process payments.
- When you use the optional AI features, your floor plan and the details you provide are processed to generate the result you asked for.
Legitimate interest — Article 6(1)(f)
We process analytics data (via Google Analytics 4) on the basis of our legitimate interest in understanding how Layoutr is used so we can improve the product. We have assessed that this interest is not overridden by your rights and freedoms: IP addresses are anonymized, no advertising profiling takes place, and data retention is minimized. You may object to this processing at any time by contacting us at [email protected].
We also rely on legitimate interest to protect our forms from spam and automated abuse using Cloudflare Turnstile. This is necessary to keep the service secure and is limited to the minimum data needed to tell humans and bots apart.
Finally, we rely on legitimate interest to keep the service reliable and secure, for example through server monitoring and diagnostics, and to handle any feedback or feature requests you send us so we can respond and improve the product.
Consent — Article 6(1)(a)
We send marketing emails (product updates and blog posts), and any reminder email you request on mobile, only if you have given your consent by subscribing or by leaving your email address. You can withdraw this consent at any time, using the unsubscribe link in any email or by contacting us, without affecting the lawfulness of processing carried out before withdrawal.
4. Data retention
We retain your account data for as long as your account exists. Account deletion is not available as a self-service feature. To request deletion of your account and associated personal data, contact us at [email protected]. Upon deletion, your data is permanently and immediately removed from our systems. We do not use soft-deletion or deferred removal.
If you subscribe to our emails, we keep your email address and preferences until you unsubscribe or ask us to remove them, after which they are deleted.
We keep feedback and feature requests for as long as we need them to act on them. Data sent to our AI features is processed to generate your result and is not retained by us afterward.
5. Third-party processors
We use the following sub-processors to deliver the service:
- Microsoft Corporation (Microsoft Azure). Cloud hosting, database storage of your account data, service monitoring, and the AI processing behind our optional AI features (Azure OpenAI). Microsoft processes this data on our behalf under its data processing terms and is certified under the EU–US Data Privacy Framework. Under the Azure OpenAI Service terms, data sent to the AI is not used to train AI models. See Microsoft's privacy statement at privacy.microsoft.com.
- Stripe, Inc. Payment processing. Stripe processes billing data on our behalf under a data processing agreement. Stripe is certified under the EU–US Data Privacy Framework. See Stripe's privacy policy at stripe.com/privacy.
- Google LLC. Analytics and conversion measurement (Google Analytics 4, Google Ads). Google processes analytics data on our behalf under Google's data processing terms. Google is certified under the EU–US Data Privacy Framework. See Google's privacy policy at policies.google.com/privacy.
- Cloudflare, Inc. Bot protection for our forms (Cloudflare Turnstile). Cloudflare processes limited technical data, such as your IP address, on our behalf to tell humans and automated scripts apart. Cloudflare is certified under the EU–US Data Privacy Framework. See Cloudflare's privacy policy at cloudflare.com/privacypolicy.
- Resend (Resend, Inc.). Email delivery. Resend sends our account and security emails (such as email verification and password resets), newsletter and reminder emails on our behalf, processing the recipient email address and message content to deliver each email. See Resend's privacy policy at resend.com/legal/privacy-policy.
We do not sell your data to third parties or share it with anyone beyond what is listed above.
6. Your rights
Regardless of where you are located, you may contact us at any time to exercise the following rights regarding your personal data. Residents of the European Economic Area may additionally lodge a complaint with their national data protection authority.
- Access. Request a copy of the data we hold about you.
- Rectification. Ask us to correct inaccurate data.
- Erasure. Request deletion of your personal data.
- Portability. Receive your data in a machine-readable format.
- Objection. Object to processing in certain circumstances.
- Withdraw consent. Unsubscribe from our emails at any time, using the link in any email or by contacting us.
To exercise any of these rights, email [email protected]. EEA residents also have the right to lodge a complaint with their national data protection authority, such as the Dutch Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).
7. Changes to this policy
We may update this policy when the service changes. The date at the top of this page always reflects the most recent version. Continued use of the service after changes constitutes acceptance of the updated policy.
8. Contact
Van Dijk Ontwikkeling
CoC 42036550
[email protected]