Data Flows
Where PII enters, lives, and leaves.
End-user event flow (SDK → storage → CAPI)
End user's device (your app)
│ (Layers SDK)
▼
in.layers.com/l/events (managed edge)
│
▼
Layers SDK ingest
│ ├─ IP: dropped after geo-IP region resolution
│ ├─ email / phone: normalized + SHA-256 hashed in process
│ ├─ UA: parsed; raw UA not persisted
│ └─ async enqueue
│
▼
Async processing → durable event store
│
▼
CAPI relay
├──→ Meta Graph API (`layers_{event}`)
├──→ TikTok Business API (standard events)
└──→ Apple Search Ads (attribution token, when applicable)Data classification in this flow:
- Never persisted: IP, raw email, raw phone, raw UA.
- Persisted hashed:
email_sha256,phone_sha256if you sent them. - Persisted plaintext:
user_id(the id you assign — recommend it doesn't carry PII), properties JSON, event name, timestamp, app id, device os/model.
Customer / workspace data
Web app / Mobile / VSCode webview
│
▼
Layers partner API
│
▼
Primary database (US, tenant-isolated)
├─ organizations
├─ projects
├─ project_layers
├─ members, roles
├─ ads_content, project_ads_content
├─ content_containers
└─ sdk_events (see above)All tenant tables are protected by row-level security. The frontend never talks directly to the database — every query goes through the partner API with the org / project context enforced server-side.
Content generation
User: "generate a Reel about our latest product"
│
▼
Layers partner API → Workflow orchestrator → Sandboxed agent
│
▼
Model provider (see
AI / LLM data handling)
│
▼
Generated media
│
▼
Object storage (US)
│
▼
content_containers rowData classification:
- Prompt (sent to model providers): brand brief, product info,
previous-creative references. No end-user PII from
sdk_events. - Output: video / image / copy, stored in object storage.
- Metadata:
content_containersrow linking the output to the project.
See AI / LLM data handling for which provider sees what.