Privacy Policy
Short version. FusionLayer offers three storage modes — Smart, Private, and Incognito. All three are free. Privacy is not a paid feature. In Smart mode (the default) we store conversation content encrypted at rest with a server-managed key so the engine can build a context graph that improves answer quality. In Private mode the content is encrypted on the user's device before upload; we hold only ciphertext. In Incognito mode nothing is persisted. The routing engine is improved by anonymized, fixed-shape execution-path telemetry whose schema is enforced by a server-side allowlist; you can opt out at any time at no cost. We do not sell data. We do not train external AI models on your content.
1. Who we are and how to contact us
FusionLayer is the engine layer behind multi-vendor AI applications. This policy covers the application programming interface at api.fusionlayer.app, the developer console at app.fusionlayer.app, the fl command-line interface, the software development kits, the Model Context Protocol server, the sub-processor and vendor registries, the marketplace at fusionlayer.app, and the documentation site.
Data controller. FusionLayer (entity in formation), operated from Israel. Postal address available on request.
Data Protection Officer. [email protected].
European Union representative. Appointment in progress; the address will be published here once registered. Until then, contact [email protected].
2. Storage modes
FusionLayer offers three storage modes. The default is Smart for new accounts. All three are free.
| Mode | Where set | What the server stores | Can FusionLayer read it? |
|---|---|---|---|
| Smart (default) | Account-level (Settings → Privacy) | Conversation content encrypted at rest with AES-256-GCM under a server-managed key; extracted entity graph; semantic chunks | Yes — required for context retrieval, knowledge-graph extraction, and quality compounding. Staff do not read individual conversations; access is role-gated and audited. Smart mode is not zero-knowledge. |
| Private | Account-level (free opt-out) | Topology and opaque identifiers only. Client-side AES-256-GCM ciphertext blobs; key derived from the user's passphrase via Argon2id and never leaves the device. | No — we hold only ciphertext. |
| Incognito | Per-conversation (in either Smart or Private) | Nothing — the session ends, the data is gone | Nothing to read |
Mode is user-controlled. Switching from Smart to Private is non-destructive but future-only — historical Smart data is retained per your retention policy until you explicitly delete it.
Privacy is not a paywall. Pricing is driven by usage limits, bring-your-own-key, seats, advanced orchestration, and marketplace capabilities — never by who gets to be private. Smart is the default because it produces better outcomes, not because it is cheaper.
3. What FusionLayer sees vs does not see
| Category | Server sees | Server does not see |
|---|---|---|
| Content at rest (Smart) | AES-256-GCM ciphertext under a server-managed key — entity graph, semantic chunks | — |
| Content at rest (Private) | Ciphertext only — opaque to the server | Plaintext of any stored blob |
| Content in transit | Plaintext briefly in memory for routing, redaction, and vendor dispatch — never written to disk | — |
| Keys | Bring-your-own-key key_blob (encrypted ciphertext, opaque) | Raw vendor application programming interface keys |
| Auth | Argon2id hash of authKey, email address | User's master password, encKey |
| Telemetry | Task class, model, latency, token counts, implicit signal (see §4) | Prompt text, response text, conversation content of any kind |
| Storage | Random object key, encrypted size | Plaintext of any stored blob |
| Account | Email, handle, OAuth provider, device name (max 50 chars), plan | Recovery passphrase, encKey |
| Request metadata | Request Internet Protocol address, user-agent (nginx logs ≤30 days) | Persistent Internet-Protocol-to-user linkage — logs are time-bounded and not joined to user records |
Lawful basis: performance of the contract (GDPR Art. 6(1)(b)) for processing conversation content in any mode; legitimate interests (Art. 6(1)(f)) for nginx logs and crash reports; consent (Art. 6(1)(a)) for cookies and analytics.
4. Crowd-wisdom routing telemetry
Every FusionLayer engine call flows through the orchestrator. After a successful response, one fixed-shape execution-path record is appended to the telemetry_events table. A scheduled aggregation job groups events by (task_class, vendor, model) and computes quality scores. The output table (crowd_routing) contains only model identifiers, task classes, win rates, and sample counts — no user-linked data. A minimum of 50 samples is required before any model/task pair influences global routing; below that threshold, the engine falls back to hardcoded priors.
What is collected
| Column | Type | Description |
|---|---|---|
task_class | string | Classifier output (e.g. analysis.general) |
model_task_key | string | {vendor}:{model}:{task_class} identifier |
actual_tokens | number | Total tokens consumed (input + output) |
actual_latency_ms | number | Wall-clock latency in milliseconds |
implicit_signal | string | positive, negative, neutral, copy, retry, abandon, escalate, or switch |
failure_mode | string | Classifier output from classifyFailureMode |
strategy_used | string | Routing strategy label (e.g. cache, bandit) |
context_size_tokens | number | Tokens injected from context retrieval |
cost_usd | number | Estimated cost in United States dollars |
success_score | number | Computed quality score (0.0–1.0) |
cache_hit | boolean | Whether the response was served from cache |
reasoning_tokens | number | Reasoning tokens consumed (where applicable) |
tool_calls | number | Number of tool invocations |
subclass | string (max 60 chars) | Sub-classification label |
complexity_bucket | string | low, med, or high |
domain | string | general, code, legal, medical, finance, creative, science, or personal |
output_shape | string | text, code, list, json, table, or step-by-step |
multi_turn_depth | number | Turn index within the conversation |
What is never in telemetry events
- Prompt text or any portion of it
- Response text or any portion of it
- User account identifier, email, or session identifier (anonymized routing identifier only)
- Internet Protocol addresses or device fingerprints
- Context document content or filenames
The schema is enforced by a server-side allowlist (validateAggregatorEvent in the engine). Any event with a field outside the allowlist is rejected at ingress. String values exceeding 200 characters are rejected. Numeric columns must be of type number or null.
Default state and how to opt out
Crowd-wisdom telemetry is enabled by default. The routing engine only delivers value if every user contributes the same minimal metadata. You can disable contribution at any time, at no cost, with no service penalty:
- In the developer console: Settings → AI → "Help improve FusionLayer routing for everyone" (toggle off).
- From the command line:
fl telemetry opt-out. - To delete previously contributed pre-aggregation records:
fl telemetry clear.
Lawful basis: legitimate interests in improving the routing engine (GDPR Art. 6(1)(f)). Under Article 21 of the GDPR you have a right to object; the opt-out controls above are the operational implementation of that right. The legitimate-interests balancing assessment is available on request to [email protected].
5. File attachments
When you attach a file (PDF, screenshot, document) to a conversation:
- Free tier: the file is forwarded to the AI model for that request only. It is not stored on our servers — an ephemeral object-storage path with a 24-hour auto-delete lifecycle is used. After the request completes, the file is gone. It is never used for model training or analytics. The user interface discloses this at the time of upload.
- Pro / Team: attachments are encrypted client-side with AES-256-GCM (same as conversation blobs) before upload, stored in our object storage, and linked to the conversation. They follow the same retention policy as your conversations.
6. Passive capture vs orchestrated conversations
The engine can hold conversations from two distinct sources, with different metadata available.
Passive capture
When the sync daemon (or the editor extension) reads a conversation from a local AI tool — Claude Code, Cursor, Aider, Ollama — the conversation is captured passively. The engine did not route the AI call. The encrypted blob contains only what was read: message turns and timestamps. No execution trace, latency, cost, or token count is available because the engine was not in the request path. Vendor-website conversations (chatgpt.com, claude.ai) enter the engine only via periodic vendor exports through fl import; same record shape.
Orchestrated conversations
When a request runs through the engine, the full execution trace — model, vendor, latency, token counts, estimated cost, routing stages — is stored alongside the encrypted conversation blob.
Each conversation displays a source badge so you can tell which path produced it.
7. Retention
| Data type | Retention |
|---|---|
| Conversation blobs (Free tier) | 90 days |
| Conversation blobs (Pro and above) | Indefinite, until deleted by the user |
Telemetry events (telemetry_events) | ≤30 days; a scheduled prune job enforces it |
| Nginx access logs (Internet Protocol address, user-agent) | ≤30 days; daily rotation, 30 retained, compressed |
| Account metadata | While the account exists; deleted within 30 days of account deletion |
| Backup snapshots | Encrypted; retained for up to 35 days for disaster recovery; deletion propagates on the snapshot rotation cycle |
8. Your rights
If you are in the European Economic Area, the United Kingdom, or Switzerland you have the rights set out in Articles 15 to 22 of the General Data Protection Regulation. If you are a California resident you have parallel rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act. In plain language, you can:
- Access what we hold — from the developer console or by emailing [email protected].
- Rectify inaccurate data.
- Erase — Settings → Account → Delete. Cascades to conversations, blobs (object storage and bring-your-own-storage), devices, telemetry events, and the user row within 30 days.
- Restrict processing while a complaint or correction is pending.
- Port via Universal AI Context Protocol export (open, self-describing archive).
- Object (Art. 21) to legitimate-interests processing, including crowd-wisdom telemetry. The opt-out controls in §4 are how you exercise this right.
- Withdraw consent to consent-based processing (cookies, analytics) at any time.
- Erase routing telemetry via
fl telemetry clear(Art. 17). Aggregated win rates that no longer identify any individual are retained. - Lodge a complaint with your national supervisory authority (Art. 77). In Israel: the Privacy Protection Authority. In the European Union: your national data-protection authority. In the United Kingdom: the Information Commissioner's Office.
We respond to verified requests within 30 days. We do not discriminate against you for exercising any of these rights.
9. Children
FusionLayer is a developer-facing engine. It is not intended for children. We do not knowingly collect personal data from children under 13. Consumer-facing chat experiences for minors live on Inkfold and are governed by the Inkfold Privacy Policy §8, which implements verifiable parental consent under the United States Children's Online Privacy Protection Act and corresponding European Union member-state rules.
10. Sub-processors
| Sub-processor | Role | Data involved | Location |
|---|---|---|---|
| Cloudflare | Content-delivery network, web-application firewall, distributed-denial-of-service protection, transport-layer-security termination, email routing | Encrypted traffic, Internet Protocol addresses (not retained beyond nginx logs), email headers | Global edge / United States |
| Oracle Autonomous Database | Primary database | Account metadata, encrypted blob references, telemetry events (no content) | European Union — Frankfurt |
| Cloudflare R2 | Encrypted blob storage | AES-256-GCM ciphertext only — no plaintext content | United States — Cloudflare-managed |
| Lemon Squeezy | Billing, subscription management, payment processing (merchant of record) | Billing email, subscription plan, payment details. Lemon Squeezy is the merchant of record; FusionLayer never sees full card numbers. | United States |
| Google Workspace | Operational email, OAuth provider | Operational email; OAuth user email and display name on consent | United States |
| AI vendors (Anthropic, OpenAI, Google, Mistral, OpenRouter, and others) | Inference | Prompt text and context passed by the user or operator when invoking a specific vendor. FusionLayer's data-loss-prevention layer redacts secrets before forwarding. | Vendor-dependent |
How vendor calls happen. AI-vendor calls occur only when a user or operator explicitly triggers an orchestrated call. Passive background processes (sync, telemetry aggregation) never contact AI vendors. Bring-your-own-key users have a direct relationship with the vendor; FusionLayer acts as a routing proxy only.
Notification cadence. Material additions to this list are notified by email at least 30 days before they take effect (GDPR Art. 28(2)), giving you time to object or terminate. A dated standalone sub-processor page at /legal/subprocessors is in progress.
11. International transfers
FusionLayer is operated from Israel. The European Commission has issued an adequacy decision for Israel under Article 45 of the General Data Protection Regulation; transfers from the European Economic Area to Israel therefore require no additional safeguards. Storage is hosted in the European Union (Frankfurt) and at Cloudflare's global edge. Transfers to United States sub-processors rely on the European Union–United States Data Privacy Framework where applicable, and otherwise on Standard Contractual Clauses with supplementary measures appropriate to the data category. The Schrems II posture of Cloudflare's global edge is reviewed annually.
12. Security and incident response
We operate the engine under documented security controls — encryption at rest and in transit, key rotation, role-gated access with audit logging, a server-side data-loss-prevention pipeline that redacts secrets before they reach a vendor, schema-allowlist enforcement on the telemetry pipeline, and quarterly privacy audits. In case of a personal-data breach affecting your data we will notify you and the relevant supervisory authority within 72 hours of becoming aware, in line with GDPR Articles 33 and 34. Security disclosures may be sent to [email protected].
13. Changes to this policy
We may update this policy. Material changes will be announced by email and in a banner on this page at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision. We keep a public change log so you can see what changed and when. Where local law requires affirmative consent for a substantively prejudicial change, we will obtain it before applying the change to you.
14. Contact
- Privacy and data-subject requests: [email protected]
- Data Protection Officer: [email protected]
- Security incidents: [email protected]
- Legal: [email protected]
- General contact: [email protected]