TERMS AND CONDITIONS OF THE ENTERPRISE SERVICE (B2B)

Including ANNEX: Data Processing Agreement (DPA)

Last updated: November 27, 2025

These Terms and Conditions (“Terms”) govern the contractual relationship between Bytelantic, Inc., hereinafter “Saferlayer”, and the entity client (“Client”) that uses Saferlayer’s Enterprise API (“Service”).

By registering for, accessing, or using the Service, the Client fully accepts these Terms, including Annex I – Data Processing Agreement (DPA), which forms an integral part of this document.

1. Identification of the Provider

Bytelantic, Inc.
Corporation incorporated in Delaware, United States
Registered address: 131 Continental Dr, Suite 305, Newark, Delaware 19713, USA
Contact email: hi@bytelantic.com

European Union Representative (Art. 27 GDPR):
Carlos Sánchez García
Apartado de Correos 40143 28007 Madrid Spain

2. Definitions

API: Saferlayer’s programming interface allowing the Client to submit images or documents for processing.
Content: Images or documents submitted by the Client through the API, including watermark text.
Ephemeral Processing: Temporary in-memory processing without persistent storage.
Client: The natural or legal person that contracts and uses the Service.
API Key: Credential assigned to the Client to authenticate requests.

3. Description of the Service

The Service consists of:

  • Receiving an image or document submitted by the Client via the API.
  • Applying a watermark containing the text provided by the Client.
  • Returning the processed image in PNG format.
  • Automatically deleting the Content immediately after processing is completed.

Relevant technical characteristics:

  • Maximum file size: 30 MB
  • Supported formats: JPEG, PNG, GIF, WebP
  • Minimum dimensions: 100 px; maximum: 4000 px
  • Maximum watermark text length: 100 characters

The Service does not guarantee that the watermark will be impossible to remove.

Saferlayer may update Service capabilities at any time.

4. Access to the Service

4.1 Registration and Authentication

To use the Service, the Client must:

  • create an account with an email and password,
  • obtain an API Key,
  • provide valid billing information when applicable.

Saferlayer may reject registration requests or suspend accounts in case of breach of these Terms.

4.2 API Key Custody

The Client is responsible for:

  • keeping API Keys confidential,
  • restricting their use to authorized personnel only,
  • immediately reporting any unauthorized access.

5. Permitted and Prohibited Uses

5.1 Permitted Use

The Client may use the Service to process images for which they hold sufficient rights to manipulate, transform, distribute, or store.

5.2 Prohibited Uses

The Client may not:

  • Submit illegal content or content infringing intellectual property rights.
  • Process content depicting child sexual abuse material (CSAM) or any illicit content.
  • Use the API to violate privacy or confidentiality.
  • Upload malware, viruses, or malicious code.
  • Attempt to extract, copy, decompile, or reverse engineer Service algorithms.
  • Bypass usage limits, security controls, or restrictions.
  • Resell, sublicense, or redistribute the Service without prior written authorization.
  • Use the API for unlawful or harmful activities.

Saferlayer may suspend the Service if reasonable indications of misuse are detected.

6. Usage Limits and Availability

Saferlayer may apply usage limits per API Key (requests per minute, file size, etc.).

Saferlayer may modify such limits or offer pricing plans with different restrictions.

The Service may undergo scheduled or emergency maintenance.

No specific SLA is guaranteed unless expressly agreed in writing.

7. Payments and Billing

Saferlayer may offer subscription-based or usage-based pricing.

Payments are processed through Stripe or other secure providers.

The Client must keep billing information up to date.

Failure to pay may result in suspension of the Service.

8. Intellectual Property

8.1 Client Content

The Client retains all rights over the submitted Content.
Saferlayer only obtains a limited, temporary license to:

  • receive the Content,
  • process it to apply a watermark,
  • transmit the resulting file,
  • delete it immediately after processing.

8.2 Saferlayer Intellectual Property

Saferlayer retains full ownership of:

  • the API and its components,
  • processing algorithms,
  • tools, libraries, and documentation,
  • graphical elements, trademarks, and distinctive signs,
  • source code, structure, and internal architecture.

The Client acquires no rights beyond the use of the Service during the term of the contract.

9. Processing of Personal Data

Use of the Service may involve the processing of personal data contained in documents submitted by the Client.
Such processing is governed by Annex I (DPA), which forms part of these Terms.

10. Security and Processing of Content

Saferlayer implements the following measures:

  • strictly in-memory processing,
  • cloud infrastructure located in Finland (EEA) operated by Hetzner for ephemeral API execution,
  • no storage of original or processed files,
  • automatic deletion once processing is completed,
  • TLS encryption in transit,
  • access controls and environment isolation,
  • minimal logs without file content.

The Client is responsible for:

  • safeguarding original Content,
  • verifying the processed output,
  • complying with applicable law (including GDPR where relevant).

11. Subprocessors

Saferlayer uses the following subprocessors:

SubprocessorPurposeLocation
SupabaseAuthentication and database (Enterprise accounts)EU
CloudflareCDN, security, DDoS protectionGlobal
StripePaymentsUSA/Global
HetznerCloud infrastructure and ephemeral API executionFinland (EEA)

Saferlayer will notify relevant changes as required by applicable law.

12. Liability

Saferlayer shall not be liable for:

  • indirect, incidental, special, or consequential damages,
  • data loss or damage resulting from Client Content,
  • failures caused by third-party infrastructures,
  • interruptions, maintenance, or unavoidable outages,
  • misuse of the Service by the Client,
  • results arising from attempts to remove or alter the watermark.

Saferlayer’s total liability for any claim is limited to the amounts paid by the Client in the 12 months preceding the event giving rise to the claim.

13. Term and Termination

The Client may cancel their account at any time.
Saferlayer may suspend or terminate the Service:

  • for non-payment,
  • for breach of these Terms,
  • for legal requirements,
  • for abusive or harmful use.

Upon termination:

  • API Keys will be revoked,
  • account data will be deleted according to the Privacy Policy,
  • no Content is retained, as it is never stored.

14. Governing Law and Jurisdiction

These Terms shall be governed by the laws of the State of Delaware (United States).

The parties submit to the exclusive jurisdiction of the competent state or federal courts in Delaware, unless mandatory law provides otherwise.

15. Modifications

Saferlayer may update these Terms at any time.
Changes will be notified to the Client via email or through the control panel.

Continued use of the Service after updates constitutes acceptance of the new Terms.

ANNEX I — DATA PROCESSING AGREEMENT (DPA)

(Integrated into these Terms)

1. Purpose and Duration

The Client acts as the Data Controller and Saferlayer as the Data Processor regarding personal data contained in the Content submitted via the API.

Processing is ephemeral, solely for providing the Service, and ends immediately after completion.

2. Nature and Purpose of Processing

  • Temporary receipt of Content
  • In-memory processing to apply a watermark
  • Execution on cloud infrastructure located in Finland (EEA) operated by Hetzner
  • Transmission of the resulting file
  • Immediate deletion of Content

No other processing operations are performed.

3. Types of Data and Categories of Data Subjects

Data processed depends exclusively on the Content submitted by the Client. It may include:

  • images of documents, photographs, or files containing personal data, including potentially identifying data.

Saferlayer does not classify or interpret such Content.

4. Processor Obligations (Saferlayer)

Saferlayer shall:

  • Process data only following documented instructions from the Client.
  • Not store, copy, or retain Content.
  • Ensure confidentiality of authorized personnel.
  • Apply appropriate security measures (see section 10).
  • Assist the Client in complying with GDPR obligations where applicable.
  • Notify any personal data breach within 72 hours.
  • Delete Content upon completion of processing.
  • Allow reasonable audits by the Client or designated auditors.

5. Subprocessors

Saferlayer may rely on authorized subprocessors (see section 11).
Subprocessors are required to comply with the same data protection obligations.

6. International Transfers

International transfers may occur due to Saferlayer’s location and certain providers, under:

  • Standard Contractual Clauses (SCCs),
  • additional security measures.

Processing executed on Hetzner infrastructure in Finland (EEA) does not constitute an international transfer.

Account data is stored within the EU (Supabase EU region).

7. Security of Processing

Saferlayer implements appropriate technical and organizational measures:

  • processing exclusively in memory,
  • execution on infrastructure in Finland (EEA) operated by Hetzner,
  • immediate deletion of Content,
  • TLS encryption,
  • access controls,
  • environment isolation,
  • minimal logging without personal data.

8. End of Processing

Upon completion:

  • Content is deleted automatically,
  • Client account data is processed according to the Privacy Policy,
  • API Keys may be revoked.