27/01/2026
Privacy Policy
Introduction
TextLayer Inc ("TextLayer", "we", "us", or "our") is a premium AI consulting company that provides custom AI solutions to enterprise clients and private equity firms. We are headquartered in Ottawa, Canada, and operate as a remote consulting team.
We understand that you care about your personal privacy, and we take that seriously. This Privacy Policy describes how TextLayer collects, uses, and protects personal information in the course of our business operations.
Legal Entity Information:
Legal Name: TextLayer Inc
Registered Address: 1907 192 Bronson Ave, Ottawa, ON K1R 0E7, Canada
Jurisdiction: Canada
Data Protection Officer
TextLayer has appointed a Data Protection Officer (DPO) to oversee our privacy practices and handle inquiries related to personal data protection.
Contact Information:
Name: Colton Rhyason
Title: Head of Operations
Email: privacy@textlayer.ai
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact our DPO using the information above.
Scope and Application
This Privacy Policy applies to:
Personal information collected through our website (textlayer.ai)
Information collected in the course of providing consulting services to clients
Employee and contractor data
Prospective client and business contact information
Important: TextLayer is a consulting firm that builds AI systems for clients. We do not operate software-as-a-service (SaaS) products or collect end-user data on behalf of clients. Our data processing is limited to business contacts, client representatives, and our own personnel.
Information We Collect
4.1 Client and Prospect Information
When you engage with TextLayer as a client or prospective client, we collect:
Name, job title, and employer
Business email address and phone number
Company information and business requirements
Communication history (emails, meeting notes, project documentation)
How we collect it: Primarily through direct communication via email (Gmail), video calls, and in-person meetings. We receive most client introductions through referrals and direct outreach.
4.2 Website Visitor Information
When you visit textlayer.ai, we automatically collect:
IP address and general location
Browser type and device information
Pages viewed and navigation patterns
Referral source
How we collect it: Through Google Analytics and standard Framer website analytics.
4.3 Employee and Contractor Information
For our team members and subcontractors, we collect:
Personal identification information
Employment and compensation details
Background check results (via Certn for new Canadian employees)
Work authorization documentation for international contractors
Professional credentials and experience
How we collect it: Through our HR system (Rippling), Docusign and standard onboarding processes.
How We Use Your Information
5.1 Client and Prospect Data
We use business contact information to:
Deliver consulting services and manage client projects
Communicate about project requirements, timelines, and deliverables
Invoice for services rendered
Maintain business relationships and follow up on inquiries
Improve our service offerings
5.2 Website Analytics
We use website visitor data to:
Understand how visitors interact with our site
Improve website functionality and user experience
Analyze traffic patterns and referral sources
5.3 Employee and Contractor Data
We use personnel information to:
Manage employment and contractor relationships
Process payroll and benefits
Comply with employment laws and regulations
Conduct background checks as required
Maintain workplace security and safety
Cookies and Tracking Technologies
TextLayer's website uses minimal tracking technologies:
Google Analytics: For website traffic analysis
Framer Analytics: Basic usage analytics from our website platform
Essential Cookies: Required for website functionality
We do not use marketing pixels, advertising cookies, or cross-site tracking. You can control cookie preferences through your browser settings.
How We Share Information
TextLayer does not sell personal information. We share information only in the following circumstances:
7.1 Service Providers (Subprocessors)
We share information with third-party service providers who assist with business operations, including:
Cloud infrastructure providers (AWS)
Communication platforms (Google Workspace, Slack)
HR and payroll systems (Rippling)
Background check providers (Certn)
Analytics providers (Google Analytics)
For a current list of our subprocessors and their security practices, please visit our Trust Center: https://app.vanta.com/textlayer.ai/trust/sah5zjvtskgspftw9awga1
All subprocessors are contractually required to maintain appropriate security measures and use personal data only for the purposes we specify.
7.2 Legal Requirements
We may disclose personal information when required by law, regulation, legal process, or governmental request, or to:
Protect our legal rights and property
Prevent fraud or security issues
Comply with contractual obligations
Respond to emergency situations
7.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity, subject to equivalent privacy protections.
International Data Transfers
Important for EU/UK Clients:
TextLayer is incorporated in Canada but stores data primarily on servers located in the United States (AWS US-East region). This means that personal information collected from individuals in the European Union, United Kingdom, or other jurisdictions may be transferred to and processed in the United States.
The United States has not received an adequacy decision from the European Commission under Article 45 of the GDPR. To protect data transferred internationally, we implement the following safeguards:
Standard Contractual Clauses (SCCs) with relevant service providers
Adherence to recognized security frameworks (SOC 2, ISO 27001)
Encryption of data in transit and at rest
Access controls and monitoring
Regular security assessments and audits
We work with UK and Germany-based clients and maintain UK, EU, and New Zealand-based subcontractors. All international data transfers comply with applicable data protection laws.
Data Security
TextLayer implements comprehensive security measures to protect personal information, including:
Encryption of data at rest and in transit
Multi-factor authentication for system access
Regular security assessments and vulnerability scanning
Employee security training
Access controls based on least-privilege principles
Incident response and monitoring procedures
For detailed information about our security practices, please review our Trust Center at the link provided in Section 7.1.
. Data Retention
TextLayer retains personal information in accordance with our Data Management Policy and applicable legal requirements.
General Retention Periods:
Client Data: Retained for the duration of the business relationship plus 7 years thereafter for business records and potential legal requirements
Employee Data: Retained for the duration of employment plus required retention periods under Canadian employment law
Website Analytics: Aggregate data retained indefinitely; individual session data retained for 1 year
Email Communications: Retained in accordance with business needs and legal requirements
Customer Data Deletion: Upon written request, we will delete client data within 60 days, unless we have a legal, regulatory, or contractual obligation to retain it.
For complete retention schedules, please refer to our internal Data Management Policy or contact our DPO.
How We Use Your Information
11.1 Rights Under GDPR (EU/UK Individuals)
If you are located in the European Union or United Kingdom, you have the following rights:
Right to Access: Request a copy of personal data we hold about you
Right to Rectification: Request correction of inaccurate information
Right to Erasure: Request deletion of your personal data (subject to legal exceptions)
Right to Restrict Processing: Request limitation on how we use your data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Where processing is based on consent
Right to Lodge a Complaint: File a complaint with your local data protection authority
11.2 Rights Under Canadian Privacy Law
Canadian residents have rights to:
Access personal information we hold
Request correction of inaccurate data
Withdraw consent where applicable
Lodge complaints with the Privacy Commissioner of Canada
11.3 Exercising Your Rights
To exercise any privacy rights, please contact our Data Protection Officer using the information in Section 2. We will respond to requests within 30 days (or as required by applicable law).
We may require verification of your identity before processing requests. This is to protect your personal information from unauthorized access.
Children's Privacy
TextLayer does not knowingly collect personal information from individuals under the age of 18. Our services are directed solely at business contacts and professionals. If we become aware that we have inadvertently collected information from a minor, we will promptly delete it.
Changes to This Privacy Policy
TextLayer reviews and updates this Privacy Policy at least annually, or when our data practices change significantly. When we make material changes, we will:
Update the "Last Updated" date at the top of this policy
Notify clients and contacts via email when appropriate
Post a notice on our website
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
Contact us
If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact:
Data Protection Officer
Colton Rhyason
TextLayer Inc
1907 192 Bronson Ave
Ottawa, ON K1R 0E7, Canada
Email: privacy@textlayer.ai
For EU/UK Residents: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.
Acknowledgment: This Privacy Policy reflects TextLayer Inc's commitment to protecting personal information and complying with applicable privacy laws, including the General Data Protection Regulation (GDPR), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and other relevant privacy regulations.