Privacy & Data Handling

Privacy is important to us and we take every measure possible to ensure that your data is protected. This page covers how cloudlayer.io stores, processes, and protects the data involved in document generation.

Data Storage

Generated documents are stored in your account’s cloud storage by default, unless you configure alternative storage settings in your request or account preferences.

cloudlayer.io supports three storage modes:

Cloud Storage (Default)

When using cloud storage, your generated documents are stored in your account and accessible via the assets API. Storage capacity depends on your subscription plan.

{
  "storage": true
}

User Storage

For organizations that require documents to be stored in their own infrastructure, you can configure an S3-compatible storage target (AWS S3, DigitalOcean Spaces, Wasabi, etc.). All calls with user storage must be asynchronous.

{
  "storage": {
    "id": "your-storage-config-id"
  }
}

No Storage

For sensitive documents that should never be stored on cloudlayer.io servers, disable storage entirely. The document is available only during the synchronous response.

{
  "storage": false
}

Synchronous vs Asynchronous Data Lifecycle

Synchronous Calls

For synchronous requests (async: false):

1. Your request data (HTML, URL, template data) is processed in memory.
2. The document is generated.
3. The response is returned to you.
4. All request data is removed immediately after the connection closes.

If storage is enabled, the generated asset is stored. If storage is disabled, nothing persists.

Asynchronous Calls

For asynchronous requests (async: true, the default):

1. Your request data is processed and the job is queued.
2. The document is generated in the background.
3. The result is stored according to your storage settings:
   • Cloud Storage: Stored in your cloudlayer.io account.
   • User Storage: Uploaded to your S3-compatible storage.
4. Your webhook is notified with the result.

Request data (HTML content, template data, URLs) is not persisted after job processing is complete. Only the generated output asset is stored.

Secret Protection

cloudlayer.io treats the following as sensitive information and applies special handling:

• Authentication credentials (usernames and passwords)
• Cookie values
• HTML content
• Template data containing personal information
• API keys

How Secrets Are Protected

• Never stored in plaintext. Sensitive fields are redacted before being written to any log or database record.
• Redacted in activity logs. When you view your job history in the dashboard, sensitive fields appear as ... to indicate redaction.
• Never included in error reports. If a job fails, the error message will not contain your authentication credentials, HTML content, or other sensitive data.
• Encrypted in transit. All API communication uses TLS (HTTPS).

What You See in Activity Logs

Job: job_abc123def456
URL: https://example.com/dashboard
Authentication: { username: "...", password: "..." }
Status: success

Data Retention

Generated Assets

Job Metadata

Job records (status, timestamps, non-sensitive metadata) are retained in your account history for auditing and troubleshooting purposes. These records do not contain sensitive content.

Account Deletion

When you delete your cloudlayer.io account:

• All generated assets in cloud storage are permanently deleted.
• All job history and metadata are permanently deleted.
• All storage configurations are permanently deleted.
• All API keys are immediately revoked.

GDPR Considerations

cloudlayer.io is designed to support GDPR compliance for organizations processing personal data of EU residents.

Data Processing

• cloudlayer.io acts as a data processor when you send personal data (names, addresses, etc.) as part of template data or HTML content.
• You remain the data controller and are responsible for ensuring you have the legal basis to process personal data.
• Personal data included in template data or HTML is processed only for the purpose of document generation and is not used for any other purpose.

Your Rights and Controls

Recommendations for GDPR Compliance

• Use storage: false for documents containing sensitive personal data when you do not need cloudlayer.io to retain the output.
• Use user storage to keep all generated documents within your own infrastructure and data residency requirements.
• Minimize personal data in template data — include only what is needed for the document.
• Set up data retention policies in your own systems to regularly clean up generated documents.
• Review your data processing agreement with cloudlayer.io if you are processing personal data of EU residents at scale.

Infrastructure Security

• Encryption in transit: All API traffic uses TLS 1.2+.
• Encryption at rest: Storage credentials and user-owned storage configurations are encrypted using bank-level encryption.
• Isolated processing: Document generation jobs are processed in isolated environments.
• No cross-account access: Your data is never accessible to other cloudlayer.io accounts.
• API key security: API keys can be created, rotated, and revoked from your dashboard at any time.

Best Practices

• Rotate API keys periodically and revoke any keys that may have been compromised.
• Use storage: false for one-off sensitive documents.
• Use user storage for organizations with strict data residency requirements.
• Audit your job history periodically to review what documents have been generated.
• Delete old assets that are no longer needed to minimize your data footprint.
• Use sync mode with no storage for the most privacy-sensitive use cases — the document is generated, returned, and immediately discarded.